Promoting Excellence and Trust in the Nonprofit Sector

Data Security

In the midst of the Covid-19 pandemic, nonprofits across the country are facing challenges that none of us have ever had to ponder, let alone tackle, before. Issues related to assisting those we serve, our staff, and volunteer teams are perhaps more pronounced than ever. Along with all of the new challenges and difficulties, there are a host of vital management and operations tasks that have always been on our plates—and continue to be on the proverbial “to do list.” Certainly, issues surrounding data risk management are among the most important.

Scams and phishing schemes in the midst of these uncertain times are prevalent. I am disheartened and intensely annoyed by the frequent messages in my email box from fraudulent emailers masquerading as my supervisor. In fact, a few weeks into the pandemic, our organization was the subject of a phishing scheme that caused every member of our team to spend significant time adding additional layers of security to our emails to ensure that the scheme did not impact our data and our members’ data. For some, the “fix” had to be carried out two or three times, causing additional downtime and inefficiency. Additionally, our entire team moved to two factor password authentication protocol – which may be burdensome for our team, but worth it to avoid major losses. We were fortunate, though. It could have been MUCH worse.

We offer some advice for how to manage risk through the Standards for Excellence: An Ethics and Accountability Code for the Nonprofit Sector. One of the Standards states “Organizations should make every effort to manage risk.” One aspect of risk management is the security of our data and systems. A recent study by McAfee (a leading cybersecurity company) indicated that “nearly 2/3 of people who use online services (more than two billion individuals) have had their personal data stolen or compromised.” Moreover, the report highlights the growth in cybercrime and the new technologies that cybercriminals are taking advantage of. Preparedness and vigilance are key for ensuring that, even if the worst should come to pass, your organization will be able overcome challenges in this area.

Organizations should have adequate security in place that controls access to data. Generally, this involves controlling who has access to your system through robust login and user rights management. It also includes firewalls that secure internal systems against access from the external networks (this is the internet for most systems). Security also involves user education as unattended workstations, shared passwords, or lost laptops are the most common access points for security breaches. In instances where remote access to internal systems is allowed, special care must be taken to secure these access methods.

These are just a few suggestions for mitigating data security lapses. Nonprofits should also consider cyber liability insurance for additional protection against online attacks. For the full series of tips and guidelines on data security, as well as other guidelines for nonprofits, check out the Standards for Excellence educational packet on Administrative Policies for more useful information. The educational packet includes helpful resources on data security, what steps to take to protect your data, what to be wary of in regard to external threats, and how to mitigate a data disasters.

This educational resource packet and the full series of all packets – including sample policies, tools and model procedures to help nonprofits achieve best practices in their governance and management – can be accessed by contacting a licensed Standards for Excellence replication partner, one of the over 150 Standards for Excellence Licensed Consultants, or by becoming a member of the Standards for Excellence Institute.

We share our sincere wishes for your continued good health and patience as we all navigate these challenging and uncertain times.

Share This Story, Choose Your Platform!

About the Author: Amy Coates Madsen

Amy Coates Madsen is the Director of the Standards for Excellence Institute, a national initiative to promote the highest standards of ethics and accountability in nonprofit governance, management, and operations, and to facilitate adherence to standards by all organizations. The Standards for Excellence Institute is a program of the Maryland Association of Nonprofit Organizations where Amy has served for more than twenty-two years. Amy is responsible for coordinating all aspects of the association’s comprehensive ethics and accountability program and efforts to replicate the program nationally. She serves as a frequent trainer and writer in the areas of board conduct, program evaluation, program replication, fundraising ethics, and nonprofit management. She has taught courses on nonprofit ethics and accountability at the Johns Hopkins Institute for Policy Studies Certificate Program on Nonprofit Management. She has held positions at the Trenton lobbying firm of the Princeton Public Affairs Group, and the Public Policy Liaison Unit at the world headquarters of Catholic Relief Services. Amy received her Master of Arts in Policy Studies degree from the Johns Hopkins University – Institute for Policy Studies in Baltimore, Maryland; and her Bachelors degree from the Virginia Polytechnic Institute and State University in Blacksburg, Virginia. Amy is a member of Phi Beta Kappa. Amy serves on the Internal Revenue Service Advisory Committee on Tax Exempt and Government Entities (ACT). Amy is a former member of the Disaster Action Team of the Central Maryland Chapter of the American Red Cross and is qualified to provide disaster preparedness training to children and adults. She has also served as the former President of Central Maryland CAN TOO and was a member of the Board of Trustees of the largest United Methodist Church in Baltimore City. She serves on the board of her children’s preschool PTA and is a volunteer with the Girl Scouts of Central Maryland. Amy is currently leading an effort to establish an endowment for the Virginia Tech University Honors Program.