As a leading tech support company in New York City, our IT solutions are custom-fit to a rapidly evolving workplace and enterprise environment. Our IT services are specifically designed for growing outfits who expect rapid response, full-spectrum solutions for their challenging IT frameworks and business operations. We’ve become the choice of many small and mid-size business outfits — including not-for-profits in NYC — who need closely-managed IT monitoring and maintenance. Our managed IT services platform gives NYC non-profits Cybersecurity solutions that truly “cover it all,” available in one all-inclusive service package!
Talking Cybersecurity for Non-Profits in NYC
If your Non-Profits in New York engages in any of the three activities below, it’s time to get serious about taking steps to address cybersecurity risks. Does your non-profits:
- Conduct e-commerce on its websites, such as processing donations or event registrations?
- Store and transfer (such as by sending to the cloud) “personally identifiable information,” about anyone, including donors? (Common examples of personally identifiable information include: clients’ medical information; employee records, including drivers’ licenses, addresses, and social security numbers.)
- Collect information on preferences and habits of donors, patrons, newsletter subscribers, etc.?
What are the realistic cybersecurity risks faced by your non-profit organization? Data breaches that are both likely to happen and can result in serious harm fall in the “high priority” category. Many NYC nonprofits collect and store sensitive personal information that is protected by law as confidential. When the confidentiality of such data is breached, it poses a risk for the individuals whose data security was compromised, and for the non-profits that will now potentially be subject to liability for the breach.
It makes sense, then, for every nonprofit in NYC to, at the minimum, assess the risks of a data security breach, and protect its data from unauthorized disclosure.
For Further Reading:
- Nonprofit cybersecurity: Why pay attention?
- It’s 2018: Do you know where your nonprofit’s cybersecurity is?
The Nonprofit Technology Network (NTEN) suggests that the first step in assessing your nonprofit’s data risks is to take inventory of all the data your nonprofit collects and identify where it is stored. NTEN offers a template assessment tool; and here is a simple one-page inventory tool from Digital Impact.IO for the same task.
These inventory tools ask questions such as:
- What data do we collect about people?
- What do we do with it?
- Where do we store it?
- Who is responsible for it?
Think about the cost vs. benefit of maintaining all that data. You may find that there is data your NYC nonprofit is currently asking for and keeping that it doesn’t really need to. If so, reducing or limiting the data that your nonprofit collects, and streamlining the storage process (as well as diligently destroying data in accordance with your NYC nonprofit’s document retention policy) could be easy first steps towards mitigating risk.
Second, know whether the data your nonprofit collects and maintains is covered by federal or state regulations as “personally identifiable information.” If so, forty-seven states’ laws require nonprofits to inform persons whose “personally identifiable information” is disclosed in a security breach, and 31 states have laws that require disposal of such data in certain ways.
Additionally, the Federal Trade Commission’s Disposal Rule also requires proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” Protecting personally identifiable information is all about training staff how to collect/store/dispose of and generally protect such data.
Even if you are collecting data that doesn’t rise to the level of “personally identifiable information,” such as a community theatre collecting information on attendees’ preferences for plays or musicals, a breach of such data can be harmful to your organization’s reputation and ability to bring in contributions. All data reflecting personal preferences are important to keep secure.
Third, consider using the US National Institute of Standards and Technology (NIST) Cybersecurity Framework to help your nonprofit identify risks, and make management decisions to mitigate those risks. This framework is not intended to be a one-size-fits-all approach but to allow organizations to manage cybersecurity risks in a cost-effective way, based on their own environment and needs. (Krantz can help guide you on NIST requirements.)
Consider also the likelihood of some cybersecurity risks: What is the risk of a third party compromising the data security of your NYC nonprofit organization? Many nonprofits use outside assistance, such as an outsourced bookkeeper, IT consultant, payroll service, or even a cloud storage service. If any of these third-party vendors do not employ adequate data security protection, the nonprofit’s data security will be at risk.
