By now you’ve likely read about the Blackbaud data breach. Blackbaud is a top cloud software company that serves the nonprofit sector. Thousands of nonprofit organizations in 60 countries use Blackbaud’s cloud technology for fundraising, financial management and more.

That’s why so many were alarmed by Blackbaud’s late July announcement of a May security breach by hackers into its systems. In a statement on the incident, Blackbaud said its cyber security team had stopped a ransomware attack by cybercriminals attempting to lock the company out of its servers.

The firm’s team, along with independent experts and law enforcement, expelled the cybercriminals from Blackbaud’s system. But the intruders succeeded in removing a copy of some customer data, according to the statement. Though the data did not include financial information or social security numbers, Blackbaud paid a ransom to ensure the copy of the data would be destroyed.

This report comes in the wake of a Twitter hacking incident in mid-July, when high-profile Twitter accounts were taken over by hackers. Twitter security engineers had to shut down access to the platform for its verified users for several hours.

These two incidents are sobering. If such large players as Twitter and Blackbaud can be breached, what hope have smaller organizations with possibly less sophisticated cybersecurity measures?

This concern extends to nonprofits just as much as to for-profit companies. You might think your nonprofit doesan’t have any data worth stealing. But do you have any data that you couldn’t operate without? Cybercriminals aren’t just looking to steal data, but to lock organizations out of their own databases with ransomware.

Data Security for Nonprofits

So what’s the data security takeaway from these incidents?

We should certainly exercise caution in choosing service providers. But even highly regarded companies are vulnerable to attack.

So often cybercriminals bypass a system’s defenses through human error, and that is something we can seek to address within our own organizations.

We should seek to learn from every security breach that is in the news. You might want to assign someone on your team to report back on questions like these:

• How did the hackers get in? Where was the vulnerability?
• What do our people need to know in order for us to avoid a similar breach?
• Do we need to upgrade our security technology? Time to call an all-staff data security refresh?
• What is our response plan in the event we get hacked? Do we have a go-to emergency tech team? How will we communicate with donors and other stakeholders?

With our constantly increasing reliance on cloud computing—and with so many working from home this year—the stakes are too high to just hope that even small or medium-size nonprofits won’t be targeted. Spend the time to take stock and take action to keep your data secure. And create a plan for how you’ll respond in the event there is a security breach.

Photo by Calvin Ma on Unsplash

Bill High

Bill is CEO & Founder of Vyne Legacy. He works with families to equip them with tools to build multigenerational legacies, and he teaches givers and financial advisers on transformational biblical generosity. He is the co-author with David Green of Giving It All Away and Getting It All Back Again: The Way of Living Generously.

Published August 5, 2020

Topics: Nonprofit Development

DonorsNonprofits