Cybersecurity:
What is the issue?
Cybersecurity, also known as information technology (IT) security, is the practice of protecting critical internet-connected systems and sensitive information from digital attacks.
Why do nonprofits care?
Nonprofit organizations process and often store personal data of donors, members, and clients.
Cybersecurity is not an easy proposition to execute. At a minimum, organizations are required to adhere to laws regulating how we collect, store, and use data. Yet, we also have an ethical obligation to protect the people who share data with us.
Nonprofit organizations also want to avoid data breaches as they undermine the trust in our organizations and put our reputations at stake.
Data breaches can also be expensive financially.
Is there legislation relating to cybersecurity?
Yes. Every state has its own regulations for legal responsibility in managing and securing data. It is important that nonprofit staff are aware of what is required. In some cases, but not all, the security regulations are rolled into the data privacy laws.
At this point, any national legislation on cybersecurity has been overshadowed by the push for data privacy. To read more, visit our Data Privacy page,
What next? What should we do?
An organization’s CEO needs to view cybersecurity in the same manner they think of a financial or tax audit — it needs to be part of the regular duties addressed each year. Cybersecurity should be a Board-level issue, with the Board responsible for signing off on the necessary steps to reduce the chance of a data breach, just as a board does with budgets and tax audits.
To guide nonprofits along the road to cybersecurity, TNPA created a few resources:
The first is “The Roadmap to Data Security for the Nonprofit CEO.” This document guides a CEO in asking the right questions, setting up effective procedures, and placing the proper emphasis on board involvement when dealing with cybersecurity.
The second is “Considerations for Nonprofits in their Partnership Agreements.” This document addresses the key questions facing nonprofits when putting together an agreement with a for-profit partner in the handling of data. The goal is to forge an effective partnership between the nonprofit and the for-profit entity for the secure handling of data.
Videos
February 2024 | Security and Privacy for Nonprofits: A Guide to Cybersecurity Success, Presented by Security Counsel
Read More
Generative AI: Friend or Foe to Cybersecurity? from Security Counsel, 10/2023.
McKinsey reports from 12/2022 on Digital Trust here and here.
Why Care About Cybersecurity? by Keith Huntoon, Founder & CEO, LiftEngine
A Call to Vendors! Come Play on the Cybersecurity Team. By Rich Kostro, Senior Vice President and Chief Information Officer, Share Our Strength.
Cybersecurity: Not Just A Month. By Suzanne Haggerty, Director of Software Development at Habitat for Humanity; and Stephanie Ceruolo, Donor Data Enthusiast.
White House: A Proclamation on Cybersecurity Awareness Month 2022