The non-profit sector has long faced challenges of managing tight budgets while focusing on critical fundraising efforts. With the shift to online donations, today’s non-profits also need a robust cybersecurity strategy to protect sensitive and payment data collected – an effort that is often put on the back burner due to limited resources.
Cybercriminals often target organizations with weaker cybersecurity defenses, and non-profits are no exception Bluefin Payment Systems‘ Brent Johnson, CISSP, CISA, CDPSE, CIPP/E recently shared his expertise on data security with NonProfit Pro, emphasizing that non-profits cannot afford to neglect cybersecurity.
Nonprofits store a great deal of personally identifiable information in their databases — from client medical records and employee social security numbers to donor payment information. Cybercriminals sell personally identifiable information on the black market to other bad actors, who use it to commit fraud, steal identities or break into high-profile donors’ bank accounts. Since this information has a real dollar value, cybercriminals do whatever they can to access and compromise it — and their tactics are growing more effective and efficient.
With the average cost of a data breach expected to reach $5 million in 2023, organizations simply can’t afford to ignore security measures. Johnson emphasizes that like any organization that accepts, processes, stores or transmits payment information, nonprofits are responsible for maintaining compliance with the Payment Card Industry’s Data Security Standards (PCI-DSS).
To achieve donor trust while keeping your organization’s data secure, Johnson recommends devaluing your data, which ensures PCI compliance and renders data useless in the event of a breach.
Incorporating tokenization and encryption into your nonprofit operations not only helps you maintain PCI compliance, but also improves your overall security posture — leading to increased donor trust and the support that enables you to achieve your mission.