Other types of third-party access might include a donation-processing service or any outside professionals with authority to access the administrative side of an NYC nonprofit’s website or shared electronic files. Consequently, when hiring third-parties for any projects that involve data access by the vendor, make sure that you are satisfied with the firm’s data security protocol. (Krantz has provided companies such data security protocol for decades!)
Here is a set of questions developed by Digital Impact.IO as a starting point for questions to ask the vendor about their approach to data security.
Will hackers infiltrate your NYC nonprofit’s website?
Hackers can access your NYC nonprofit’s site through a security breach, and transform it into something you would not recognize, like an online pharmacy.
How likely is this to happen?
That depends on the strength of the security of individual NYC nonprofits’ websites and how consistently users follow strong password protocols. How serious are the risks? Typically, the main website remains intact, but the hackers create additional content that can’t be good for your nonprofit’s reputation – or Google analytics. So, on balance, a site takeover does not create the same type of liability risks that other security breaches do, but cleaning up the mess can be time-consuming and costly.
Managing these cybersecurity risks is much like brushing your teeth. We all need to get in the habit of keeping software updated and being vigilant about usernames and passwords (example: Using “admin” as a username creates vulnerabilities, say the experts.) Regular maintenance can go a long way towards reducing this and other data security risks.
Do you Need Cybersecurity Liability Insurance?
Insurance policies are available to cover losses from breaches affecting a nonprofit’s own information and losses affecting third parties’ information (such as patients/clients, and donors). The types of losses/expenses that cyber insurance can cover range from the cost of notifying all the folks whose information may have been comprised; to the cost of content repair, such as repair to a hacked website; to the cost of hiring a PR whiz to help your nonprofit recover its reputation after a severe security breach. There are even some policies that address business interruption in the event a cybersecurity breach is so severe that it forces the nonprofit to temporarily suspend operations (an unlikely outcome, according to some experts.)
Do you need cybersecurity insurance? Your state association of nonprofits may be able to help you identify an insurance professional with expertise in providing insurance for charitable nonprofits. Krantz Secure Technologies can also help you locate (or establish) a good cybersecurity policy.
According to the Nonprofit Risk Management Center, there are three keys steps to take before deciding whether to purchase cyber-liability insurance: (1) Understand how a breach of privacy claim could affect your nonprofit; (2) Work with a knowledgeable insurance agent or broker who not only understands how different cyber liability policies differ in their coverage but also understands your nonprofit’s operations and activities well enough that s/he can break down your nonprofit’s exposures with you. Choosing insurance products should be a collaborative effort with your nonprofit’s broker/agent; and (3) as with all insurance, take a hard look at the cost of the annual premium (if it’s too high, consider a Security as a Service specialist like Krantz instead.).
Yes, the idea of someone hacking your nonprofit’s website or data storage is unnerving, but in today’s world, such incidents have become practically commonplace. Failing to assess and address cybersecurity risks is like failing to brush your teeth: Would you rather change a password or go to the dentist, i.e. a computer security specialist on that preventative point?
[Source credit: Nonprofit Quarterly, CouncilOfNonprofits.org]
How Krantz Helps NYC Nonprofits with Cybersecurity Readiness
Whether it’s just for a check-up, an annual review, or complete overhaul of your IT systems, we collaborate with fellow Manhattan companies to implement longer-term, more preventative strategies that ensure deeper security, compliance readiness, and optimal computer network performance and productivity. New York firms (including many NYC nonprofits) also enjoy our fixed-rate billing that makes budgeting managed IT services as easy and predictable as paying the monthly light bill.
Call Us Now to Lock-in the Managed Services and Cybersecurity NYC Nonprofits Demand
More and more companies are seeking us out as the top managed IT services in Manhattan – for many reasons. And, with our ultimately customizable IT solutions for businesses of all shapes and sizes in NYC, our satisfied client list is growing fast!
Manhattan IT company Krantz Secure Technologies provides the best managed IT services for businesses in throughout Greater NYC. Call us today at (212) 286-0325 or email us at [email protected] to lock-in the diligent tech support you deserve and demand – including reliable and effective cybersecurity for NYC nonprofits!