The risk of cybercrime is real and present in today’s ever-technology based life. In fact, according to a new report from the Ponemon Institute, last year, 43% of businesses experienced a data breach, up over 10% from the year before. Moreover, 71% of those affected were small businesses. And while you may assume the compromised data is your biggest area of risk in the event of a security hack, the true threat an IT security breach poses is to your organization’s reputation and your ability to maintain the trust of your donors and board – although, with an average cost of $201 per stolen record in the United States, there’s a substantial financial risk to your organization as well.
Trust is the currency today, and when that trust is broken, it can be extremely challenging to rebuild. It is shocking to find that 27% of organizations today do not have an established security strategy despite the steady rise in threats.
Security and privacy begins in the boardroom; it cascades over the leadership team and trickles down through the organization where it ultimately rests upon the shoulders of every single employee within your organization. As you evaluate your current IT security strategy, the following are important – and often overlooked – aspects to consider.
Security begins with the right leadership. It is critical that you have your organization’s leadership determining the level of risk you will assume; the technology department should never lead security and privacy efforts.
- Be intentional. Many organizations simply put IT security tools in place and then stand back and wait for something bad to happen. Be intentional, proactive and constantly monitoring the effectiveness of your security tools so that you can continually improve process and procedures while staying ahead of risks with the latest tools and technology.
- Make it a regular board discussion. Security needs to be a regular aspect of every board strategy and risk assessment meeting. Board members need to be educated on what the risks are and what is being done to mitigate those risks.
- Put the right tools and policies in place – and monitor their effectiveness. Security measures may work properly in theory, but fail if humans do not use them correctly, alter them, or fail to understand the human factor involved in safeguarding electronic information. As an organization, it is important to remember that the right tools and policies are only as effective as the individuals who monitor them.
- Solve for mobile. Mobile devices are an integral facet of everyday life for both your staff and your donors. They are also an emerging technology platform for hackers, and they pose a significant security risk within your organization. It is important to find a BYOD solution that functions correctly within your space and allows your organization to interact efficiently with donors. Don’t be afraid of the security aspects of mobile technology; rather, manage those risks appropriately and frequently.
- Train, train, train. Every employee needs to understand the risks and their role in safeguarding the trust of your organization’s donors. Regular training on policies, procedures and the human behavioral element of security is imperative, particularly during this period of rapid, evolving technological presence in the marketplace.
- Test. Regular internal and external security testing of your tools, policies and people is truly the most effective method of assessing hidden areas of high risk within your organization. Whether you conduct these tests internally or hire a white-hat hacker to provide an additional perspective is determined by the ability and bandwidth available within your organization.
IT security is about safeguarding trust and deterring breaches. Organizations who take an intentional, proactive stance have the opportunity to drive trust and lead the market in setting the standard for exceptional security. Ultimately, high levels of trust result in higher board and donor satisfaction, staff retention and reduction of organizational risk – all of which are essential in today’s evolving nonprofit landscape.