In its most recent report, the National Center for Charitable Statistics stated that more than 1.56 million nonprofits were registered with the Internal Revenue Service in 2015. This contributes an estimated $985.4 billion or 5.4% of the Gross Domestic Product (GDP) of the US economy. Given their significant contribution to the GDP, nonprofit organizations have not been included in the development of best practices for cybersecurity systems. To date, they have been exclusively developed for commercial businesses. Typically, nonprofits have not been viewed as a lucrative market by for-profit security solutions or that they have an immediate need, as observed by the anecdotal response of, who would cyber-attack a nonprofit, what do they have to steal?
We think about this every day but also realize it’s not that simple to unravel. So, let’s start at the beginning.
You may have seen both terms used a lot in the news and often interchangeably, with cybersecurity the front runner.
At Sightline, when we onboard a new nonprofit member, we begin with breaking down the difference between information security and cybersecurity. We have found that by simply stepping back and breaking down these standard and confusing terms, our members immediately start to see a path forward. Suddenly, they say, “we can improve the security of the information in our organization.” Because they can see it.
Here’s a quick glimpse of how the conversation goes.
Before we dive into fixing and figuring out what cyber or information security tools, systems, processes, training, etc., you need, let’s start by understanding what we are protecting.
Cybersecurity, which we hear a lot about in the news, is defined as the “prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.” With Sightline members, we explain it as a wide-open space, where there aren’t clear boundaries, laws, regulations, systems, and more, where it’s difficult to define and understand, where you can’t put your mind around it.
So how can we talk about securing it? From the outset, many organizations begin to experience overwhelm even at this state.
But consider for a moment.
Information security is “the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.” Taking this a step further, think about what information you have in your organizations. Is it captured on paper or in digital form? Information like addresses, names, phone numbers, photos, and more. Information from donors, staff, volunteers, supporters, members, people your nonprofit serves, and more.
There is a common thread in these definitions. And it’s core to how we, as security professionals, look at protecting information.
What does that mean? Making sure someone or something does not alter the information, and it remains accurate (un-altered).
What does that mean? Only the people who need to see or work with certain information have access.
What does that mean? Making sure that the steps to keep information secure doesn’t get in the way of doing business.
The best way we see for nonprofit and mission-based organizations to address cybersecurity is to not focus on it – but to focus our efforts and time on understanding what information is vital in your organization and taking steps to secure it in a cyber environment.
Try this for one day:
Join us for the first of three interactive webinar events where we break down the language and complexities of cybersecurity and give you practical business geared approaches you can do today to improve the safety of the information inside your organization. Also, we will provide answers to some of the most critical questions nonprofits of all sizes and missions are asking. We will give you useful next steps to help you balance cyber investments at your organization.
By investing in this time with us, you will walk away with:
Sightline Security is a 501(c)3 nonprofit organization, like you, missioned to help other nonprofits embrace cyber and information security with confidence. We are excited to share insights gathered through our work with our nonprofit members and break down the myths and misconceptions about cybersecurity in nonprofit and mission-based organizations. If you have any questions about this post or our work, please feel free to reach out.
The post Breaking Down the Confusion: What is Cybersecurity really? appeared first on Nonprofit Hub.