Cybersecurity – a buzzword or vital piece of your operations?
In 2022, it’s the latter. If your nonprofit accepts donations online, stores donor addresses, uses a cloud-based file system, or keeps confidential information about clients or employees, cybersecurity is a must. Cyber-attacks can have costly consequences – both in terms of money and reputation, so nonprofits need to take these risks seriously and imbed cybersecurity protocols into their operations.
It can sometimes feel like Montana’s wide open spaces are a world away from hackers and whatever hackers are after. But the fact is that we’re more connected to the world than we realize, and even rural nonprofits can be targets. MNA encourages our members to take cybersecurity seriously.
There are many resources out there about cybersecurity – and even cybersecurity for nonprofits – but an abundance of information can be overwhelming. Because of this, we’ve curated a list of resources for you, regardless of your understanding of cybersecurity.
Why its important
Cybersecurity is not just about protecting your own information online. Nonprofits of every shape and size collect information about the people we work with, and we have a duty to protect that information.
Do you accept donations? Then somewhere in your files, or in your donor database, you probably have name and address information for the people that have donated to your organization. You may even have some financial information stored – the size of a donation can be valuable information for hackers looking for individuals with disposable income.
Do you provide direct service to clients? Then you may have extremely sensitive information about your clients. Depending on the type of service you provide, you may have financial information, social security numbers, home addresses, medical history, and other types of information that hackers could use to exploit your clients. It is part of a nonprofit’s duty of care to make sure that information is kept safe and confidential. In 2022, cybersecurity is a big part of that job.
With that said, here are some resources to get you started.
Cybersecurity 101
Don’t know where to start? We recommend beginning by strengthening your passwords. Consider using a password manager, which can safely store all of your passwords. Even better, when it comes time to create new ones, a password manager can generate ultra secure ones and automatically save them for you. Remember to never repeat your passwords, and that longer is better. Don’t use common words, and include a mix of letters, numbers, and symbols.
Here are a few more beginner resources on cybersecurity:
- Learning the lingo: Google’s Guide to Online Security | Google
- Getting started: Two Tips for Nonprofit Cybersecurity | National Council of Nonprofits
- Involving your board: What Your Board Needs to Know About Cyber Threats | Nonprofit Risk Management Center
- Common nonprofit vulnerabilities: Seven Deadly Weaknesses of Nonprofit Security | NTEN
Cybersecurity 201
If you’re already using secure passwords and 2-factor authentication, it’s time to take a deeper look at vulnerabilities in your system.
- Cybersecurity for Nonprofits | National Council of Nonprofits
- Cybersecurity for Nonprofits: A Guide | NTEN
- Cybersecurity Road Map | US Government Cybersecurity & Infrastructure Agency
Tech Impact Recorded Webinars
- Security Trends and Emerging Threats Recorded Webinar | Tech Impact (free)
- How to Maximize Microsoft 365 Security Features Recorded Webinar | Tech Impact (free)
- Cybersecurity Essentials for Nonprofits Recorded Webinar| Tech Impact ($60)
MNA Cybersecurity Training
We are currently working to develop a training on cybersecurity specifically for the needs of MNA members – so please stay tuned as we finalize those plans. If you are a cybersecurity professional who would be interested in helping MNA develop a training, please see our RFP.
In addition to the protocols outlined in the resources above, we recommend that nonprofits add Cyber Liability Insurance coverage to protect against the consequences of a data breach. MNA affiliate partners WaFed and Payne West – or your own insurance broker – should be able to assist you in securing cyber liability coverage for your nonprofit.
While cybersecurity might feel overwhelming, you don’t need a dedicated IT person to improve your data security – by starting with things like two-factor authentication and email filters, you can lower your risk of a data breach today. We hope the curated resources above help you create or improve your nonprofit security plan.
Stay tuned for our cybersecurity training series announcement to learn more about the specific risks nonprofits face and how to ensure you’ve done your due diligence to protect against them.