October is National Cyber Security Awareness Month, and there’s still time to engage your staff in a best practices review and to assess your organization’s risk management strategy. When it comes to investing staff time and resources into a cybersecurity initiative, there are plenty of compelling reasons to do so. Here are four that can get your organization started.
Stay Compliant with Payment Card Industry Requirements
Understanding your organization’s obligations and liabilities under PCI compliance is imperative. Any nonprofit that accepts payments by credit card must achieve some level of compliance, even those that outsource most of their payment processing. The short answer is that if any processing of financial transactions happens on the nonprofit’s server, liability exists, and penalties for noncompliance can be steep.
Compliance gets more complex as nonprofits expand the number of ways in which supporters can give money, including mobile apps and portable card readers. Engaging on multiple channels can be a boon for fundraising, but nonprofits that fail to keep PCI compliance top of mind as they do so may open themselves up to new liabilities. Nonprofits that use third-party providers to process payments, for example, should ask each new vendor with whom they start a business relationship to demonstrate their compliance. The bottom line is that leaders and key staff must understand the specific requirements for their own organization and ensure they stay within bounds.
Protect Donors’ Data and Maintain Their Trust
Another great motivation to tighten cybersecurity is the need to maintain donors’ confidence that donating online won’t compromise their own information security. Being able to provide reassurance that a nonprofit has done its due diligence can be a selling point for donors skittish about sharing information online. Several high-profile data breaches, such as those at Equifax and Target, have pushed this concern to the forefront of the public consciousness, and rightly so. The best bet for nonprofit leaders is to be proactive and make sure donors know that the organization has taken every precaution to keep data secure.
Although data breaches at nonprofits have not been as well publicized as many others, the sector is far from immune from attacks. The Arc of Erie County, a nonprofit serving individuals with developmental disabilities, learned earlier this year that medical information and other confidential data had been exposed on its website. Nonprofit Quarterly reports that the incident cost the organization $200,000 in HIPAA violation penalties, in addition to a mandated review and report to the state attorney general’s office. In Utah, a food bank fell victim to a data breach involving stolen credit card numbers for more than 10,000 donors. In cases like these, damage goes beyond the compromised privacy and security of individuals, presenting risks to organizational reputation and public confidence — effects both immeasurable and potentially permanent.
Ensure Continuous Service to Donors and Supporters
Having a website go down can be perilous for any organization, but it’s especially damaging for a nonprofit that relies on its site for donor and volunteer outreach. The hacking of an Alabama nonprofit, which led to the website being taken down, was particularly bad timing as it happened before a fundraising concert, when people needed to access the site to buy tickets. To make matters worse, the site had been taken over by a terrorist sympathizer group, according to local news reports — the last kind of publicity that any organization wants.
Set a Foundation for Future Technology Initiatives
A strong cybersecurity plan makes it possible for nonprofits to take advantage of new and emerging technologies without being limited by uncertainty or fearful of unwanted consequences. As technology continues to play a larger role in the nonprofit sector, the ability to take full advantage of these tools will become more important. Many of the organizations that seek to thrive in the future may use some combination of data analytics, virtual reality, artificial intelligence-powered chatbots and other forward-looking solutions. By establishing a strong security culture now, nonprofit leaders will be able to shift into these new realms more easily and more securely.