It’s a scenario that might leave any nonprofit director in a cold sweat: the personal and financial information of more than 10,000 donors stolen in a single data breach. That filched data includes…
- Email addresses.
- Credit card numbers.
How does a nonprofit come back from that?
That’s the question Utah Food Bank had to answer earlier this year, according to the cyber security publication SC Magazine. The report states an unauthorized individual gained access to the information of 10,385 donors through the food bank’s donation webpage.
In many states – Utah included – a business or organization that experiences a data breach must notify the affected individuals and offer free credit monitoring services. SC Magazine reports Utah Food Bank offered a year of credit monitoring and identity restoration services to the people whose data was pilfered.
If you run a nonprofit, this situation is one you hope to never face. Notifying the affected donors and paying for their credit monitoring comes at a big cost to your organization. But what’s worse is the long-term effect the event might have on future donations if people don’t feel safe using your website.
Cyber Security a Fine Line for Nonprofits
When it comes to cyber security, nonprofit organizations are in a difficult position.
- On one hand, online donations allow nonprofits to reach the most donors. It allows for more convenient donations and increased marketing opportunities.
- On the other hand, accepting payments online means that the nonprofit is responsible for securely storing and handling all that data. And cyber security isn’t necessarily cheap.
In our post "Take Online Donations? Make Sure Your Cyber Liabilities Are Covered," we take a look at how to balance the benefits of online donations with the risks. To best be prepared for the responsibility that comes with online donations, your nonprofit’s board of directors is going to have to have a game plan that addresses cyber security concerns.
Ideally, you might look for an experienced IT consultant to offer their services pro bono to help improve your organization’s security. But don’t be afraid to invest in cyber security in whatever way you can. If people think that their credit card information isn’t safe with your organization, they’ll stop donating in an instant, and that's something you just can't afford.
Cyber Liability Insurance for Nonprofits
You should do what you can to manage your nonprofit's data breach risks from the outset, but even with top-of-the-line security in place, accidents and oversights can still happen. There's simply no infallible way to account for human error.
As a last line of defense, consider purchasing Cyber Liability Insurance. When your security measures aren't enough to stave off a breach, Cyber Liability coverage can help your nonprofit recover by paying for:
- Donor notification costs.
- Legal expenses.
- Credit-monitoring services.
- Good-faith advertising.
The bottom line: technology is a double-edged sword. A website can make the donation process easier, but it opens your organization up to more responsibilities and risks. Make sure your nonprofit is prepared for the possible downfalls that come with convenience.