How Nonprofit Boards Can Reduce Internal Risk

Risk management is an important way to demonstrate to donors and other stakeholders that nonprofit boards are using their resources wisely and ethically. Financial loss and other types of fraud can cause your nonprofit to lose donors, damage your nonprofit’s reputation, and result in liability. Every nonprofit risk management plan should have a plan to address and reduce internal risks, particularly in the area of secure collaboration.

Every important issue that your board addresses requires communication and collaboration between board members and your executive staff. Technology makes it possible for boards to communicate regularly via email and electronic file-sharing. Does your board have the right tools and processes to ensure that information that’s included in the internal emails and files that you share are protected from fraud and theft?

Electronic Communication Pose Internal Risks

Nonprofit boards meet in person or virtually as often as they need to. In between meetings, a nonprofit board’s work must continue. Nonprofit board members have many occasions to share information electronically between board meetings.

For example, here’s a list of some of the reasons nonprofit board members connect between meetings:

• Sharing files about upcoming agenda items
• Sharing financial reports and other committee reports
• Sending board meeting handbooks electronically
• Routing board meeting minutes for e-signatures
• Signing unanimous consents
• Sharing resumes and applications of board member candidates

With every email or file that a nonprofit board member sends electronically, there is a degree of internal risk. Some of the risks include theft, fundraising fraud, compliance risks, D&O liability risks, and reputational risks. Even something seemingly as harmless as a community bake sale can cause liability risks.

Your risk management plan should incorporate plans to reduce internal risks by implementing the right tools and processes to ensure secure collaboration as part of your internal controls process.

Types of Security Risks

Data security risks are prevalent in electronic communications. Let’s take a look at the types of security risks you might be exposing your nonprofit to.

1. Data theft by third parties. It’s becoming more common for nonprofit organizations to move their data storage to the cloud. Not all cloud service providers implement the proper security controls.
2. Loss of data as a result of shadow IT. Shadow IT refers to using IT systems, devices, software, applications, and services without the knowledge and approval of your IT department. The simple reason nonprofits do this is to eliminate that common problems that are sometimes associated with IT security.
3. Risks associated with mobile devices. Large numbers of nonprofit board members use smartphones for board business. Weak security measures and the risk of stolen devices can lead to data theft.
4. Data theft due to insider threats. There are two ways this can happen. The first is via social engineering which is a technique that uses psychology to trick users into clicking on fraudulent links. The second is due to internal employees or volunteers that intentionally steal the nonprofit’s data because they are disgruntled or for some other nefarious reason.
5. Phishing schemes that compromise board member emails. Phishing can affect your board members’ email, mobile phone, or text messages. Messages that appear legitimate actually trick board members into revealing confidential or sensitive information. Fraudsters have even been known to initiate fraudulent financial transfers on behalf of nonprofits.

Secure Messaging and File-Sharing for Nonprofit Boards

Your nonprofit board can reduce internal risk by using technology that ensures secure messaging and secure file-sharing. Your donors and stakeholders will certainly appreciate your efforts to bolster data security.

Today, nonprofit boards have many options of public file-sharing apps to choose from. However, have you considered whether these apps have the level of safety and security that’s necessary for sharing confidential board data? It stands to reason that any free file-sharing application simply can’t have the high level of security that your board business demands.

Anytime you use a third-party file-sharing app, you’re placing your trust in a third party. The same goes for using personal email accounts. These types of services are fine for social and casual use, but they were never intended for the level of security and confidentiality that corporations and nonprofits require. This is because general-use email and file-sharing platforms are designed to work outside of IT oversight. That also means that your nonprofit board members have absolutely no control over who can access your messages and files. There is simply no way to know what the app provider’s security credentials are or whether they store or share data with anyone else.

The cloud requires user credentials to access data stored within the cloud; however, it’s also possible that your provider’s credentials could be stored in the cloud as well. Your board members should also be aware that there are different levels of security strength and it may depend on the strength of the encryption and passwords they use.

Cybercriminals have various ways of accessing data. If they can’t access the data in your files directly, they may be able to perform certain work-arounds like copying files or deleting files. These are the types of risks that will keep you up at night.

Securing Nonprofit Board Communications Using a Secure Board Portal

Worrying and stressing over the security of board communications doesn’t have to be a way of life. A BoardEffect board management software program gives you the peace of mind of knowing that your data is encrypted using your own secure credentials. Your BoardEffect management system is a fully contained platform that offers state-of-the-art security. It’s a modern governance solution that helps to reduce the internal and external risks associated with nonprofit board business.

With BoardEffect, your board members can access board materials securely at any time using a desktop, laptop, or mobile device without the fear of having their confidential communications compromised. All that board members need to do is to simply log into the secure portal. The portal offers granular permissions so your board administrator has complete control over who can access board materials.

Your non-profit relies heavily on the public perception of your community and by ensuring secure communications, you’re giving them peace of mind as well.