Non-Profits & Cyber Risk: Ignorance is Not Bliss.
Alison McMahon, B.HRLR, GCB.D
Executive, Board Member, Human Capital Strategy, Governance Excellence
When it comes to the safe handling and storage of data, ignorance is not bliss. A board of directors has key responsibilities when it comes to this topic.?
Cybersecurity is not a new term, but it’s one that many people don’t truly understand. I get it; it’s a bunch of technical jargon that can be hard to contextualize. But just because you don’t understand the risk doesn’t mean it’s not present.?
This is especially true for non-profit organizations. Many non-profits don’t have the funding and resourcing to identify and mitigate cyber risks effectively. This means that many nonprofits and charities have low security environments and lack of awareness, making them easy targets for bad actors.?
Boards need to take a leadership role in ensuring that the organizations they govern have considered cyber security risks and put processes in place to manage these risks. To preserve the long term health of an organization, boards must oversee the implementation of cyber security strategies and response plans. This includes adoption of technical applications, training employees, and establishing a culture of cyber awareness.?
Security breaches lead to the theft and misuse of private information, which could include personal contact information, medical records, financial details, service delivery records, opinion data, and sensitive donor information. Additionally, a cyber breach can lead to disruption of key operating systems for extended periods of time. This can lead to financial loss and serious reputational damage.?
For example, the Toronto Library was hit with a cybersecurity attack in October 2023, disrupting systems and technology across more than 100 branches. Users were unable to place holds on books, access their accounts or use computers on site for months following the attack.?
领英推荐
The Salvation Army was hacked and fraudulent emails were sent to the City of Ottawa about changing bank account information for an upcoming payment. The hackers impersonated the Executive Director and the organization's web domains. This resulted in over $558,000 being transferred to a hackers account.?
Why do cyber attacks occur? It can be motivated by many factors from financial gain to pure malice.?
There are many steps that a Board of Directors can take to manage cyber security risks.?
Finally, considering cyber insurance as a part of the risk management strategy can provide a financial safety net against losses from cyber incidents. While not preventive, it offers financial protection, supporting business continuity and preserving reputation post-incident.?
Chief Product Officer & Co-Founder at Kovrr
5 个月Well said! Boardrooms, in any industry, need to start taking a more proactive role in cybersecurity managment. Even considering limited resources, cyber risk management is going to be one the most strategic moves a board can take. Cyber attackers don't discriminate simply because the organization is an NGO. If there's something to be gained, and it's likewise easy to gain a foothold in the network, then these actors are going to find the target attractive. Cyber risk is a business risk, and boards need to start treating it as such to safeguard their organizations.
Senior Software Developer
5 个月Meanwhile, there are many highly educated professionals who can’t find jobs because the private and public sectors still don’t realize how important this is. Hari Sourabh Konkimalla