Foundations are understandably tight-lipped about cyberattacks. Because of the sensitive nature of the breached data and fear that broadcasting a hack might invite more attacks, it’s not often that we hear about cybersecurity threats in philanthropy. But it can happen to anyone, anywhere — and it happens more than you might think.
Rather than waiting to be a victim, foundations should address these issues proactively, and that means acknowledging vulnerabilities, educating yourself, and making a plan.
Educate Yourself To Secure Your Foundation’s (And Your Grantees’) Data
A foundation can only continue to make an impact if its data remains safe. Data security should be a standard practice for all organizations, but inadequate risk management practices often leave foundations and their data unnecessarily exposed. Don’t let it happen to your foundation. Educate yourself by learning these seven commonly used cybersecurity terms:
PHYSICAL SECURITY includes tangible threats such as a lost device or an unauthorized office visitor.
SOCIAL ENGINEERING is when hackers interact directly, like posing as a vendor to get staff members to volunteer network passwords.
PHISHING is when hackers send official-looking emails with links that expose the machine to attack when clicked.
THIRD PARTY IDENTITY PROVIDERS are external multifactor authentication measures that prevent hackers from accessing the system with stolen credentials.
SESSION TIMEOUTS are forced logouts due to inactivity or prolonged time within a system. Timeouts help prevent online sessions from being hijacked while users are away from their computers and prevent old sessions from remaining logged in on shared devices.
USER PASSWORD SETTINGS are authorization measures, like strong passwords, that are used to authenticate user access to a system. Passwords should be longer than eight characters, difficult to guess, and changed routinely (at least once every four months) for optimal security.
SECURITY ASSERTION MARKUP LANGUAGE (SAML) is an open-standard data format that integrates third-party identity providers for more secure data exchanges between the provider and its client.
Data allows us to be better grantmakers, and careful stewardship of that data is vital to that goal. Foundations should have the utmost confidence that the data collected from grantees is safe, and grantees need to trust that the data they submit remains private. The last thing foundations want is to hurt the organizations they are trying to help.
Developing a strong data security plan will help you gain that confidence. Now that you’re up to speed on the top seven cybersecurity terms terms, download the 5 Steps to Creating a Failsafe Data Security Plan for Your Foundation. There’s no time like the present to begin planning!