As a nonprofit board director, you’re highly dedicated and invested in your cause. In a perfect world, all the money you raise would go toward your programs and activities. The reality is that some percentage of your money has to go toward running your nonprofit and that includes addressing security considerations.
Hopefully, your nonprofit won’t ever become the target of cybercrime, but you can’t lead your organization on hope alone. A security problem could result in financial loss or data losses. It can harm your nonprofit’s reputation or even cause it to shut down completely.
If you think that hackers won’t bother with your organization, because you have nothing to take, think again. Cybercriminals are aware that you may not have the funds to take the right security protections and that leaves you vulnerable to an attack.
Assessing security risks is just as important as assessing financial risks or choosing the right executive director. The cyber-threat landscape continues to evolve. By putting the following 12 security considerations on your nonprofit board’s next agenda, you can start talking about what you can do to address them.
The Top 12 Security Considerations for Your Nonprofit Board
Putting the topic of security on your board agenda is a good start. The following 12 security considerations will give you some specific talking points.
- Establish some basic principles to monitor and manage cybersecurity risks. Learn what data you’re collecting and where your data is stored. Who has access to it now and do they need to have access to it? What changes do you need to make to ensure it doesn’t get into the wrong hands?
- Identify the potential security risks and their drivers. Your usernames and passwords should be secure and not easily guessed. Nonprofits are vulnerable to phishing and hacking attacks. Criminals are counting on the fact that you’re not well-organized or on top of security protocols. Ransomware can lock up your system until you pay the hacker a sum of money from your hard-earned funds.
- Establish a risk management plan for cybersecurity risks. It may help to enlist the help of an IT professional to help you develop a realistic plan that’s also affordable. Determine what your board will do to avoid, accept, mitigate, or transfer various risks.
- Identify third-party vendors that you may have given partial access to your system. If a criminal hacked into their system, yours could also be at risk. Review contracts and agreements to see what protections your nonprofit may have in the event of a data breach.
- Assess the cybersecurity risks in cloud data, on desktops, laptops, and mobile devices. Implement solutions that allow board directors to access board materials without putting your nonprofit at risk. The right board portal system solves many of your security problems.
- Identify the risks that are the most crucial for your nonprofit. It may be helpful to take some cues from other nonprofits. However, bear in mind that every nonprofit is unique, so there’s no one-size-fits-all solution, and the latest anti-virus software probably isn’t adequate enough on its own.
- Understand the legal impact that cyber risks pose to your nonprofit if you can’t get your board to agree on security considerations. It may be worthwhile to invite an attorney that specializes in cybersecurity matter to your board to give a presentation.
- Document your protocols in writing. They’ll serve as a valuable resource if there’s ever a cybersecurity breach. It helps to do a dry run or participate in tabletop exercises to practice your response in preparation for a real attack.
- Make sure your operating system is updated and that all patches are secure. Run all updates as soon as possible to keep your systems protected.
- Train the board, staff, and volunteers in cybersecurity measures. Educate them about the red flags and warning signs that could allow a hacker or malware to infect your system. Emphasis the harm it could to do the organization if sensitive information gets into the wrong hands.
- Bolster your system with security software including firewalls, VPN, and antivirus software to ward off potential hackers. Use multi-factor authentication as an extra layer of security. An IT professional will be able to tell you if you have the proper precautions in place or what you need to do to protect your data further. This is money well-spent for nonprofits. If you can’t afford to hire a tech person, you may have some talent within your volunteer base that you can tap into.
- Have a backup system in place. It’s vital for nonprofit organizations to have multiple sources of crucial data and system redundancies on-site and in the cloud, in the event that one system or another gets compromised. Even if your nonprofit falls victim to an attack, you’ll have the benefit of knowing that you can still access your data. This is an easy thing you can do to prevent the damage that cyberattacks pose. It will prevent vast panic in the event of a breach. Moreover, you’ll score points with your supporters when you showed that you were prepared.
A BoardEffect board portal system prevents many of your worries over security considerations. Imagine being able to collaborate and share information within the security of a strong board portal system that has built-in state-of-the-art security. BoardEffect gives you the ability to set granular permissions and that gives your board administrator full control over who can access your system.
BoardEffect gives you unlimited secure cloud storage for sensitive data and all your important documents. Also, BoardEffect’s security protocols meet the NIST 2014 Cybersecurity Standard framework, which is trusted by financial institutions and other industries that require strict data protection.
Your mission is critical, and your nonprofit serves some of the most vulnerable members of your community with services they can’t get from the government or anywhere else. Addressing security risks protects your organization from liability issues and bolsters your good name and reputation. Overall, taking security measures protects your donors, board, staff, members, and volunteers.
Is your board of directors cyber ready? What is the board’s role in cyber risk management? Join BoardEffect for an on-demand webinar as we dive into how boards can be better prepared for cyber incidents.