October 13, 2015
In recent years, many of the biggest companies in the world have been victims of major data breaches. During that same time, thousands of small- and medium-sized businesses, including non-profit organizations, have also had their data compromised. Whether your organization is large or small, it’s critical to be prepared for a data breach. These steps can help.
Step 1 – Create a Breach Response Team. This cross-functional team should coordinate efforts throughout an entire enterprise and be the primary contacts should a breach occurs.
Step 2 – Assess storable data. It’s critical that know what information is being stored so an appropriate response can be launched. Here’s what’s critical to know:
• What type of data is being held about members, contributors, employees and vendors?
• Where is that data stored?
• Which systems handle this data and are security protocols and tools current?
• Which team members are responsible for each of those systems?
• Do any third parties handle your member data?
Step 3 – Assess existing liabilities and obligations. Once sensitive information in data files is known, a suitable action can be deployed on behalf of those parties who must be notified timely. Who must be notified and when? Who are you required to notify? How soon do they need to be notified?
Step 4 – Create a contact list. Identify stakeholders who need immediate notification. That may include • Team members to be available to respond to unexpected necessities.
• Legal advisors to ensure all obligations are identified and included in the plan.
• All key contributors and partners who need to be informed or advised of a breach.
Step 5 – Create a communication plan. The sooner you alert your members are alerted, the better the long term outcome. Essential to communication are:
• How and when how and when members are alerted
• Who will address key contributors
• How and if this information to the media will be informed.
Step 6 – Don’t Panic. If a breach does occur and the above plan is in place, response should be automatic:
1. Contact the Breach Response Team and trust them to execute their tasks
2. Identify the data that has been compromised and take immediate steps to stop the breach and/or take the data offline.
3. Contact legal advisors to ensure all necessary legal steps are prepared.
4. If necessary, tailor a communication plan according to legal notification requirements.
5. Follow the detailed communication plan and alert the affected stakeholders (members, vendors, contributors, etc.)
This article is part of our continuing series to help our members better understand how to prepare and respond to a data breach. Look for our next article, “Shining a Light on the Dark Web”. Coming soon: Product solutions to help you prepare and respond to a data breach. Current First Nonprofit members and clients have access to Cyber Monitoring at no charge. Members can sign up here: https://firstnonprofit.com/cyber-monitoring-benefit-sign-up-form/
First Nonprofit has saved us so much money over the state’s program. We had one little glitch with the state recently and we contacted FNP immediately. FNP staff called us back immediately and moved to remedy the problem.
First Nonprofit has been a great partner. They have helped us saved hundreds of thousands of dollars! They have awesome resources for our nonprofit organization. Thanks for the partnership.
Life is certainly busy these days but having business partners like First Nonprofit has made some of the process hassle free. We have worked with this team for years. When we changed payroll systems, they outlined every step. I think this team is terrific and I know they get the job done! Thank you, Cruz, to all the team at FNP.
FNP has helped our agency to save thousands of dollars every year on our unemployment coverage. The service is phenomenal, and we are thankful to their team as our partner. My experience working with Marshall on the advocacy around UE for nonprofits was also a highlight as someone who teaches advocacy and lobbying for nonprofits. Really, your whole team is top shelf, so thank YOU!
Chicago Children’s Theatre has greatly benefited from our partnership with First Nonprofit, and I have always enjoyed working with the staff on our filings and any complicated questions. I would not hesitate to recommend First Nonprofit to fellow nonprofits. We’re very happy customers.
FNP is a great resource for Daniel Kids. To have a TPA that we can count on to take point on not only managing our unemployment claims, but to support and guide any protest hearing, is invaluable. All the professional support staff we have worked with have been excellent, very knowledgeable and responsive. We are grateful for the help and support, thank you.
When I first began in my position at my organization, I hadn’t had experience working with a company like FNP. The staff was so patient and helpful in helping to explain the benefits of First Nonprofit. Anytime I reach out with a question I receive a quick, clear, and thorough response. I’m so thankful that we decided to partner with FNP. Their excellence in customer service, coupled with their variety of packages frees us up to truly serve our staff and community with a peace of mind knowing that our organization is protected against unanticipated unemployment insurance expenses.
First Nonprofit gets an A+ in my book. You are so easy to work with & very knowledgeable! Whether it is my quarterly correspondence with Kim or my random interactions with Dawn about a bond … I am so pleased that I get to work with such a helpful company. Thank you!