When business ethics and governance expert Lucy P. Marcus calls data breaches “an artifact of modern indifference,” she’s alluding to how “companies, regardless of size or sector, need to recognize their responsibility … to be vigilant and proactive about securing their data and systems.”
Marcus admits that while the threat of a cybersecurity breach is avoidable, “the key to mitigating it is to understand that cybersecurity isn’t simply a technology issue; it is also an urgent strategic issue that should be at the top of the agenda for every board and management team.”
Dr. Angela Daly sees the data breach as one of several aspects of what she calls “the ‘dark side’ of data and digitization,” which can happen “as a result of external hacking, insider threats, or incompetent data handling.” The socio-legal scholar of technology spoke in Brisbane, Australia, as part of the Digital Impact World Tour.
With such high stakes, what can nonprofits do to educate and protect themselves when it comes to using, sharing, and storing their data?
According to the National Council of Nonprofits, “it makes sense for every nonprofit to — at a minimum — assess the risks of a data security breach, and protect its data from unauthorized disclosure.”
The Council has curated a list of resources from the Nonprofit Quarterly (NPQ), The Nonprofit Technology Network (NTEN), The U.S. Department of Homeland Security, and Digital Impact that are designed to help nonprofits collect and store information safely and effectively.
The NonProfit Times (NPT) shared 6 steps nonprofits can take in response to an ever-evolving landscape of technology, which tends to favor streamlined devices over tightened security.
Nonprofits have work to do. Daly recognizes a “broad perception that nonprofits should be more ethical in their activities and actions than other kinds of organizations.” With a new regulatory environment in effect this month, nonprofits will be held to the highest standard with regard to how they handle their data.
“Nonprofits in the process of becoming ‘data organizations’ will need to go beyond the minimum privacy and data security requirements,” Daly says. “To ensure they don’t stray into the dark side of the digital environment.”