What is Giving Compass?
We connect donors to learning resources and ways to support community-led solutions. Learn more about us.
When performing a risk assessment, many organizations focus on issues such as loss of funding and reputational damage. Yet data breaches, which can cause just as much harm to the nonprofit, largely get overlooked. Nonprofits collect sensitive data, which can include donor information, health information, Social Security numbers, confidential emails, employee and volunteer records, and billing information. But, very few organizations can be confident that they do not store any of this information, so it needs to be protected.
The first wave of hacking seemed to only target large companies that stored masses of sensitive data. Stories about credit card numbers and contact information being stolen from retail stores made major news headlines. These days, unfortunately, it looks as if cybercriminals have discovered the gold mine that is nonprofit data.
Cyber-crimes cause customers—or, in the case of nonprofits, donors—to lose faith in organizations. Hacking exposes vulnerabilities in nonprofits’ systems and can make some donors feel as if the organization did not value them enough to enforce proper safeguards that protect their information.
Data indicate that in the last two years, there has been a 270 percent increase in cyber-crime victims, and there are signs that hackers are targeting smaller businesses because they are less likely to have sophisticated security measures. Given this growing number of incidents, nonprofits need to invest in cybersecurity.
Importantly, nonprofits must recognize that they are more vulnerable to cyber-crime than they think. Whether or not a nonprofit collects sensitive data that can be used by criminals, such as Social Security numbers or credit card information, the nonprofit runs the risk that its oversight will cause a breach of trust with the organization’s supporters. It is much more difficult to regain the public’s trust than it is to regain funds.