A cyberattack or data breach can cost nonprofits anywhere from a few hundred to a few million dollars based on the size and severity of the breach. While hopefully your nonprofit does not suffer a cyberattack of that size, there are a few steps you can take to protect your assets, reputation, employees and data. Every nonprofits situation may differ; however, this list a good place to start for protecting your data from a cyberattack.
Understand Your Nonprofits Risk
In order to protect your nonprofit from a cyberattack, your organization needs to understand the risks it faces. What data are you storing that could be of interest to thieves? Is that data properly protected? What vulnerabilities does your organization have? Perhaps many individuals can access your computer systems or networks. Maybe you don’t have the ability to protect certain data and all your employees and volunteers have access to everything. By understanding your nonprofits potential risks and vulnerabilities, you will be able to better plan and prepare your defense against a cyberattack. The best way to prevent a cyberattack is to know where criminals may target you and to prevent them before they even try.
Prepare and Protect Against Those Risks
Now that you know where your organization is vulnerable to cyberattacks, you can prepare and protect it. Update and renew your software. Never click on suspicious links or open questionable emails and make sure you trust your sources. Only allow access to your networks to individuals you trust. Strong passwords that are not easily replicated or guessed, that get changed regularly, should protect all computers and connections. Follow all cybersecurity recommendations to prepare and protect your nonprofit from all cyber risks. Employee and volunteer awareness is the best line of defense your nonprofit has, use them!
Awareness of Potential Risks to Key Stakeholders
The best way to protect your nonprofit is through employee awareness. Quarterly to yearly reminders about safe online practices and best behaviors to exhibit online are helpful ways lessen the exposure of your nonprofit. Teach employees, volunteers and other stakeholders about email phishing and other online scams criminals may use to gain access to your network. Remind them to verify all suspicious looking emails. Does the senders name match their email address? Is the email address accurate and what your address book says it should be?
Remind employees to be diligent about what networks they connect to and never access sensitive material on a public network. Anyone who has access or can access your network should be diligent in what they search and how they use the data available to them. There are many resources available to employees to protect their networks both at the office and when working from home. Employees, volunteers and stakeholders are the first line of defense when protecting your nonprofit, but they are not the only way you can stay safe online.
Consider Cyber Insurance to Mitigate Risks
All nonprofits store some data, on employees and volunteers, donors, clients, and much more. Those businesses have a duty to protect and safeguard that data. No matter how much a nonprofit prepares and protects itself against a cyberattack, data breaches are always a concern. In case of a data breach, is your nonprofit able to pay for the consequences? Berkley Human Services’ Cyber Suite Coverage is a comprehensive cyber insurance solution designed to help businesses respond to a full range of cyber incidents. Find more information on the Cyber Suite Coverage and talk with your agent if cyber insurance is right for your nonprofit.
Suggestions and comments contained herein are provided for purposes of general education only. Suggestions and comments are not intended for the purpose of providing you with legal advice or legal counsel, and are not intended to assure compliance with or complete analysis of any law, rule or regulation. In addition, suggestions and comments should not be interpreted to imply or infer that all exposures, hazards or loss potentials on any subject or issue were identified or considered. No warranty, or guaranty of accuracy, fitness or suitability, express or implied, is granted with respect to any of the information contained herein.
Products and services are provided by one or more insurance company subsidiaries of W. R. Berkley Corporation. Not all products and services are available in every jurisdiction, and the precise coverage afforded by any insurer is subject to the actual terms and conditions of the policies as issued.