The 2016 election brought digital security and surveillance into tight focus. The webinar, “New Administration, New Risks? How To Protect Your Nonprofit’s Data,” held with Idealware and Fission Strategy, encourages organizations to rethink their security. Panelists from several organizations, including Sinu co-founder and CTO, Larry Velez, Idealware board member Leon Wilson of the Cleveland Foundation, and Shauna Dillavou of Community Red, contribute to the conversation about keeping your nonprofit data safe while bringing more productivity and safety to your team and constituents.
Larry kicked off the webinar, with a people-first approach to protecting nonprofit data. Larry emphasized that increasing an organization’s security is first and foremost about the people, not the objects or software.
Over the past ten years, the focus has shifted from self-contained hardware housed on-site to software and the cloud. Ten years ago, the risk was limited to who had access to the hardware. Now, anyone with a laptop has the potential to access your nonprofit data.
To help identify potential vulnerabilities in your tech solutions, Larry suggests starting with a one-page inventory of your systems that considers the following components:
- People credentials
- Access to cloud services
- Business solutions (CRM, accounting, database, etc.)
- Vendor relationships
Organizations should consider the following: 1) Are your solutions up-to-date and secure? 2) Have you had conversations with your vendors about the security of your systems? 3) Is your hardware fresh? 4) Do you have a hardware replacement plan? (You should plan to replace about 35% of your hardware each year, and budget accordingly.)
When considering security risks, here are some of the top risk considerations:
- Mobile first tools: Who has these devices and are they secure and locked with passwords?
- The war for your data: Different systems will want more of your data, whether its Dropbox, Box, Microsoft 365, or Google Docs. Think about how many systems you have and what data you leave behind.
- Reintegration of the cloud: These solutions will start talking to each other. What data do you want to share between these systems?
- The Apple/Google fan executive: More and more people are bringing their devices in to work and want to use consumer software. Organizations will want to think ahead on how to introduce these solutions and keep them secure.
- Data security and privacy should be treated as seriously at that same level of importance as legal and accounting, Larry advised. Malicious hackers are becoming more sophisticated and it’s becoming very profitable, that means the threats will become increasingly difficult to protect against. A great starting point to protect your organization is knowing where your risks are. Larry advises reviewing your technology inventory and risk summary a minimum of twice a year with your IT and management teams.
Leon Wilson of the Cleveland Foundation mentioned several notable nonprofits who have had significant data breaches, emphasizing that hacking is not just about political organization and Internet company breaches. Leon suggests several enterprise-grade data storage solutions that offer better control and security.
Shauna Dillavou of Community Red outlined several vulnerabilities, such as the weakness of two factor authentication (2FA) when using SMS (text messaging), the risks of using thumb drives and a known insecure backdoor into Skype. She also talks about the risks that come with the blurred lines between our personal and professional lives, whether it’s posting on the company Facebook page or using persona devices for work.
Watch the recording of the webinar to hear more from Larry, Leon and Shauna about the steps you can start taking today to help make your organization’s nonprofit data more secure and your team more productive.