The Consequences of a Data Breach to a Nonprofit Organization
Among nonprofit best practices, data security is often far down the list of tasks nonprofit leaders build into their days. Yet it is of utmost importance.
In 2015, the Nonprofit Center for Charitable Statistics was hacked. Annual reports to the IRS were the targets of the hackers. The usernames, passwords, IP addresses, and other data from among the 600,000 to 700,000 nonprofits who file through the center’s database were among the data compromised and accessed by the hackers.
You may think to yourself, “Well, that won’t happen to me. We’re too small to be of notice to hackers.”
No nonprofit organization is too small to be attacked. In fact, quite the opposite—small nonprofits may be more vulnerable to cyber attacks because they lack the resources, both financial and human, to prevent or combat an ongoing attack.
Data security breaches can lead to severe consequences for your organization. Irate members may leave, sue, or create havoc in social media when they learn their data has been compromised. It takes considerable time, effort, and money to clean up after a breach. The trust that is lost can never be rebuilt to the same degree.
Here, in this two-part series, we look at the consequences of data breaches and cybersecurity risks and how nonprofits may safeguard against them. Putting into place nonprofit best practices for cybersecurity now may be all that it takes to prevent future problems.
Financial Consequences for Nonprofits
From the extensive time that it takes to determine if a breach has occurred to the hours it takes to identify and contact the donors impacted by the event, the labor involved in resolving a data security breach is intense.
Solving a security breach requires notifying all of your members, employees, volunteers, and donors as well as employing legal counsel and, potentially, paying fines and penalties. Added to the extensive labor costs, are the costs of notification letters, credit monitoring, and operating a call center.
Impact Upon Your Organization’s Reputation
Although the financial impact alone can be staggering, the harm to your organization’s reputation can be even greater. An Experian survey by the Ponemon Institute surveyed 700 consumers about their perspectives on data security breaches. The consumers overwhelmingly ranked data breaches, poor customer service, and environmental disaster as the issues that cause the most negative impact on the brand reputation of a business. Many nonprofit organizations rely on the goodwill of donors to keep an organization afloat, and in the face of a data security breach, goodwill might be hard to find.
When thinking of a data security breach, most people think of banking or credit card information, but consider an organization that keeps a private list of people dealing with medical issues. How many potential lawsuits would an organization deal with, if very private information were leaked to the public? Or how about an organization that keeps identity information? What would be the impact of several donors dealing with identity theft because of a data security breach with an organization?
As you can see, it takes only a moment for your organization’s future to be compromised by cybercrime. Large or small, everyone is at risk. In our next article, we’ll look at preventative measures that even the smallest nonprofit can take to thwart possible cybercrimes. See you there.
RBP Methods helps right-brained people navigate a left-brained world. We offer consulting and software that conforms to nonprofit best practices and are happy to discuss security and other needs with you. We offer software for nonprofit financial management, donor and grant management, and more to help your organization run smoothly. Contact us today or call 503-648-9051