The Cyber Peace Institute calls nonprofits “cyber poor, data-rich.” According to the Tech For Good 2023 report, 27% of nonprofits worldwide have experienced a cyberattack.
This combination of enticing targets and low preparation for cyberattacks makes nonprofits especially vulnerable. Whether hacking, phishing, email scams or other forms of cyberattack, nonprofits fall victim to them the same as for-profit companies, but often lack the tech resources to ward off attacks or fight back.
This is where having a security champion in your organization can help. A security champion is a member of the team who takes on added responsibilities for cyber security. Even if they do not have advanced training in this field, they can still do a great deal to help your organization fend off, prepare for, or respond to an attack. Here’s how appointing a security champion can benefit your organization.
Keeping Security Top of Mind
The main responsibility of a security champion is to keep cybersecurity at the forefront of the entire organization’s mind.
Everyone is busy, and it’s easy to forget about cyber security amid a workday with phones ringing, emails and text messages every minute, meetings and more. The cyber security champion ensures that everyone, in every department, is aware of the latest threats, understands how to spot them, and knows what not to fall for when criminals come knocking at the virtual door.
These responsibilities may include:
- Education: Many cyberattacks succeed not through sophisticated technology but by tricking employees into divulging passwords and other sign-on credentials. Security champions spend time learning the tricks, then teach their teammates how to spot and avoid them. This education is ongoing. It is never “once and done.” It raises awareness of potential threats and teaches everyone how to spot and avoid them.
- Best Practices: Criminals find new ways to infiltrate systems and steal data. The security champion reads up on the latest findings and ensures that everyone is aware of the latest best practices.
- Risk Assessment and Threat Modeling: The champion identifies potential risks and provides threat modeling and risk assessment.
- Incident Response: Security champions create incident response plans. They evaluate risks and provide a framework to respond if a breach occurs.
- Other areas in which a security champion may be helpful include security evaluation, code testing, and continuous improvement suggestions.
But My Organization Is Too Small for a Security Champion!
No organization should take cyber security for granted. The average cost of a data breach, according to IBM and the Ponemon Institute, is $4.45 million dollars. And while you may do all the right things to protect against a breach, including appointing a security champion, the risk remains. It is vital for nonprofits to take every possible step to prevent cyber security breaches, and having a champion on the team is a good step towards achieving this goal.
Welter Consulting
Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact us for more information.
Recent Comments