Every New Year brings an opportunity for a fresh start. Charities often launch new strategic plans, fundraising initiatives, or program services in January. Another item that charities should add to their to-do list for the coming year is to strengthen their cybersecurity practices.
International headlines have been made about serious data breaches at major corporations. (This year’s Equifax data breach is an example.) Some groups may believe that cybercriminals are only interested in victimizing large corporations or that charities, particularly smaller organizations, have no need to worry. The truth is that charities of all sizes can be vulnerable to cyberattacks.
Charities hold all kinds of data that are valued by those committing cybercrimes, such as personal and financial information about donors, clients, and staff members. Unfortunately, charities throughout the country have had their computer systems and websites taken over by cybercriminals who demand payment to return the information, or they discover that sensitive financial and health information has been shared on the dark web, potentially used by criminals.
The integrity of an organization can be greatly injured by cyberattacks, and the costs of recovering information and adjusting IT systems following an attack can be significant. Plus, while larger organizations often have IT departments to manage these issues, small charities may have only one or two people who must be attentive to cybersecurity on top of many other issues.
To assist organizations, the Ohio Attorney General’s Office is providing several cybersecurity resources including:
- Cybersecurity webinar on Jan. 10. The office’s Charitable Law Section will hold a special webinar in conjunction with the Attorney General’s CyberOhio unit at noon on Jan. 10, 2018, to address ways that charitable organizations can protect their information. Register for this webinar online.
- Data breach prevention and response guide. The Attorney General’s “Data Breach Prevention and Response Guide” highlights key principles of sound data security, tips on training employees to prevent a data breach, and steps to take in response to a breach.
- CyberOhio newsletter. The Attorney General’s CyberOhio newsletter covers cybersecurity topics, such as as how to make a smartphone more secure, how to avoid a phishing attack, and why passphrases are better than passwords.
Charities should make it a priority to adopt a cybersecurity plan that includes such steps as evaluating the types of information available within the organization and who has access to it; training employees to take precautions against a breach by avoiding phishing schemes and other suspicious activities; and determining what steps will be taken if a breach occurs. These issues will be reviewed in the Jan. 10 webinar and also are outlined in the “Data Breach Prevention and Response Guide” produced by the Ohio Attorney General’s CyberOhio initiative.
Ohio Attorney General Mike DeWine launched the CyberOhio initiative in 2016 to help foster a legal, technical, and collaborative cybersecurity environment to help Ohio businesses thrive. The initiative includes several components, such as examining and promoting cybersecurity legislation, offering cybersecurity training opportunities, and developing cybersecurity workforce personnel. One of the goals of CyberOhio is to increase awareness of the importance of data breach prevention among small businesses and charities.