Many nonprofits are nervous about their information security, and understandably so. Even large and well-financed organizations, such as the NSA, The White House, Target, Chase Bank, Home Depot, and Sony, have all been hacked. And if they can’t protect their data, even with their extensive resources and high-priced IT experts, how can a small nonprofit possibly protect its information?
A common sense approach is to first consider what risks your organization is most likely to face and then develop a plan to address them. This is called a risk analysis.