您的非营利组织是否为数据泄露准备？

您是否想处于通知您的捐助者，志愿者和员工数据泄露方面的令人羡慕的立场？这是没有非营利董事想要拨打的电话。无论是丢失的笔记本电脑，其中包含供体数据库还是没有正确切碎的硬拷贝志愿者记录，非营利组织都可以迅速找到其声誉和使命的风险。

The financial costs of managing a data breach are well documented and growing, with a recent study estimating an average of $221 per lost record, and $7 million average total cost.¹These costs may include legal guidance, breach notification, forensics, credit monitoring and other crisis services.

而无形的、非营利性的失去了信任s can experience from donors, volunteers and the community also can be significant and harder to restore, and can affect fundraising activities, volunteer engagement and partnerships with other organizations.

“Nonprofit organizations often work so closely with a dedicated group of volunteers and a loyal donor base who entrust the nonprofit with their personal data,” says Tim Francis, Enterprise Cyber Lead at Travelers. “Nonprofits should take steps to protect that data and to prepare themselves for a potential data breach.”

Understand Your Data, Systems and Network

了解您正在运行的系统，存储的数据以及网络结构化的基础知识可以帮助非营利组织更有效地分配有限的数据安全资源。您想了解的有关数据的一些事情包括：

• 了解数据的创建，收集和存储在哪里。
• 保持计算机系统和软件的准确清单。

• Understanding your network infrastructure.

集中您的网络安全努力

After you understand the data, systems and network that you are trying to protect, focus on security controls that would be the most effective based on your specific needs and resources. Consider implementing stronger controls for storing and transmitting your most sensitive data, such as the Personally Identifiable Information (PII) of donors and volunteers, or the Protected Health Information (PHI) of current and past employees.

Prepare for the Unexpected

每个组织都需要一个计划，以防数据泄露。一个incident response plancan help organizations plan to comply with applicable laws and regulations, and launch a rapid and coordinated response that can help reassure donors, volunteers, staff and the general public that your organization takes the breach seriously and has the incident under control, to maintain the organization’s strong reputation, which can be one of the organization’s strongest allies. It’s worth protecting by guarding against data breaches.

考虑网络保险

任何使用技术或收集数据的组织都有可能发生数据泄露或网络攻击的风险，包括非营利组织。Cyber insurance在数据泄露后帮助您的组织康复至关重要。它还可以通过将您连接到可以帮助您准备更好地响应并从数据泄露中恢复的网络资源来帮助之前提供帮助。您的非营利组织的使命是宝贵的。通过为您的组织提供保护您的专注于保存任务的保护，来防止网络攻击。

资料来源：
¹Ponemon Institute 2016年数据泄露研究成本是针对经历过违规的调查公司，该公司要求公司根据州法律通知受害者。