Wise Giving Wednesday: Concerns About Cybersecurity
South Carolina-based Blackbaud, Inc. provides data, fundraising, and financial services to more than 45,000 companies, including nonprofit organizations and foundations. On February 1, 2024, the Federal Trade Commission (FTC) announced as part of a consent agreement, that Blackbaud, without admitting to any violation of law, has agreed to “delete personal data that it doesn’t need to retain… over charges that the company’s lax security allowed a hacker [in 2020] to breach the company’s network and access the personal data of millions of consumers including Social Security and bank account numbers.”
In September 2023, in addressing this 2020 data breach, the company agreed to an assurance of voluntary compliance with 49 states and the District of Columbia that included a payment of $49.5 million.
Those interested in learning more about the data breach that occurred four years ago are encouraged to review the referenced agreements. There are important lessons in this story for both charities and donors. Charities should take active measures to increase their own data security on a continuing basis not only for their own operations but also through the vendors it may hire to carry out fundraising or other data needs. In turn, donors should recognize the important stewardship role that charities have in not only managing their finances but in protecting donor data.
Previous posts in Wise Giving Wednesday provided a variety of recommendations to help address cybersecurity, such as a five-step process to address this concern:
1. Identify cyber risks by assessing risk exposure
2. Protect data through technology and data governance planning
3. Detect a cybersecurity problem when it happens
4. Respond effectively to a cybersecurity incident
5. Recover from the impact of a cybersecurity or data impairment event
In addition, there are common sense actions organizations can take such as requiring employees to use strong passwords and update them at least every six months, and ensuring that staff only use laptops provided by the organization, not their home computers which might increase risk exposure when they are used for personal purposes.
Heart of Giving Podcast
This week’s Heart of Giving Podcast features Toshi Hoo. Toshi leads Institute for the Future’s Emerging Media Lab (EML), where he explores the implications of rapidly evolving technologies that are transforming the ways humans communicate, collaborate and connect.
We are always working with charities to publish or update reports for donors. Visit Give.org or local BBBs to check out any charity before giving. Our recently evaluated charities include: