We
all know that securing our data is important, but we often don't know where to
start. To help, Microsoft has published a useful white paper.
The paper is entitled Nonprofit Guidelines for Cybersecurity and Privacy (PDF). It describes areas where nonprofits are struggling and solutions in the cloud that every charity can use.
Cybersecurity Has Become a Requirement for Charities
Nonprofits have an obligation to their donors, staff, and beneficiaries to provide the best digital security available. The European Union has already ramped up its data privacy requirements with the EU Data Protection Directive, and even stricter guidelines are coming soon.
Keeping your data secure is quickly becoming (or already is) a legal requirement. Furthermore, governments and private donors are enacting minimum data security requirements for their beneficiaries. In these cases, following the guidelines outlined in Microsoft's recent report might even help you retain your funding.
Cybersecurity in the Nonprofit Sector
Through its partners TechSoup and NTEN, Microsoft recently conducted a survey among a selection of nonprofits to get a clearer picture of their cybersecurity. The results showed that nonprofits are falling short in several key areas.
- 60 percent stated that they did not have or know of an organizational digital policy that would identify how their organization handles cybersecurity risk, equipment usage, and data privacy.
- 74 percent reported that they did not use multifactor authentication to access email. Multifactor authentication is a critical security step in ensuring accounts are not compromised even if passwords are stolen.
- 46 percent reported that they regularly used wireless printers, webcams, and other Bluetooth and wireless devices. Unsecured wireless devices on a network provide an entry for attackers; these devices must be actively managed and regularly updated with required software patches to ensure security.
- 92 percent stated that their staff could access organizational email and files using their personal devices. The remaining 8 percent that did not permit staff to use personal devices for work reported that staff did it anyway.
Microsoft uses the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework. It strongly encourages other organizations — especially particularly vulnerable nonprofits — to do the same. When using the NIST framework, Microsoft suggests that organizations should focus on the following in order to achieve comprehensive cybersecurity.
- Identifying cybersecurity risks
- Protecting against cybersecurity threats
- Detecting cybersecurity incidents
- Responding to cybersecurity incidents
- Recovering from a cybersecurity incident
- Implementing specific, high-value security controls
Getting your organization up to speed can feel overwhelming. However, many cybersecurity problems can be addressed through cloud computing.
Solutions in the Cloud
One of the advantages of the cloud is the use of off-site datacenters for all your organization's data protection and data management needs. Connecting to remote servers that are maintained, managed, and updated by off-site professionals can eliminate the need for keeping servers on-site. Thus, cloud computing can remove the burden of physically taking care of on-site servers. This benefit, in turn, allows you to allocate your resources toward other security tasks.
Additionally, cloud-based servers are scalable, so you only pay for the space you need, when you need it. The related savings can free up budgets for cybersecurity prevention measures as well as other investments.
To learn more, download Nonprofit Guidelines for Cybersecurity and Privacy (PDF) to find out which resources are the best fit for your organization.
Data Privacy Challenges
Most businesses today collect massive amounts of personal data, and nonprofits aren't any different. Donors, beneficiaries, employees, and volunteers are all relying on your organization to be the gatekeeper of their sensitive information. That's especially true considering the increasing threats cybercriminals pose across the globe.
Given the scope of this concern, nonprofits need know more about the state of data privacy requirements and best practices. NetHope, an international nonprofit that promotes and supports the use of technology in the nonprofit sector, sponsored a study that assessed this awareness. Alarmingly, the 10 nonprofits included in the study were given the lowest possible marks with regard to their data protection measures.
A Microsoft survey of nonprofits also shows that nonprofits are currently struggling with protection of their data.
- 62 percent of respondents reported that they did not have, or were unaware of, policies that clearly identify personal data (whether of staff, beneficiaries, or donors) among the other data the nonprofit collects.
- 64 percent of respondents also reported that they either did not educate, or were unaware of educating, beneficiaries or donors on how their data was used and stored.
Microsoft's report outlines a blueprint for organizations to follow as they begin the process of better securing their data. Securing data helps nonprofits to avoid the risks that are associated with falling out of line with evolving data privacy requirements.
The report explains: "Nonprofits can mitigate [these risks] with a few basic steps. This includes determining when and for what purposes they collect and store personal data; identifying applicable data protection laws and assessing their requirements; and adopting appropriate policies, procedures, and organizational safeguards for data. Cloud computing and other technical solutions can often help to facilitate these processes."
Increasing Data Privacy with Cloud Computing
Cloud-based servers are often armed with the most up-to-date features, including
- End-to-end encryption, both internally and in transmissions between the customer and cloud center
- State-of-the-art physical security of datacenters, including 24-hour surveillance, physical access controls, and multiple layers of perimeter protection
- Compliance with international security and data protection standards such as ISO 27001 and ISO 27013
More detailed information on how to improve data privacy measures at your nonprofit is available in the privacy section of the Microsoft report.
Cybersecurity and data privacy are more important now than ever before, and it's imperative that the nonprofit sector as a whole gets up to speed. Limited budgets, staff, and time are all issues that nonprofits grapple with each day. However, these challenges do not diminish the need to take immediate action in order to achieve a higher standard in protecting digital networks. It's time to start taking the necessary steps to keep data private and secure.
Additional Resources on Cybersecurity and Privacy in the Cloud for Nonprofits
