Security Not Just for the For-Profit World
When we think of security breaches or issues, we naturally fall into examples where for-profit companies, banks, or other financially related institutions, have been breached. News out of the NonProfitTimes in this area does not preclude nonprofits from being vulnerable. In addition, it's not even large charities that are being attacked.
In a recent article in the NonProfitTimes, macro tracking of data breaches in the nonprofit space has increased by 14% in comparison to ALL of 2022---and there are still three months remaining in 2023. This did not include breaches in education or healthcare (universities or hospitals), which would have added hundreds of additional breaches. Cyberattacks are pushing into even smaller nonprofits where fewer resources are available to set up appropriate IT security.
As nonprofits squeeze budgets to meet fiscal demands, one challenging issue is the continued reduction, more often in smaller nonprofits that think they're invisible or immune, to IT security. With a few clients who are not name brands, when talking about data and security, there appears to be a lackluster interest in ensuring data integrity. That's because there isn't an IT security expert on staff or budgets have been reduced which doesn't allow for outsourcing such a job responsibility.
And this may be only the tip of the iceberg. According to the same report in the NonProfitTimes, the growing number of nonprofit entities not reporting some type of attack is growing. Indications at this point show that the numbers not sharing are more than those that are reporting some type of compromise. So, in actuality, the true number isn't actually known.
If trust is the hallmark of great philanthropy, those relationships with our donors and the community, not funding appropriate IT security will only challenge the bedrock of our relationships if a nonprofit’s data is taken and/or ransomed. While the expense might be elevated now to create appropriate security, the long-term implications might cost organizations a great deal more in eroded trust.
