Is Your Nonprofit Prepared for a Data Breach?

General rc bio umbrella
By Travelers
2 minutes
databreach_large.

Do you want to be in the unenviable position of notifying your donors, volunteers and staff of a data breach? It's a call that no nonprofit director wants to make. Whether it’s a lost laptop containing a donor database or hard-copy volunteer records that weren’t properly shredded, a nonprofit can quickly find its reputation and mission at risk.

The financial costs of managing a data breach are well documented and growing, with a recent study estimating an average of $221 per lost record, and $7 million average total cost.1 These costs may include legal guidance, breach notification, forensics, credit monitoring and other crisis services.

While less tangible, the lost trust that nonprofits can experience from donors, volunteers and the community also can be significant and harder to restore, and can affect fundraising activities, volunteer engagement and partnerships with other organizations.

“Nonprofit organizations often work so closely with a dedicated group of volunteers and a loyal donor base who entrust the nonprofit with their personal data,” says Tim Francis, Enterprise Cyber Lead at Travelers. “Nonprofits should take steps to protect that data and to prepare themselves for a potential data breach.”

Understand your data, systems and network

Knowing the basics about what systems you are running, what data you are storing and how your network is structured can help a nonprofit more effectively allocate limited data security resources. Some things you want to know about your data include:

  • Knowing what and where data are being created, collected and stored.
  • Maintaining an accurate inventory of computer systems and software.
  • Understanding your network infrastructure.

Focus your cybersecurity efforts

After you understand the data, systems and network that you are trying to protect, focus on security controls that would be the most effective based on your specific needs and resources. Consider implementing stronger controls for storing and transmitting your most sensitive data, such as the Personally Identifiable Information (PII) of donors and volunteers, or the Protected Health Information (PHI) of current and past employees.

Prepare for the unexpected

Every organization needs a plan for what to do in case of a data breach. An incident response plan can help organizations plan to comply with applicable laws and regulations, and launch a rapid and coordinated response that can help reassure donors, volunteers, staff and the general public that your organization takes the breach seriously and has the incident under control, to maintain the organization’s strong reputation, which can be one of the organization’s strongest allies. It’s worth protecting by guarding against data breaches.

Consider cyber insurance

Any organization that uses technology or collects data is at risk of a data breach or cyber attack, including nonprofits. Cyber insurance can be essential in helping your organization recover after a data breach. It also can assist before a breach by connecting you to cyber resources that can help you prepare to better respond to and recover from a data breach. Your nonprofit’s mission is precious. Guard against cyber attacks by equipping your organization with the protection that keeps your focus on preserving the mission.

Sources:
1 Ponemon Institute 2016 Cost of Data Breach Study, for surveyed companies that experienced a breach which required the company to notify victims under state law.

A cyber lock.

Top stories

Network Security Tips & Guidelines

Network security can help prevent data loss and cyber breaches within your business. Follow these 10 steps to help ensure network security from Travelers.

Related products & services

Travelers understands the unique risks of nonprofit organizations and the importance of protecting your mission.

More Prepare & Prevent

Is Your Nonprofit's Mission Protected?

Learn about protecting your nonprofit organization from potential risks and how to help ensure that your nonprofit is Mission: Protected.

Volunteer on the site of a home build.

More Prepare & Prevent

6 Considerations Before Joining a Nonprofit Board

Thinking about joining a nonprofit board? Here are some questions from Travelers to consider to help protect your personal assets.

Nonprofit Board room meeting.

More Prepare & Prevent

Protecting Your Nonprofit from Crime

Employee crime can be devastating for a nonprofit without the proper coverage. Read these steps from Travelers to help protect your nonprofit organization from employee crime.

Person taking out confidential file from drawer at nonprofit.