Jan 30, 2020

How and Why to Prioritize Cybersecurity for Nonprofit and Social Service Organizations

According to Risk Based Security, data breaches were up 33 percent in 2019 compared to 2018, with a total of 7.9 billion exposed records affected. The research firm labeled 2019 as the worst year on record for data breaches, as everything from hotel chains to diagnostics labs was targeted.

This shows that no matter what industry a business finds itself in, cybercriminals will find a way to infiltrate networks and steal sensitive data, including the nonprofit sector. Essentially, no industry and no business is safe from the efforts of persistent cybercriminals with sophisticated means of obtaining information.

Why to Prioritize Cybersecurity for Nonprofits

Data breaches can fall on nonprofit organizations at any time. These organizations obtain and store sensitive personal information that is protected by law as confidential. When there is a breach of the confidentiality of the data held, it poses a major risk for the individuals whose data is included. This puts the nonprofit organization in a serious situation on many fronts, putting the blame on it for not protecting the personal data of its clients enough, which can bring about major lawsuits and liability claims.

Having cybersecurity insurance is one way that nonprofits can keep risks and exposures limited, like coverage offered by Tangram Insurance. While it’s not the first nonprofit insurance provider to supply this kind of coverage, it does offer personalized coverage to keep up with the constantly changing world of cybersecurity in nonprofits. Having this kind of coverage will help these companies with everything from paying out settlements to finding the right services to patch a network back up.

Risk Assessment

The first step in assessing data risks in a nonprofit is to take inventory of all the data that is collected and identify where it is being stored. Nonprofits should look at the cost/benefit of maintaining all this information, which could include social security information, financial particulars, and more. If possible, a nonprofit can try to reduce or limit the data that it collects, and streamline the storage process to mitigate risks.

Data: Protected or Confidential?

It’s also important to know whether the data that is stored at a nonprofit is covered by federal or state regulations as personally identifiable information. There are laws that require nonprofits to inform persons whose information is disclosed in a data breach, and there are 31 states that have laws that require disposal of data.

Even if some information that is stored isn’t personally identifiable, a breach can be harmful to the nonprofit’s reputation and ability to bring in future contributions. Any and all data stored should be looked at as important.

Look at the Risks

A nonprofit should also run down the risks they face when it comes to data breaches. Look at the likelihood of some cybersecurity exposures and risks from a third party compromising data security. Many nonprofits use outside help in some way, such as accounting services or IT help. If any of these third party vendors do not operate with adequate data security protection, the nonprofit’s data security will be put in the crosshairs. When hiring out third parties, a nonprofit should make sure that they are satisfied with the data security protocol.

About Tangram Insurance Services

Located across the Golden Gate Bridge, just outside of San Francisco, Tangram Insurance Services is a full-service Managing General Underwriter and Program Manager offering specialty programs. We focus on industry-relevant coverage, competitive pricing, and practical business and risk management solutions for your clients. Since we are not all things to all people, we make sure to create outstanding custom-built solutions that matter to those businesses, and the brokers who serve those industries. Contact us at (888) 744-9810.