As data breaches and data privacy class-action litigation continue to make headlines, it has never been more pressing for organizations to focus on data protection. Nonprofit organizations are no exception.
If your nonprofit stores and transfers personally identifiable information about individuals, maintains information about people’s habits or preferences, or conducts e-commerce on its websites such as event registration and donation processing, it is essential that you address cybersecurity risks.
How To Enhance Data Privacy At Nonprofit Organizations
Here is a look at a few important steps you can take to protect data at your nonprofit organization and mitigate risks.
Create A Culture Of Data Privacy
Complying with the latest data privacy laws and regulations can be a big challenge for nonprofits with limited funds and budgets.
Still, there is a silver lining—it is also far easier to modify the culture of nonprofits than bigger corporations. This means that an important first step, shifting to a culture of data privacy, is within easy reach of most nonprofits.
When staff and volunteers at nonprofits commit to ethical and honest operations and protecting data, they are less likely to violate laws related to data privacy. However, it is important to ensure that these sentiments are put into action in daily operation.
Assess Your Risks
A good place to start is by taking inventory of all the data your organization collects and where it stores information. What data are you collecting about people, what do you do with it, who is responsible for it, and where is it stored?
Is there any data you are storing that you do not truly need? Reducing the data you collect, streamlining storage, and properly destroying any unneeded data can help mitigate your risk.
Consider The Nature Of The Data You Maintain
Next, you should take a look at the federal and state regulations that apply to the data your organization collects to find out whether it is considered “personally identifiable information”.
If so, there is a good chance you will need to inform people whose information is disclosed in a security breach, and certain data disposal regulations may also apply.
You need to take steps to protect this data against unauthorized access or use. Ensure your staff is trained in collecting, storing, protecting, and disposing of this data, or you could face lawsuits and fines.
Mitigate Your Risks
There are several potential risks related to cybersecurity that you need to consider and mitigate.
Thoroughly Vet Third-Party Vendors
For example, it may be possible for a third party to compromise your organization’s data security if you use outside assistance, such as payroll services or outsourced accountants.
Ensure that all of the third-party vendors you work with use sufficient data security protection, so they do not put your organization at risk. When you hire third parties for projects that will be accessing your data, consider which data you will make available to them and explain your policies guiding the collection and management of data.
Find out who is responsible for data at every stage of the project and how it will be destroyed. It is also useful to delineate who owns the data, who can use the data involved in the project, and who is legally liable for it.
Use Of Secure Passwords
In addition to accessing your data, consider the possibility that hackers could take over your website. Ensure that all of your users follow strong password protocols and regularly update their software.
Many people complain that it is challenging to keep track of passwords. This sometimes leads individuals to choose memorable passwords that are also incredibly easy for hackers to guess.
A Google/Harris Poll found that 24 percent of Americans use common passwords such as “123456”, “password”, “abc123” and “admin”.
Get Cyber Liability Insurance
Cyber liability insurance policies can cover the losses that stem from breaches affecting a nonprofit’s information and the data belonging to third parties, such as donors, clients, and patients. The specifics of each policy vary, but this insurance can cover costs such as notifying people whose information was compromised, repairing content such as hacked websites, and hiring public relations experts to help restore your reputation following a major breach.
Some policies also cover business interruption in cases where a breach is so severe that your nonprofit needs to suspend operations temporarily.
Reach Out To The Cyber Liability Insurance Professionals
The idea of your nonprofit’s website or data storage being hacked may be distressing, but you can gain considerable peace of mind by protecting your organization with cyber liability insurance.
The experienced commercial insurance agents at CI Solutions will work to understand your nonprofit’s operations so they can determine your exposures and help you find the right coverage for your needs. For more information on cyber liability insurance or data privacy for nonprofit organizations, reach out to CI Solutions by calling 703.988.3665 or by applying for a quote online today!