Nobody really wants to deal with cybersecurity.
Everything about cybersecurity is complicated. The risks can be abstract and complex. Solutions can be time consuming and expensive. Failure may not be noticed for months, and it could result in catastrophic damage to your constituents, your mission and reputation. The cybersecurity risks are real to targets both large and small. While you consider yourself a small organization, for someone three continents away, you are a rich easy target.
You owe it to your donors, your volunteers, your employees –all of your stakeholders - to take adequate protective measures for your organization.
As big and scary as the cybersecurity risks are, your preparation doesn’t need to be too complicated and too expensive. People tend to put off doing something about cybersecurity because they are not sure where to start or what to do. It doesn’t help that cybersecurity vendors amp up the panic, fear, and pricing around cybersecurity.
Your cybersecurity playbook should be straightforward:
- Decide the value of the assets you want to protect.
- Determine what risks you face – to your constituents, to your donors, to your mission, to your reputation.
- Build strong active defenses using industry proven best practices that fit with asset values and risks. Know what walls to raise.
- Educate your stakeholders on risks and how to recognize them.
- Create and practice a disaster emergency plan – this is where the “money” is. A good plan will avoid panic and significantly cut the impact to individuals and your financial exposure to your organization during a breach. Your plan and practice should address stakeholder communications to mitigate public humiliation and loss of trust. Though your plan may have gaps, it will help give you the process and structure to keep presence of mind and regain control.
ECHO doesn’t make cybersecurity tools. We have a healthy perspective on what constitutes adequate protection and what a reasonable price looks like, particularly for nonprofits. We’re more than happy to chat with you about this any time. Maybe we can start with a simple cybersecurity scan to give you an idea of how exposed you are. Just call or email us.