How to Protect Your Data with a Partnership
As the Blackbaud data breach comes to light – almost 6 months after it began on February 7th – the topic of data security is top of mind in the nonprofit world. While Blackbaud states that there is “no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” Blackbaud did pay the ransom demanded by the cybercriminal to destroy the subset of data stolen. Such an incident undermines trust in Blackbaud and can shake the confidence of individuals invested in the growing list of nonprofits impacted by the breach. For many nonprofits, loss of trust in your organization can be an existential threat. Hard-won allegiance can be hard to win back no matter how long a donor, volunteer, or other audience member has been loyal. Many organizations don’t think about the topic until the breach has already happened. As many organizations have transitioned rapidly to remote work expanded, likely without the implementation of increased security measures, now is an even more critical time to be proactive about your security.
In a 2018 survey of 250 nonprofits across the country, NTEN and Microsoft found:
- 68.2% of respondents do not have documented policies and procedures for when they get attacked
- 45.6% do not have procedures or policies in place to manage how data is shared with external agencies.
- 59.2% do not provide any type of cybersecurity training to staff
- 66.1% of organizations have not undergone a threat assessment exercise or drill.
Any time you engage with a third-party provider, data security should be at the top of your list. This applies to corporate partnerships as well. Talk to your partners about how they handle personally identifying information, evaluate your own practices, and together, develop best practices for sharing information and a roadmap in case anything goes wrong.
Beyond verifying that your corporate partners are responsible stewards of your data, you could even consider using your corporate partnership to bolster your internal defenses. Given that effective cybersecurity requires a mountain of resources to get it right, a partner who specializes in or provides cybersecurity software, hardware, maintenance, or other expertise may be a good investment. A partner can help you assess risk, draft policies and procedures, understand cyber liability, develop employee trainings, prepare an incident response plan, and more.
Some organizations already exist to help bridge the gap. TechSoup, a nonprofit itself, has built out a network of organizations that provide technical support and tools to nonprofits. Their list of donor partners is expansive, proving that companies are willing to help nonprofits meet their cybersecurity needs. All you have to do is seek them out and ask!