October 13, 2015
In recent years, many of the biggest companies in the world have been victims of major data breaches. During that same time, thousands of small- and medium-sized businesses, including non-profit organizations, have also had their data compromised. Whether your organization is large or small, it’s critical to be prepared for a data breach. These steps can help.
Step 1 – Create a Breach Response Team. This cross-functional team should coordinate efforts throughout an entire enterprise and be the primary contacts should a breach occurs.
Step 2 – Assess storable data. It’s critical that know what information is being stored so an appropriate response can be launched. Here’s what’s critical to know:
• What type of data is being held about members, contributors, employees and vendors?
• Where is that data stored?
• Which systems handle this data and are security protocols and tools current?
• Which team members are responsible for each of those systems?
• Do any third parties handle your member data?
Step 3 – Assess existing liabilities and obligations. Once sensitive information in data files is known, a suitable action can be deployed on behalf of those parties who must be notified timely. Who must be notified and when? Who are you required to notify? How soon do they need to be notified?
Step 4 – Create a contact list. Identify stakeholders who need immediate notification. That may include • Team members to be available to respond to unexpected necessities.
• Legal advisors to ensure all obligations are identified and included in the plan.
• All key contributors and partners who need to be informed or advised of a breach.
Step 5 – Create a communication plan. The sooner you alert your members are alerted, the better the long term outcome. Essential to communication are:
• How and when how and when members are alerted
• Who will address key contributors
• How and if this information to the media will be informed.
Step 6 – Don’t Panic. If a breach does occur and the above plan is in place, response should be automatic:
1. Contact the Breach Response Team and trust them to execute their tasks
2. Identify the data that has been compromised and take immediate steps to stop the breach and/or take the data offline.
3. Contact legal advisors to ensure all necessary legal steps are prepared.
4. If necessary, tailor a communication plan according to legal notification requirements.
5. Follow the detailed communication plan and alert the affected stakeholders (members, vendors, contributors, etc.)
This article is part of our continuing series to help our members better understand how to prepare and respond to a data breach. Look for our next article, “Shining a Light on the Dark Web”. Coming soon: Product solutions to help you prepare and respond to a data breach. Current First Nonprofit members and clients have access to Cyber Monitoring at no charge. Members can sign up here: https://firstnonprofit.com/cyber-monitoring-benefit-sign-up-form/
The Ensight Skills Center has enjoyed working with First Nonprofit for several years. We are enrolled in their Unemployment Savings Program and although we have not required a lot of intervention, there have been a few times. I know others have dealt with the same problem of unemployment fraud over the last year and in our case, a call to First Nonprofit (they actually answer their phones) cleared up the issue. They also sent us a letter to send to all our employees telling them what they needed to do to prevent this in the future and protect themselves. What a relief! Over the years if I have questions or concerns, they are happy to listen, advise and help if they can. Another BIG advantage of using First Nonprofit is that all the money that is paid into the Unemployment Savings Program lives on my balance sheet as an asset. The money continues to be Ensight’s not the governments. First Nonprofit has certainly given me peace of mind.
Visually Impaired Preschool Services has been a client of First Non-Profit since it was first offered as a benefit of VisionServe Alliance. We completed a thorough evaluation of cash savings to our agency before taking advantage of this wonderful benefit and it has been a very wise decision. Our experience with the processes from accounting to claims have been professional, expeditious and easy.
NYCON members who use First Nonprofit’s programs enjoy enduring savings and improved efficiency. Our association knows that success, because from the beginning, we achieved the same great benefits. Great savings, seamless technology, and responsive service. NYCON highly recommends First Nonprofit’s remarkable unemployment solutions.
It has been our sincere pleasure to maintain a strong, vibrant business partnership with First Nonprofit. We greatly admire their strong industry knowledge, technical expertise, constant professionalism, knowledgeable and dedicated staff. They are always extremely responsive, personable and provide us with the necessary guidance and recommendations on a numerous variety of employment scenarios. We are impressed with the accuracy of their employment decisions, integrity of their employees and efficiency of their claim handling. We greatly respect and value the consistent, impressive cost savings from the utilization of their outstanding services.
Because INCS advocates for the operating conditions that allow charter public schools to provide high quality public education, partnering with First Nonprofit was an easy decision. First Nonprofit’s unemployment programs provide our member schools two operating elements crucial to their ability to provide high quality public education: savings and budget certainty. Capable, committed teachers are the key to student success. By participating in the unemployment insurance savings plan, charter public schools gain peace of mind and are able to invest more money in their teachers.
Throughout our membership in the Unemployment Savings Program, First Nonprofit understood our demands, community dynamics, and the importance of seamless services; that allowed us to serve our constituents better.