Nonprofits are under cyber attack. Fight back.
It’s time to get serious about cybersecurity and keeping your mission on track
Oregon has more than 31,000 nonprofit organizations and over 19,000 public charities, according to a recent report published by the Nonprofit Association of Oregon. Nonprofits create many public benefits that Oregonians value, from enriching cultural life to providing needed services and creating innovative solutions to community issues. More than most, nonprofits live in a world that depends on networking and collaboration – and this puts them at particular risk for cybersecurity issues.
The vast majority of nonprofits are smaller organizations with 68 percent having annual revenue of less than $100,00 and primarily rely on volunteers to accomplish their mission. Despite having a high-risk profile due to activities such as collecting information on volunteers and donors, nonprofits often lack the resources to adequately protect themselves, staff and systems against cybersecurity vulnerabilities.
What are the risks? What can nonprofits do to improve cybersecurity cost effectively? With cyber attacks on the rise globally -- and let’s face it, cyber criminals have no regard for the importance of your organization's mission – it's critical to take the safety and security of your data and websites seriously. Cyber Oregon is here to help, with ongoing cybersecurity news, useful resources, how-to guides, access to local resources, and more.
Jim White, Executive Director, Nonprofit Association of Oregon
Jim White currently serves as the Executive Director of the Nonprofit Association of Oregon. He began this assignment in October of 2012. Jim is deeply committed to social change and has worked in the nonprofit sector both domestically and internationally for more than 20 years. He has a passion for affecting systemic change in the way that the public, private and nonprofit sectors work together to support and strengthen civil society. He is specifically skilled in building alliances and partnerships with mission and results driven outcomes in mind.
When asked what drew him to join NAO, Jim responded: “Oregon is a unique state where we celebrate diverse ideas and diverse cultures. We have an engaged and passionate population; people who want to get involved in community life. I am excited to bring what I have learned in the international context to apply to the concerns, needs and desires of the people of Oregon. I recognize that NAO is the organization that strengthens those voices and provides the kind of capacity building and leadership development that can have systemic change across the sector and beyond."
Before joining NAO, Jim worked for Mercy Corps both overseas and in Oregon, most recently as the Vice President of Operations. He has also worked for the International Organization for Migration and the American Red Cross. Jim earned a B.S. in Engineering Technology from Temple University and an M.A. in Central Eurasian Area Studies from Indiana University.
Nonprofits have a wealth of resources and information available to help improve their ability to defend and withstand cyber attacks. Here are a few to get you started.
National Council of Nonprofits
Cybersecurity information and resources.
Institute for Critical Infrastructure Technology
Report on how nonprofits and non-government organizations (NGOs) can prepare against cybersecurity threats.
Nonprofit Technology Network
Cybersecurity news and insights.
Center for Internet Security.
Oregon Center for Cybersecurity at MHCC
Resources from an Oregon institution recognized by the Dept. of Homeland Security as a Center for Academic Excellence.
If your nonprofit engages in any of the three activities below, it’s time to get serious about taking steps to address cybersecurity risks.
Does your nonprofit:
- Conduct e-commerce on its website, such as processing donations or event registrations?
- Store and transfer (such as by sending to the cloud) “personally identifiable information” about anyone, including donors? (Common examples of personally identifiable information include clients’ medical information, employee records, drivers’ licenses, addresses, and social security numbers.)
- Collect information on preferences and habits of donors, patrons, newsletter subscribers, etc.?
Start by taking inventory of all the data your nonprofit collects and identify where it is stored using the Nonprofit Technology Network’s (NTEN) template assessment tool or US-CERT’s Cyber Resilience Review (CRR) tool. Then make sure you’re informed about state and federal laws for disclosing security breaches and the potential need for cyber liability insurance.
While no one likes to think of nonprofits engaged in charitable and other positive activities as being the targets for cyber crime, the reality is that such incidents have become commonplace.