Strengthen Your Nonprofit’s Privacy and Security Operations
Protect the information of your members, donors, and users.
- Security and privacy simply aren’t part of the mission description and only become a priority when painful, reactive incidents move them forward.
- Donor/member data is on the line. Proper stakeholder stewardship is essential, and the consequences of cyber risks will impact their support of your movement and, further, your revenue.
- Cyber breaches have significant operational impact. Expect costly organizational interruptions, service delays, and potential fines and penalties.
Our Advice
Critical Insight
A nonprofit organization’s fiduciary obligation and mission promise to prioritize the interests of the stakeholders it serves must be interpreted to include its obligation to protect IT assets that hold personal data through privacy and cybersecurity protocols.
Impact and Result
- Articulate the importance of robust cybersecurity and privacy programs to key stakeholders by speaking the language the organization understands.
- Understand measures to mitigate the leak or loss of donor/member data by evaluating the intersection of privacy and security and their separately defined Info-Tech frameworks.
- Take the first step by assessing your privacy and security gaps.
Strengthen Your Nonprofit’s Privacy and Security Operations
Protect the information of your members, donors, and users.
Analyst Perspective
Security and privacy are part of the mission
Don’t neglect data security and privacy in favor of mission-focused tasks. It’s crucial to remember that if privacy and security fall short, it may become impossible to carry out tasks and initiatives that fulfill your mission. The stakes for nonprofits are much higher than for for-profit businesses. Data breaches can put your members, donors, and users at risk, disrupt nonprofit operations, expose liability, and ruin the reputation (and revenue) nonprofits have built.
We can see nonprofits are starting to pay attention, yet they are loath to make these changes due to capital and human resources, which remain major obstacles to the path of maturity and consistency.
This report is designed to encourage nonprofits in starting or continuing a security- and privacy-focused path by identifying key data protection challenges and outlining steps nonprofits can take to strengthen their operations, provide consistent protection, and overcome capital and human resource constraints.
Monica Pagtalunan
Research Analyst, Industry Practice
Info-Tech Research Group
Executive Summary
|
Your Challenge Security and privacy simply aren’t part of the mission description and only become a priority when painful, reactive incidents move them forward. Donor/member data is on the line. Proper stakeholder stewardship is essential, and the consequences of cyber risks will impact their support of your movement and, further, your revenue. Cyber breaches have significant operational impact. Expect costly organizational interruptions, service delays, and potential fines and penalties. |
Common Obstacles Financial resources, staff, and skills to combat security and privacy efforts efficiently are limited. Mission-focused budget initiatives will always win over operational ones. The industry uniquely faces more budget constraints than time constraints. The foundations of cybersecurity and privacy have not been defined, with the assumption that security and privacy are one and the same. Cyber insurance is inaccurately viewed as the end-all solution for lacking safety standards. |
Info-Tech’s Approach Articulate the importance of robust cybersecurity and privacy programs to key stakeholders by speaking the language the organization understands. Understand measures to mitigate the leak or loss of donor/member data by evaluating the intersection of privacy and security and their separately defined Info-Tech frameworks. Take the first step by assessing your privacy and security gaps. |
Info-Tech Insight
A nonprofit organization’s fiduciary obligation and mission promise to prioritize the interests of the stakeholders it serves must be interpreted to include its obligation to protect IT assets that hold personal data through privacy and cybersecurity protocols.
Every nonprofit is different but similar
|
Nonprofit organizations have different primary purposes… The nonprofit sector covers a wide range of organization types, each with their own complexity and uniqueness. |
…but overall have similar objectives… Each nonprofit’s mission is central to its purpose. Every decision the board makes focuses on the mission, vision, and values of the organization. |
…and sources of funding. Funding comes from operations, donations from generous stakeholders, grants, membership fees, philanthropic efforts, sponsorship, and government support. |
Info-Tech Insight
Any impact to your generous stakeholders’ satisfaction and perception of the organization will impact their generosity and support of the mission.
Cyber risk is heightened
Physical asset security is still valid for some nonprofit organizations, especially where paper-based manual processes are prominent. This component includes ensuring that physical devices cannot be easily carried away from the office, locking wall-to-wall filing cabinets, installing physical alarm systems, and storing external hard-drive backups in secure locations.
Data, security, and privacy are the foundations of digital transformation. For the most part, nonprofit organizations are shifting toward digital, with tools such as public-facing websites, social media, online donation forms, and cloud-based platforms.
Members, donors, and users are increasingly using smart devices to access information, engage with the organization, and make donations. Social media remains an important connection tool to promote events, share information, and build a community.
This change means the cybersecurity risks are heightened. Protecting cybersecurity includes enabling automatic software updates, enabling firewalls, setting complicated passwords that are regularly changed, and installing individualized screen locks on digital devices.
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Talk to an Analyst
Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.
Book an Analyst Call on This Topic
You can start as early as tomorrow morning. Our analysts will explain the process during your first call.
Get Advice From a Subject Matter Expert
Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.
Unlock Sample ResearchContributors
- Craig Bradley, SVP of IT, YMCA of Greater Toronto
- 2 anonymous contributors