Non-profit organizations collect, use and disclose personal information just like any other for-profit industry. However, non-profit organizations often don’t have the same resources to devote to data security as their for-profit counterparts. The risk is the same, but the ability to defend and respond is more challenging due to more limited resources that can be devoted to cybersecurity protections.
This week the Federal Trade Commission (FTC) announced cybersecurity resources for non-profits through its FTC.gov/Cybersecurity website, which provides tips on 12 different topics geared to non-profits, including ransomware, phishing, physical security, vendor management, email authentication and other technical considerations.
The guidance emphasizes three basic cybersecurity tips:
- “Use security software and set it to update automatically
- Back up important files offline on an external drive or in the cloud
- Encourage your organization to have policies covering basic cybersecurity and to train employees on those policies”
Non-profits can be devastated by a security incident, breach, or data loss. Cybersecurity measures to protect high-risk data from loss and exfiltration is a priority for non-profits just as much as for-profit entities.