We’re coming to the end of another year full of depressingly familiar high-profile cybersecurity attacks and compliance breaches. You would think that cybersecurity awareness would be an all-round thing, yet we have a month entirely dedicated to it (in October) because organizations still haven’t adopted the right culture.
Cybersecurity awareness should be an ongoing process, front and center in the minds of all those who handle or have access to sensitive company data. Just because another Cyber Security Awareness Month has come and gone doesn’t mean that you can sit back and believe your job is done.
There are literally hundreds of compelling reasons why non-profit organizations should implement stricter cybersecurity policies, but I’ve condensed it down to just three.
Avoid Hefty Penalties for Non-Compliance
As a non-profit organization, it’s more than likely that you are required to comply with the Payment Card Industry Data Security Standard (PCI DSS or just PCI for short). This compliance regulation ensures that any company accepting payments via credit card must ensure that data is being processed and stored in a responsible way.
Achieving full PCI compliance can be complex, especially as organizations grow and credit card details are being stored and processed across multiple locations. Any new channels that non-profits enter into need to be done so with PCI compliance in mind, otherwise the penalties can be seriously harsh.
The risk of crippling fines is a motivator for most businesses to ensure compliance with PCI standards, but you really should be doing so from an ethical standpoint as well. Would you be comfortable paying for something via credit card if you thought the organization you were paying were going to store and process your card information in an unsecure way? Why should the way you operate as a non-profit be any different?
Doing the Right Thing with Donor Data
As I mentioned above, cybersecurity isn’t just something you should practice because you want to avoid being fined and outed in the media. Good cybersecurity should be a staple for all non-profit organizations because you have a duty to protect the sensitive data of those lovely people that have chosen to donate to you.
If you put that data at the heart of your cybersecurity policies, then you are starting off on the right foot. Make sure that all policies, processes and solutions that you put in place address the data first – after all, that’s what it’s all about.
If you get this right, the knock-on effect will be reassuring potential donors that you are a trustworthy company that takes their right to data security seriously. Nothing can cripple a non-profit faster than being seen in the public eye as a security risk, especially in today’s climate where high profile data breaches (such as the Facebook Cambridge Analytica scandal) are widely reported by mainstream media.
Avoid Crippling System Downtime
Organizations that are heavily reliant on their websites to generate revenue (or donations in the case of non-profits) can be crippled by external attacks.
Recently, a non-profit in Atlanta was the target of a terrorist sympathizer group, who were able to hack into their website. As a result, the non-profit was forced to take their website down during a time when people needed to buy tickets to a fundraising concert.
Similarly, with ransomware attacks ever on the rise, a company that stores vast amounts of sensitive, valuable information (such as credit card details) is a prime target. Ransomware attackers take advantage of poor cybersecurity awareness and practices to bypass external security and move laterally across the network. A quick Google of recent ransomware attacks will tell you everything you need to know about how devastating and avoidable these kinds of attacks are.
If you don’t know where to start when considering a data-centric approach to security, we provide a free trial of our award-winning data-centric audit and protection solution, LepideAuditor. Start your free trial to see how you could avoid compliance fines whilst bolstering the security of your critical data.