Secure Your Data - Seriously

You’re walking down the street, when a man in a trench coat approaches.  In a semi-socially distant way, he whispers to you, “Pssst… Hey, buddy, wanna buy some data?  New data breach. Got some fresh names. Credit card data, too.”  No, of course, it doesn’t happen that way, but your data can get out there. Your donor data is the lifeblood of your organization.  You can’t afford not to secure it.

As many of you know, Blackbaud, one of the major software suppliers to nonprofits, had a data breach back in May that affected what appears to be hundreds of nonprofits.  Community Brands, another major supplier in the nonprofit space, suffered a ransomware attack back in March.  A number of other suppliers in our space – and nonprofits themselves – have been attacked.  The fact that you are a nonprofit with a mission of social good means nothing to hackers.  Everyone is a target.

So, what do you do?  You start to ask questions.  If your fundraising system is on your local network, ask your IT team what your potential exposure is.  Can anyone from the outside gain access to your internal network?  What types of security have been implemented to protect you and your data? You also need to educate your colleagues on the types of emails that they shouldn’t open and, if they do, what not to click on.  Just today, I received a really credible looking email from someone I know – his real signature block, his real return email address.  But, it really wasn’t from the person I know.  No, it was sent by someone who had hacked into his email account and took it over.  Fortunately, before I clicked on a button that could have infected my computer (or worse), I noticed that I would have been directed to a really sketchy web address.

If your data is hosted by a third party, you need to fully understand who bears the risk and liability of a data breach.  Vendors are great at trying to avoid any responsibility.  Before you sign on the dotted line, make sure that you hold their feet to the fire as much as possible.  As Jon Dartley, a data privacy and security attorney at Perlman and Perlman says, “It is vital to have the appropriate legal terms in the contract to protect your interests.”  Find out what your liability limit is.  Have it in writing who bears the responsibility and cost of a data breach.  And, have the vendor agree on a specific timeframe within which they need to advise you of a data breach.

While your data is invaluable, so is your reputation.  You have worked hard to earn your donors’ trust.  If you don’t take the proper precautions to safeguard your data, you could see that all go up in smoke.

 

 

 By Steve Jacobson, AFP-NYC President and CEO, JCA, Inc. This article is published with permission from NYC Fundraising Matters, the newsletter of the NYC Chapter of AFP.