As cybercrime rises, nonprofit organizations face a challenge: how can they keep their stakeholders’ data safe from ever-evolving security threats? With 50% of non-governmental organizations (NGOs) reporting experiencing a cyberattack in 2021 and nonprofit breaches increasing by 300% in 2020, the research is clear: nonprofit organizations, especially those without proper protections in place, make an attractive target for internet-savvy criminals.
This may come as a surprise to some, as leaders often assume that cybercriminals would primarily target their for-profit counterparts. However, various factors contribute to position NGOs as a popular target for cybercriminals, including:
- Lack of readiness: NGOs have historically deprioritized cybersecurity despite the increasing rate of attacks. Research shows that more than 70% of nonprofits have not run even one vulnerability assessment, and only 20% have cybersecurity policies in place in the event of an attack.
- Substantial annual giving: Bentz, Waley, Flessner, and Associate’s (or BWF’s) Giving USA 2023 report states that giving in 2022 totaled $499.33 billion, with individuals donating 319.04 billion. While BWF does note that this is a 3.4% decline in overall funding compared to 2021, it’s still a significant chunk of capital with minimal protections in place.
- Insufficient security frameworks: Due to various factors such as limited funding and competing priorities, many nonprofits are reluctant to invest in technology and additional measures to establish a robust security framework capable of addressing evolving cybersecurity threats. As a result, they often lack the necessary resources and defenses to protect their sensitive data adequately.
In addition to the above, it’s important to consider the immense amounts of personal data nonprofits store and utilize to serve their stakeholders. Donors’ financial information, sensitive personal data from people in vulnerable situations, and even employee records are all potentially at risk. The potential impact of a breach on donor confidence and the real-world consequences of compromising vulnerable information should position cybersecurity as a top priority.
Evolving data privacy regulations further add complexity to the issue. Nonprofits will want to ensure that as they attempt to secure stakeholders and data, they comply with the privacy regulations of their territories. However, keeping track of policies as they evolve can be a significant lift for nonprofits that organize their work across disparate spreadsheets and tools.
Nonprofits can leverage Salesforce to keep sensitive data secure
As commerce becomes increasingly digitally-driven, nonprofit organizations will need a framework that they can rely on to protect their stakeholders’ data and maintain alignment with data privacy regulations. Leaders considering change initiatives will be pleased to know that, besides other beneficial features, Salesforce products like Nonprofit Cloud provide top-of-the-line cybersecurity measures for NGOs. Organizations no longer need to rely on the efforts of various applications and a managed service provider to ensure data remains secure – they can rely on the same centralized platform they use to level up other aspects of their business.
Cybersecurity is top-of-mind for Salesforce, and as such, Salesforce solutions come with several built-in security measures that NGOs might currently lack. Some of these features include:
- Two-factor authentication: 56% of nonprofits do not currently utilize multi-factor authentication, leaving critical systems more vulnerable to threats like phishing attacks and account takeovers. Fortunately, Salesforce solutions have built-in multi-factor authentication options, allowing nonprofits to patch this fundamental hole in their security infrastructure immediately.
- Real-time event monitoring: Cybersecurity best practices dictate that it’s best to catch cyberattacks early – yet, as discussed earlier, few nonprofits have the capacity to monitor their systems. Salesforce allows nonprofits to track and respond to suspicious events in real-time, providing insight into who logs in where, changes made to records, and actions taken by current employees and users.
- Shield-platform encryption: The sensitive nature of the data NGOs collect requires an extra layer of protection. Shield-platform encryption is a feature that encrypts data at rest, combining a customer-unique tenant secret with Salesforce’s master secret to create one-of-a-kind encryption. Customers can also define and implement their data protection policies, ensuring storage aligns with local privacy regulations.
While some features are commonly available among all Salesforce solutions, clients can unlock others upon request as additions to the base CRM. For NGOs, the advantage of this model is that they can select and activate layers of protection as needed. Like everything else with Salesforce, customers can customize cybersecurity precautions according to their needs – which empowers nonprofits to build and utilize their own unique security infrastructure within Salesforce’s sandbox.
Customize your cybersecurity infrastructure with Gerent
As the industry status quo shifts toward digitally engaging with donors, nonprofits will need a comprehensive cybersecurity framework to secure their stakeholders' information. Fortunately, Salesforce provides several built-in and additional security features for NGOs, with the ability to customize solutions according to each organization’s unique needs. Given the diverse range of options and complexities involved, NGOs can greatly benefit from partnering with an experienced ally who possesses extensive industry knowledge and technical expertise.
If you’re interested in pursuing a change initiative that will empower you to secure your beneficiaries’ data, give us a call or visit our nonprofit microsite for more information.