510(c)(3) organizations need to focus on security to succeed
Security is a concern for organizations in any industry. While it is often discussed in the context of governments and private-sector companies, nonprofits need to be just as vigilant when it comes to understanding the need for data privacy and implementing solutions to keep critical information safe. Here are the five items that nonprofit leaders need to think about when it comes to IT security:
1. Ensure that stakeholders understand how to update or transform their approach to security
For nonprofit leaders and stakeholders, the message cannot be clearer: transform your thinking and transform everything you can! This sounds like a tall order for organizations that typically do not have the technology budgets of larger organizations; however, let the thinking — not budget concerns — lead the conversation. There are plenty of good security options that will not break the bank… you just need to find them!
2. Discuss modern methods of managing patching, updates, vulnerabilities and exploits that can create problems
It is easy to get caught in a loop when it comes to IT, especially in nonprofits where the goal is to use every possible dollar to support the cause. But a lack of funds should not create a blind spot when it comes to data security. Make sure that your IT team or external consultant is up to speed on the latest ways that hackers are using to access your critical information and disrupt your operations.
3. Assess your environment – do not just guess
We need facts to make smart decisions. Look at how your servers, networks and databases are running or being maintained, and see how they are protected. Test the process a bit from the “inside in” and the “outside in,” so you can know for sure exactly what is going on and make sure that everything is properly configured for efficiency and security.
4. Document your current security landscape and change your roadmap to keep it fresh
Once you know what your security situation is, be sure to write it down. Not only does this help with continuity, but it also prevents misunderstandings and disconnects that can create chaos – or worse. Documentation is key to long-term visibility and needs to be part of any meaningful approach to security.
5. Roadmap future states and check in often
Chances are that you are going to find things in your current security set up that you are going to want to address. That is great! The next step is to document them so that you have a clear roadmap to get from Point A to Point B. However, that is not the end of the journey; it is just the beginning of the process. You should have regular check-ins to ensure that you are pointing in the right direction and are meeting your interim goals.
What is the most valuable asset of your nonprofit? Is it a donor database, or a tangible asset or item that lets you provide a unique service? That is the item you want to protect most so that your “secret sauce” does not end up in anyone else’s hands. As Steven Covey says, if we all started “with the end in mind,” we would likely pick the best tools, processes, and people — and build an “easy to use Fort Knox.” Let us start there and see if there are better approaches, rather than locking everything down or opening everything up.
Interested in learning more? Then you will want to attend our upcoming webinar:
IT and Security Modernization webinar for Nonprofits
Join our IT and Security Advisory partners, Sara A. Lynn and Michael Sellai, for a webinar on May 12th. Learn about the latest threats and vulnerabilities to nonprofit organizations that challenge IT and security functions. They will help you understand how to keep your systems up to date and what transformations need to occur. With an emphasis on modern scanning, exploits and tracking remediation, our team will walk you through what you need to know to encourage modernization within your organization.