In the wake of the Marriott hotel security breach that exposed not only exposed personal information for their customers, but also passport numbers and credit card payment information, it’s worth mentioning that your organization should have several measures in place to handle threats and be prepared to react accordingly in the event of a breach.
In a timely announcement, the Nonprofit Technology Network, in conjunction with Microsoft, polled more than 250 nonprofit organizations with an eye toward taking a base reading on the state of cybersecurity preparedness.
The survey attempted to measure:
- The policies and procedures nonprofits have for who and how people can access systems.
- To what extent nonprofits are using technology to protect their systems.
- The type of training is offered to nonprofit staff.
- How nonprofit operations contribute to cybersecurity vulnerabilities.
Some notable findings include:
- Over 70 percent of respondents have backup policies, enabling them to get back on their feet after an incident (FYI, be sure to check out ArtsHacker’s article on Website Policies for some resources on where to generate privacy and data breach policies).
- 68 percent do not have documented policies and procedures in case of a cyberattack. #NotGood
- Only 1/3 of respondents provide employees with cybersecurity training on an annual or more frequent basis.
The report’s press statement headline pretty much sums up where we are as a field: “Nonprofits recognize cyber threats, but challenges remain.”
That’s a nice way of saying most organizations need to do more and to that end, their report is a good place to begin.