It seems like every week we hear about another major data breach. But it’s not just large retailers that are being targeted. In fact, most cyber-attacks are targeted at small businesses. The reality is that small businesses – nonprofits included – are targeted because they’re less likely to have the kind of sophisticated cyber protection and safety protocols large companies have in place.
Why would hackers attack charities and nonprofits? Nonprofits generally store sensitive information such as volunteer and donor data including bank accounts, credit card and social security numbers on their computer system. Hackers can more easily gain access into a less protected computer system and sell them to identity thieves on the dark web. Hackers won’t necessarily know how many or the value of your records, but if they can gain access to your network, they can find out.
Even if your organization has the latest firewalls and cyber security, the threat can come internally from employees or volunteers. They may have direct access to donor records and more. If just one employee is lured by the temptation of easy money, it could have devastating consequences to the organization. According to Experian’s 2015 Data Breach Industry Forecast, employees and negligence will continue to be the leading cause of security incidents in the next year.
The consequences of a data breach can be devastating:
Notification. It starts with informing all of your members, employees, volunteers and donors. Most small businesses and non-profits do not have the resources or plans in place to respond to data breaches and may need to hire a public relations firm to help react to negative headlines in the press.
Time. A data breach diverts attention from the daily activities of running an organization to the process of recovering from the event. If your time is normally devoted to serving your members and overseeing operations, you can expect to delegate that work to others while you (and perhaps other employees) respond to the breach.
Financial cost. In addition to the loss confidence by donors and members, a data breach can be quite costly. The University of North Carolina said a 2013 data breach of just 6,000 records has cost the school nearly $80,000 in working with affected parties. The external costs to date include notification letters, credit monitoring and operating a call center.*
In the coming weeks we will provide more insightful articles on our website about data breaches and how we can help you prepare and respond. Look for our next article: “Are You Prepared for a Data Breach”
*Small Businesses: The Cost of a Data Breach Is Higher Than You Think, First Market Data, Insight Study, 2014