October 13, 2015
In recent years, many of the biggest companies in the world have been victims of major data breaches. During that same time, thousands of small- and medium-sized businesses, including non-profit organizations, have also had their data compromised. Whether your organization is large or small, it’s critical to be prepared for a data breach. These steps can help.
Step 1 – Create a Breach Response Team. This cross-functional team should coordinate efforts throughout an entire enterprise and be the primary contacts should a breach occurs.
Step 2 – Assess storable data. It’s critical that know what information is being stored so an appropriate response can be launched. Here’s what’s critical to know:
• What type of data is being held about members, contributors, employees and vendors?
• Where is that data stored?
• Which systems handle this data and are security protocols and tools current?
• Which team members are responsible for each of those systems?
• Do any third parties handle your member data?
Step 3 – Assess existing liabilities and obligations. Once sensitive information in data files is known, a suitable action can be deployed on behalf of those parties who must be notified timely. Who must be notified and when? Who are you required to notify? How soon do they need to be notified?
Step 4 – Create a contact list. Identify stakeholders who need immediate notification. That may include • Team members to be available to respond to unexpected necessities.
• Legal advisors to ensure all obligations are identified and included in the plan.
• All key contributors and partners who need to be informed or advised of a breach.
Step 5 – Create a communication plan. The sooner you alert your members are alerted, the better the long term outcome. Essential to communication are:
• How and when how and when members are alerted
• Who will address key contributors
• How and if this information to the media will be informed.
Step 6 – Don’t Panic. If a breach does occur and the above plan is in place, response should be automatic:
1. Contact the Breach Response Team and trust them to execute their tasks
2. Identify the data that has been compromised and take immediate steps to stop the breach and/or take the data offline.
3. Contact legal advisors to ensure all necessary legal steps are prepared.
4. If necessary, tailor a communication plan according to legal notification requirements.
5. Follow the detailed communication plan and alert the affected stakeholders (members, vendors, contributors, etc.)
This article is part of our continuing series to help our members better understand how to prepare and respond to a data breach. Look for our next article, “Shining a Light on the Dark Web”. Coming soon: Product solutions to help you prepare and respond to a data breach. Current First Nonprofit members and clients have access to Cyber Monitoring at no charge. Members can sign up here: https://firstnonprofit.com/cyber-monitoring-benefit-sign-up-form/
NYCON members who use First Nonprofit’s programs enjoy enduring savings and improved efficiency. Our association knows that success, because from the beginning, we achieved the same great benefits. Great savings, seamless technology, and responsive service. NYCON highly recommends First Nonprofit’s remarkable unemployment solutions.
We were introduced to First Nonprofit through another housing authority. In our analysis and comparison to what we were paying the State, our first year savings was $5,800 plus. We have been with them since the end of 2008 and I am glad we have been. I consider them an arm of our HR department.
Because INCS advocates for the operating conditions that allow charter public schools to provide high quality public education, partnering with First Nonprofit was an easy decision. First Nonprofit’s unemployment programs provide our member schools two operating elements crucial to their ability to provide high quality public education: savings and budget certainty. Capable, committed teachers are the key to student success. By participating in the unemployment insurance savings plan, charter public schools gain peace of mind and are able to invest more money in their teachers.
Throughout our membership in the Unemployment Savings Program, First Nonprofit understood our demands, community dynamics, and the importance of seamless services; that allowed us to serve our constituents better.