Nonprofit Data Breach

Data breach is an all-too-common phrase in today’s business environment. It is often applied to for profit commercial entities but what are the implications of a data breach for a nonprofit entity?

A data breach is simply defined as access of an entity’s information without authorization. While the primary goal and resources of nonprofits should center around their core mission, because of advanced technology and a greater shift in reliance on digital transactions, nonprofits, like their for-profit counterparts, are quickly becoming attractive targets for cybercriminals, causing them to focus more of their resources and attention to cyber security. Once a data breach occurs, it can be extra costly for nonprofit’s to maintain the same level of support as before because data breaches are not limited only to financial data; breaches can also mine demographic data which is much more personal in nature. This can result in a loss of trust that could decrease future support such as donations and the number of volunteers willing to assist the organization. Negative publicity surrounding a data breach could result in fundraising events suffering less attendance and could decrease opportunities for the affected entity to partner with other nonprofit groups due to a potential lack of trust when protecting the personal information that the nonprofit is acquiring. The excess cost of mitigating a data breach can also be financially debilitating to the nonprofit.

As a nonprofit organization, educating yourself to the point you have a fundamental understanding of your organization’s network, data, and procedures is the first goal to establishing a clear map of the risks where a data breach might arise. While most nonprofits have limited resources to consider, the organization should focus on keeping or adding effective tools in prevention of data breaches and cutting out processes that do not add value once a nonprofit understands their data procedures and needs. For example, does there need to be increased security for how and where personal information is stored? Is there personal information that is being stored that is not useful to the organization? Once you narrow down what is necessary and what is not, you can more efficiently protect data with the limited resources available to you.

Once effective and efficient preventative cyber security measures are in place, the nonprofit can consider corrective measures in case there is a data breach. Should acquiring cyber insurance be an option? Are the premiums a reasonable expense to mitigate the risk of recovering from a data breach? Does the policy provide additional supportive services? If paying a premium is too expensive, is there a response plan that the nonprofit can create internally that can provide assurances to donors, staff, and the other organizations should a breach occur? It all depends on what is financially feasible and reasonable to each nonprofit’s situation and size.

As data breaches do occur, nonprofits are not excluded from this phenomenon. The best position a nonprofit can be in is to have a staff educated on preventative and necessary measures that will balance the financial and data security needs to maintain a safe environment in executing the nonprofit’s mission for years to come.