Americans today are funding charities and other non-profit organizations in growing numbers. According to Charity Navigator, Americans gave roughly 2.7% more dollars to non-profits for $390 billion to various charitable organizations in 2016. In doing so, however, these organizations are collecting, processing, and sometimes even storing sensitive payment information and other personally-identifiable data. On top of this, much of this data is being exchanged electronically given that online donations increased 7.9% in 2016 compared to 1% for mailed-in donations. Given that 80% of all organizations have weathered at least one cyberattack, non-profit organizations need to ensure they’re using the right tools to store and secure this data from sophisticated cybercriminals to ensure their donors’ continued trust.
Fortunately, many of these organizations are starting to understand the implications of poor cybersecurity and are adapting their practices accordingly. According to a recent CohnReznick study, 52% of respondents said their non-profit organizations had cybersecurity response plans in place—an increase from 31% the previous year. Nonetheless, most non-profits lack the in-house experience required to manage cybersecurity and hosting issues. In the same study, only 43% confirmed their organizations provide information technology and security training for their employees.
In a sector where revenue, government funding and contribution issues matter more to organizations than data security, many non-profits are ill-equipped to manage highly-technical data security and hosting tasks internally. Given the plethora of data security regulations that govern donations and other transactions, this has to change—especially for organizations that collect information from outside the United States. Some data security standards that could impact your hosting and data security decisions include:
- PCI DSS—This standard was created by the PCI Security Standards Council, and governs how organizations process and store consumer and donor payment information. It requires organizations to incorporate 256-bit AES and SSL encryption, firewalls, and advanced database passwords when processing and storing payments.
- HIPAA—This 1996 law governs how organizations in the healthcare sector must be collecting and storing electronic protected health information (ePHI). It instructs healthcare organizations to use security measures that are commensurate for protecting patients’ health and medical histories, billing information and more to avoid fines and sanctions.
- GDPR—Organizations that have a presence in Europe may also need to comply with the EU’s General Data Protection Regulation (GDPR). The GDPR officially takes effect on May 25th, and requires organizations who employ or collect data from EU-member citizens to incorporate encryption, perform regular security audits, and use backup and redundancy facilities to protect their data.
- PIPEDA—Non-profits that either operate in Canada or store Canadians’ personally-identifiable information will need to comply with PIPEDA and applicable provincial laws. These laws require organizations to obtain specific permissions from employees, clients and customers regarding how they can use their data in various circumstances, and to use commensurate security protections.
Non-profits need to take the right steps now to ensure the personally-identifiable data they collect are secure from potential data breaches. They also have to do so in ways that make sense for their budgets. Hosting this data in the cloud is one cost-effective way to achieve this. In fact, organizations working with virtual cloud hosting providers have saved $3,966 monthly compared to on-site alternatives.
Contact us to learn how Abacus Private Cloud can protect your organization’s software and data.