Miranda R. Dalton511C10.18.11 NPOs and Information Security An analysis of the factors that contribute to the vulnerability of NPOs and best practices in combating criminal activity.
Agenda Recommendations Securing Information Vulnerability of NPOs Responsible FactorsThe Interest in Nonprofits
Research Approach • Articles disseminated over a three year period (2007-2010) • Similarities and discrepancies among articles explored • Nonprofit Organizations will be referenced as NPOs
Nonprofit SectorA growing sector in our nation’s economy 1.5 Million NPOs in 2008 A Target For Cyber Criminals
Why the Interest in Nonprofits? Cyber Criminals see tremendous financial gain•Nonprofit budgets are growing• If successful, cyber criminals can gain access to organization’s financial accountsand personal/financial information of donors• Cyber Criminals are finding new and innovative malware to penetrate networks• New malware is not easily stopped• Development of new malware has morphed into a multi-billion dollar globalenterprise
The Vulnerability of NPOsResponsible Factors Human Carelessness Financial Constraints Underestimating the Risk• Accidentally posting • Anti-virus software costly • NPOs have versatile information online and quickly become out payments options for of date donors• Discarding information in an unsecured dumpster • Majority of funding is for • In the process, program services and information security is• Stolen hardware & delivery lost information by temporary employees • Difficult to allot money to • Larger NPOs more purchase current security security measures, but software and employ IT greater financial staff transactions -TARGET
Securing Information A comparison of strategic approaches Install latest antivirus Undergo cultural change Back up and redundantsoftware and employ IT staff related to information systems security• McAfee • Securing information is the • The issue – reactive in nature responsibility of all• Norton • Only relevant once networks • Security Awareness Programs have been compromised• Latest security versions - training in information should be installed in security • Should not become the computers prevailing IT strategy • Adoption of proper• Expensive protocols/procedures in securing information• Budgetary Issues – organization can’t afford IT • Buy in needed of all key staff or to contract out to stakeholders third partyies
Recommendations to Nonprofits• Information security must become a key component ofstrategic planning * Will assist in changing the culture of an organization * NPOs will begin to dialogue concerning matters of information security and the adoption of security initiatives• Training must occur on an ongoing basis * Argument: NPOs are already stressed and further training would add to the frustration of NPOs * Counter Argument: If IT and security matters are not a priority, it could harm contributions if donors feel that their information has been compromised
Recommendations to Nonprofits Five Steps in Creating an Information Security Plan1. Develop information security policies2. Communicate the information security policies3. Indentify critical information assets and risks Five Steps in Creating an Information4. Test and reevaluate risks Security Plan5. Obtain stakeholder support
Security and the Internet - Fighting Malware. (2008, July). OECD Observer, 10-11.Six ID Theft Trends for 2010. (2010, February). Credit Union Magazine, 42.Baltzan, Phillips, & Haag. (2009). Information Technology and Management. (third, Ed.) McGraw-Hill.Dinerman, B. (2009, July 21). Security Threats: A guide for small and mid-size nonprofits.Retrieved October 10, 2011, from TechSoup:http://www.techsoup.org/learningcenter/techplan/page11904.cfmMeron, J. (2009, January 26). NP Tech News. Retrieved October 10, 2011, fromhttp://www.nptechnews.com/management-features/increasing-data-security-in-an-increasingly-insecure-world.htmlPopa, C. (2007, February). Information Security for Nonprofits. CMA Management, 19-21.Sherstobitoff, R. (2008, April 21). How to Make Sure You Arent the "Low-Hanging Fruit" for Fraud.8.