It seems like every time you turn on the television or browse the Internet, there’s word of another data breach. Even big companies who specialize in offering secure services like email aren’t immune. Hundreds of thousands of records are compromised each year, causing embarrassment to the companies affected by the data breach and heartache for those who are the victims of identity theft.
If you think your nonprofit is exempt from cyberattacks and data breaches, think again. Many nonprofits collect sensitive information that criminals would love to get their hands on: donor names and addresses, email addresses, credit card information. Passwords are also a hot commodity for criminals since they can be resold, and many people reuse their passwords across multiple sites. Any data that can be stolen from your organization puts you at risk, as well as your constituents at risk, for big headaches later.
There are many things that you can do as part of your accounting for nonprofits work that helps secure data and prevents theft. The following tips can help you manage the situation to stop problems before they start and handle them effectively in the unfortunate event that you do face a major data breach.
Tip 1: Find all your data sources.
You collect more data than you think. The first step to secure your data is to find and inventory all potential sources of data within your nonprofit.
Some of the more common areas where nonprofits collect data include:
- Account set up: Do you encourage members to participate in online forums or set up an account profile on your site? That’s an area that collects a great deal of data.
- Forums and chat rooms: Forums and chat rooms often require an account and these accounts collect more personal information from users during the set-up process.
- Membership purchases and renewals: If people can join your organization through the website and fill out a membership application form, that’s another data source. Credit card information may also be collected via such forms.
- Online stores: Member-only stores or online stores where your nonprofit sells items collect personal data, including mailing addresses, as well as credit card information and email addresses.
- Employee records: Employees records include social security numbers and other information that could lead to identity theft.
Once you’ve listed all the places where your organization collects data, it’s time to find the best ways to protect it.
Tip 2: Create a data ethics policy.
A data ethics policy is an organization wide policy that spells out which data is collected, how it is stored and shared, and who may access it. Establish data-use goals and create a privacy policy for your organization. There are free privacy policy generators online that can help you easily and quickly set up an Internet policy for your website.
To create your data ethics policy, you can:
- Establish guidelines for who can access data and how it may be accessed.
- Create a shareable privacy policy and post it to your website.
- Assess the risks after reviewing your data inventory. If there are any gaps in your online security, take steps now to fix them.
- Add anti-virus software to your systems and servers.
- Update your computer programs frequently. Companies issue patches and updates to fix problems and to close any gaps in the software’s programming that hackers have learned to exploit. Forgetting to update your programs leaves these gaps open to attack.
- Perform due diligence on your data, especially if third parties have access to it. If you use an external fulfillment vendor or a drop shipping vendor for items ordered over your website, check on how they’re using and storing customer data. Make sure it aligns with your policies and directives.
- Review mailing list protocols, especially if you use a list vendor or broker to mail our donation requests and other materials. Third-party mailing houses or email list vendors who send materials on your organization’s behalf should also be checked to ensure that data is being handled securely and carefully.
Tip #3: Create an action plan.
The last step is to create an action plan to manage your data security year-round as well as prepare for any potential data breaches. Although the IT department may be a good place to start with such a policy, accounting for nonprofits often means that the accounting department takes charge of such procedures. If so, your team should become well-versed in all the issues pertaining to data security and risk.
When it comes to preventing bad things from happening to good nonprofits, an ounce of prevention is always worth a pound of cure. Take steps now to prevent a data breach and ensure that the data your nonprofit collects remains safe.
Beck & Company: Accounting for Nonprofit Success
If you struggle with your accounting for nonprofits, Beck & Company can help. We are a CPA and business advisory firm dedicated to the nonprofit sector. Our many years of experience can help you update your financial compliance or handle all types of accounting for nonprofits. Please contact Beck & Company today for further details.