Do Idaho Nonprofit’s Really Need to Worry about Cybersecurity?

Written By Breean McKinney

by Foster Cronyn 


Most people don’t think about cybersecurity until a neighbor or family member is hacked.  When they do, it seems like it’s always a hospital, insurance company, or national retail chain that loses the personal information belonging to millions of individual customers, not a homeless shelter or local foodbank. 

Do nonprofits really need to worry about cybersecurity?  After all, they typically don’t retain millions of personal records or have millions in the bank to pay bad actors.

The answer is an emphatic YES!  


Why?


We were recently contacted by a local nonprofit that had someone hack into their Microsoft 365 account. The hacker added a new admin account. Thankfully, they discovered it before the hacker was able to steal their vital data. 

Nonprofits collect and store information about individuals they serve, the staff they employ, and donors that give—this is often the type of data that is at risk. Nonprofits typically run on a razor-thin budget and don’t have the financial resources their counterparts in the for-profit world have.  As a result, cyber defenses are minimal to non-existent, and that is exactly what makes them attractive to bad actors.  After all, cybercriminals are nothing but thieves that pick on the weak.

Most of the nonprofits I’ve come across here in Idaho provide critical services to their communities. In the event of a cyberattack, the consequences would be significant, adversely affecting the organization’s ability to accomplish its mission. In the last 10 years or so, the internet has made the logistics of fundraising easy and efficient.  As a result, nonprofits need to protect the privacy of donors, including financial transaction records, EINs, and social security numbers. A data breach or other cybersecurity event could result in financial loss or even legal action. However, the potential damage a cyber event has to a nonprofit’s reputation could be lethal as community trust is broken and future fundraising abilities are disrupted.

Nonprofits should follow the best practices of cybersecurity to minimize their risk of being targeted. Think through these questions to help position your organization safely: 

  • Where are the most likely attacks to occur?  

  • What assets are the most important to protect?  

Now, make sure you have implemented these safety measures: 

  • Use a password manager (e.g. BitWarden, LastPass)

  • Have a process for changing passwords every 90 days 

  • Use best practices for managing the length of passwords (and don’t put it on a sticky note near your desk)

  • Use multi-factor authentication options when available

By knowing and understanding the risk, nonprofits can prioritize their security measures and protect the personal information of their donors, clients, and employees.

Watch for our upcoming Nonprofit Success Lab on this topic!

Breean McKinney
Next

United for Impact: How the Idaho Community Foundation and Idaho Nonprofit Center Merger is Strengthening Idaho's Nonprofit Sector.