Why cybersecurity and nonprofits?
Ericius Security builds cybersecurity programs where they don’t exist, and we specialize in high-risk nonprofits.
Why cybersecurity and nonprofits? The short answer is that cyberattacks effect people. When computers are under attack, people are under attack.
The long answer is that cybersecurity should be part of your overall risk management and operations security efforts. These efforts are about mission success, good stewardship, and safety.
Cybersecurity contributes to mission success in a variety of ways. The most obvious way is that it allows you to retain control of your digital assets and use them the way they were created to be used. It also supports success in more subtle ways, such as protecting trust between your team members when they are communicating by providing ways to verify people are who they claim to be.
Risk management and security may seem like they distract from the mission—they’re simply overhead. But in reality, they are part of good stewardship. When people donate to a cause they want to see their money go as far as possible to create a positive impact on the world. You aren’t stewarding money well if you leave what you have unprotected for thieves. Investment in cybersecurity can prevent predictable problems and lessen losses. It’s still technically overhead, but it’s less overhead than the chronic costs and loss of trust stemming from breach.
Finally, cybersecurity supports member safety and care. Good security efforts can actually help reduce the sense of fear and paranoia your team may face by giving them a calibrated sense of what actually might go wrong (and what probably won’t go wrong). That tangibly reduces stress. It also shows your team you’re resourcing them and are concerned about their safety. It’s also a safety feature because it helps you retain control over information. We tend to think about cybersecurity and critical information in terms of reducing identity theft and fraud, but it can also help protect the locations of safe houses, the names of sources, and the nature of high risk/reward efforts.
People tend to decide cybersecurity is worth considering at different times during the life of their missions and businesses, but most commonly they’re either preparing to go work in place particularly well known for cyber-crime, are just recovering from a breach and want to prevent it from recurring, or are reaching their teenage years and starting to formalize and improve their processes and policies—risk management is generally top of mind for boards at this stage, especially if it was ignored during the start-up years.