As a not-for-profit board director, you’re highly dedicated and invested in your cause. In a perfect world, all the money you raise would go toward your programs and activities. The reality is that some percentage of your money has to go toward running your not-for-profit and that includes addressing security considerations.
Hopefully, your not-for-profit won’t ever become the target of cybercrime, but you can’t lead your organisation on hope alone. A security problem could result in financial loss or data losses. It can harm your not-for-profit’s reputation or even cause it to shut down completely.
If you think that hackers won’t bother with your organisation, because you have nothing to take, think again. Cybercriminals are aware that you may not have the funds to take the right security protections and that leaves you vulnerable to an attack.
Assessing security risks is just as important as assessing financial risks or choosing the right executive director. The cyber-threat landscape continues to evolve. By putting the following 12 security considerations on your not-for-profit board’s next agenda, you can start talking about what you can do to address them.
Related article: 3 Reasons Why Document Sharing Apps Are Not Enough for Boards
The Top 12 Security Considerations for Your Not-for-profit Board
Putting the topic of security on your board agenda is a good start. The following 12 security considerations will give you some specific talking points.
- Establish some basic principles to monitor and manage cybersecurity risks. Learn what data you’re collecting and where your data is stored. Who has access to it now and do they need to have access to it? What changes do you need to make to ensure it doesn’t get into the wrong hands?
- Identify the potential security risks and their drivers. Your usernames and passwords should be secure and not easily guessed. Not-for-profits are vulnerable to phishing and hacking attacks. Criminals are counting on the fact that you’re not well-organised or on top of security protocols. Ransomware can lock up your system until you pay the hacker a sum of money from your hard-earned funds.
- Establish a risk management plan for cybersecurity risks. It may help to enlist the help of an IT professional to help you develop a realistic plan that’s also affordable. Determine what your board will do to avoid, accept, mitigate, or transfer various risks.
- Identify third-party vendors that you may have given partial access to your system. If a criminal hacked into their system, yours could also be at risk. Review contracts and agreements to see what protections your not-for-profit may have in the event of a data breach.
- Assess the cybersecurity risks in cloud data, on desktops, laptops, and mobile devices. Implement solutions that allow board directors to access board materials without putting your not-for-profit at risk. The right board portal system solves many of your security problems.
- Identify the risks that are the most crucial for your not-for-profit. It may be helpful to take some cues from other not-for-profits. However, bear in mind that every not-for-profit is unique, so there’s no one-size-fits-all solution, and the latest anti-virus software probably isn’t adequate enough on its own.
- Understand the legal impact that cyber risks pose to your not-for-profit if you can’t get your board to agree on security considerations. It may be worthwhile to invite an attorney that specialises in cybersecurity matter to your board to give a presentation.
- Document your protocols in writing. They’ll serve as a valuable resource if there’s ever a cybersecurity breach. It helps to do a dry run or participate in tabletop exercises to practice your response in preparation for a real attack.
- Make sure your operating system is updated and that all patches are secure. Run all updates as soon as possible to keep your systems protected.
- Train the board, staff, and volunteers in cybersecurity measures. Educate them about the red flags and warning signs that could allow a hacker or malware to infect your system. Emphasis the harm it could to do the organisation if sensitive information gets into the wrong hands.
- Bolster your system with security software including firewalls, VPN, and antivirus software to ward off potential hackers. Use multi-factor authentication as an extra layer of security. An IT professional will be able to tell you if you have the proper precautions in place or what you need to do to protect your data further. This is money well-spent for not-for-profits. If you can’t afford to hire a tech person, you may have some talent within your volunteer base that you can tap into.
- Have a backup system in place. It’s vital for nonprofit organisations to have multiple sources of crucial data and system redundancies on-site and in the cloud, in the event that one system or another gets compromised. Even if your not-for-profit falls victim to an attack, you’ll have the benefit of knowing that you can still access your data. This is an easy thing you can do to prevent the damage that cyberattacks pose. It will prevent vast panic in the event of a breach. Moreover, you’ll score points with your supporters when you showed that you were prepared.
Related article: Why Should Not-for-profit Boards Consider a Board Portal?
A BoardEffect board portal system prevents many of your worries over security considerations. Imagine being able to collaborate and share information within the security of a strong board portal system that has built-in state-of-the-art security. BoardEffect gives you the ability to set granular permissions and that gives your board administrator full control over who can access your system.
BoardEffect gives you unlimited secure cloud storage for sensitive data and all your important documents. Also, BoardEffect’s security protocols meet the NIST 2014 Cybersecurity Standard framework, which is trusted by financial institutions and other industries that require strict data protection.
Your mission is critical, and your not-for-profit serves some of the most vulnerable members of your community with services they can’t get from the government or anywhere else. Addressing security risks protects your organisation from liability issues and bolsters your good name and reputation. Overall, taking security measures protects your donors, board, staff, members, and volunteers.