You have only to open any newspaper (or news website) these days to be confronted with one of the most pressing issues of our time: cyber crime. Recognizing this fact, President Obama recently held a Cyber Security Summit at Stanford University, and he created a new office to coordinate government action on data security at the national level. Businesses have devoted billions of dollars protecting themselves against cyber attacks, but many people remain unaware of what they should be doing to protect themselves, and their organizations, from hackers and criminals online.
The Office of Corporate Social Responsibility at American Express has launched an effort to bring awareness of this important issue to nonprofit leaders through our already-existing leadership development programs and to share some best practices on what nonprofit organizations could and should be doing to combat this growing threat to their data.
So, why should you care about cyber security if you are leading a nonprofit organization?
In short, nonprofit organizations possess myriad kinds of information that are valuable to hackers and criminals.
Some examples from the March 2014 edition of dutiee.com, a website for entrepreneurs:
-
Personally identifiable information. Your organization is likely collecting information on your donors, customers, employees and beneficiaries that would be valuable information for criminals. Information such as names, addresses, email addresses, phone numbers, Social Security numbers, bank account numbers and credit card numbers are all valuable pieces of information and can be sold on the black market.
-
Donor and patron relationships. Your donors and supporters may be affluent or high-net worth individuals, foundations and corporations. They already have a special relationship with you, and if they were to receive an email message from a hacker posing as your organization, they might be likely to open it — potentially spreading a virus or malware into the donor's own network or computer equipment.
-
Financial and employee information. You collect other valuable information on own employees, including salaries, health benefits, vacation schedules and the like. You are also most likely using your own network to collect and store confidential information on your own finances, programs and assets as an organization.
Hackers may target the following parts of your organization:
-
Your staff. Access to one or more email inboxes may provide the ability to gain broader access to your network.
-
Your website. Whether your website is hosted internally or externally, it may be targeted by hackers for access to your network and valuable information on your users.
-
Your social media sites. Hackers can gain access to your social media accounts and their users, exposing your users to further attacks and misinformation.
-
Your customer relationship management databases. As dutiee.com reports, these often hold "the keys to the kingdom" and are the ultimate goal of hackers.
If you have a question or comment, follow me on Twitter at @timmcclimon and post it there.
This post was originally published as part of the CSR Now! blog, which examines what’s happening in Corporate Social Responsibility today from the point of view of a corporate practitioner. It is reprinted here with permission.