Wise Giving Wednesday: Charities & Cybersecurity
There are two types of nonprofit organizations: those that have been hacked, and those who don’t know they have been hacked. This memorable point was raised earlier in October, by a panelist during a livestreamed discussion, “Cybersecurity Planning for Nonprofit Leaders,” presented by the BBB Foundation of Metropolitan New York. You can learn more and access a video recording of the session at the link provided.
We have all heard about data security breaches that have taken place at retail stores and major corporations, but increasingly charitable organizations are experiencing cybersecurity problems as well. Cybersecurity has a direct and powerful impact on donor and client trust, so it is vital for nonprofit leaders to take steps that can lower the risks of suffering a harmful cyber incident. At the Independent Sector annual conference taking place this week in Miami, one of the panel discussions, “Preparing to be Hacked,” addressed data security issues and nonprofits.
The BBB Standards for Charity Accountability (Standard 18) includes specific provisions that address the content of privacy policies on charity websites. While this provides charity website visitors with some knowledge about how their data might be used by the organization, there are other factors that charities can consider to improve their cybersecurity. Recently, the BBB has created a new online resource , BBB Cybersecurity, to provide valuable tools, tips, and content to help organizations manage cyber risks and educate people about cybersecurity best practices.
Among other things, this site includes the BBB 5-step approach to cybersecurity that can be helpful to charities:
Step 1: Identify - Take inventory of key technologies you use, identify your data “crown jewels” and evaluate your cyber risk profile.
Step 2: Protect - Assess what protective measures you need and can afford to have in place (including systems, insurance, policies and procedures) to be as prepared as possible for a cyber incident.
Step 3: Detect - Put measures in place to alert you to current or imminent threats to system integrity, or loss or compromise of data.
Step 4: Respond - Make and practice a cyber Incidence Response Plan to contain an attack or incident and maintain business operations in the short term.
Step 5: Recover - Know what to do to return to normal charity operations after an incident.
We hope the above provides some initial insight and suggestions and welcome you to learn more at the links provided.
On a separate note, as part of our Building Trust Video Series, we are pleased to provide the following video that features Ellie Hollander, President & CEO of Meals on Wheels America (a BBB Accredited Charity) which supports more than 5,000 community-based senior nutrition programs across the country that are dedicated to addressing senior hunger and isolation.
We are always working with charities to publish or update reports for donors. Visit Give.org or local BBBs to check out any charity before giving. Our recently evaluated charities include:
Finally, remember to let us know by going to https://give.org/ask-us-about-a-charity1/ if you are interested in seeing a report on a charity not on the list and we will do our best to produce one.
H. Art Taylor, President & CEO
BBB Wise Giving Alliance