Home » Nonprofit Cybersecurity: 4 Steps to Protect Your Volunteer Data
If you work for a nonprofit organization, you’re likely using digital tools in your workflow. While digital tools help you do your job more efficiently, they can leave you vulnerable to cyber attacks. Even everyday tasks have risks, like emailing donors and accessing volunteer data from your volunteer management software.
Nonprofits are particularly vulnerable to cybercriminals because the fallout of a cyberattack could be catastrophic to their organization. The reality is that many nonprofits aren’t equipped to deal with breaches in cybersecurity.
It’s important to take these threats seriously and take the necessary steps to protect your organization’s database (including information about volunteers, donors, and community members). In this article, we’ll dive into cybersecurity, explain the risks your organization could face, and detail the steps you can take to protect your data.
You probably know that you should have cyber security protocols to protect your organization’s supporter database, website, or internal processes and communications. But perhaps you don’t know where to begin with the specifics of nonprofit cybersecurity. Let’s get started.
Cybersecurity is a collection of IT systems that are used to prevent hackers from accessing and exploiting your data. When you face a cyber attack, a malicious entity attempts to access your data to either corrupt, steal, or use your data for other nefarious uses. Often, cyber theft is financially motivated.
According to Steve Morgan, the founder of Cybersecurity Ventures, “cybercrime [damages include] destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.”
The COVID pandemic saw an unprecedented number of nonprofit employees and volunteers move their work online. Meetings and fundraisers went digital or hybrid, and more supporters than ever before accessed their favored organizations through personal devices and Wi-Fi routers. While the flexibility of working from home has benefited some individuals, remote work has also created an abundance of new opportunities for cybercriminals.
In 2022, cyber threats are ubiquitous; organizations of all types and sizes have found themselves at increased risk. Ransomware and phishing are some of the biggest threats faced by nonprofits.
Ransomware is particularly effective in accessing financial payouts. The Institute for Critical Infrastructure Technology states that 50% of nonprofits have experienced a ransomware attack.
Ransomware is malware that uses encryption to capture and hold the victim’s data for ransom. The organization's files, applications, or donor data are held captive until they pay the dictated financial sum. According to McAfee, ransomware can quickly freeze an entire organization. This type of cyber security threat funnels billions of dollars to cybercriminals every year.
Phishing is another common scam that affects nonprofit employees and volunteers. Phishing emails are fraudulent correspondence that require some sort of action on the part of the reader; for example, clicking on a link or downloading an attachment. Phishing emails lure an unsuspecting victim into providing the attacker with sensitive data. They are often used to steal passwords, install ransomware, and share viruses through a variety of misleading ways.
Most nonprofits are lagging behind in security measures when compared to for-profit organizations. According to a cybersecurity survey commissioned by Microsoft, most nonprofits do not have important cybersecurity measures in place.
The survey specifically found:
When organizations store and collect data on individual donors, corporate partners, charities, etc., they must put robust safety measures in place. Not only could stolen or hacked data disrupt operations, but it could also trigger the distrust of your donors.
The Council for Nonprofits suggests you develop a solid cyber security plan if you engage in any of the following activities:
Nonprofits are often unaware of cybersecurity best practices because of the ever-evolving nature of today’s digital landscape. Even when nonprofits have measures in place, it’s often hard to get team-wide adoption and buy-in. As we’ve learned, nonprofits face significant challenges in maintaining a cybersecurity plan, which is crucial in protecting and securing organizational assets.
These are 4 quick, cost-effective tips you can take to protect yourself against cyberattacks at your nonprofit:
Nonprofits can protect themselves by activating multi-factor authentication. This is a security measure that requires the user to provide two means of verifying their identity. This is typically the correct username and password coupled with a code sent to a smartphone, a photo of an ID card, etc.
While it’s easier to remember a single password, using the same one across devices is a big security no-no. If you or your organization’s devices get hacked, this mistake makes it easy for cybercriminals to access your other accounts. Nonprofit Tech for Good recommends using a password manager like LastPass. While this will give you a quick boost in security, only 30% of nonprofits report using a secure password manager on their work computers.
Did you know that 93% of all cybersecurity situations are the result of a phishing scam? Even the most sophisticated spam filters are unable to prevent phishing emails from getting through to nonprofit employees’ inboxes. The best way to protect yourself and your nonprofit data is to regularly hold phishing prevention training for your staff and volunteers.
With nearly 60% of nonprofits not providing cybersecurity training for their staff, it is no wonder that this scam is so successful. By investing time and energy into training your team to recognize nefarious emails, you can collectively keep your volunteer data more secure and prevent an organization-wide data breach.
What is SOC 2 Compliance?
The goal of SOC 2 compliance is to ultimately boost the privacy protections around customer data. SOC 2 is a sort of stamp of approval that an organization has specific security policies that are documented and obeyed. Auditors can and often do ask to review a company’s compliance. SOC 2 measures extend to cloud-based data storage, confidentiality, processing integrity, and overall security of your data.
Those most concerned with SOC 2 compliance are SaaS companies or those who store customer information in the cloud.
SOC 2 is an exceedingly common security requirement that tech companies must meet today. Although, surprisingly, most volunteer management software companies are not SOC 2 compliant. This leaves your volunteer data at risk.
As a volunteer manager, take the extra step to confirm whether your volunteer management software is SOC 2 Compliant. You can do so by contacting the company’s Chief Information Officer.
Get Connected volunteer management software is an early adopter of SOC 2 Compliance. As a best-in-class volunteer management software provider, Get Connected saw the need for nonprofit organizations to have an added layer of protection when it comes to sensitive volunteer data. Finding volunteer management software that covers the necessary tech security, you’re empowered to spend time on more pressing needs within your community.
By making a concerted effort to improve volunteer data privacy and security, volunteer managers can better protect their volunteers and organization against growing digital threats in 2022 and beyond.
Author: Annelise Ferry
Join thousands of Volunteer Management Pros in getting exclusive resources to help you save time and make the biggest impact.