What would most clients and donors do if they knew you had a data breach?
I’m sure you’re not too surprised that they’d stop doing business with you.
Over 53 percent of businesses admitted that they would terminate relationships—either donations or direct client relationships with you—in the event you leaked sensitive data, had a major cyber event, or lost important data.
Let me repeat that statistic. Over half of American businesses (and individual clients) would ditch your organization in the wake of a major data breach.
Maybe you store credit card processing information, maybe you keep medical records or sensitive information relating to clients and donors. It doesn’t matter. Whatever information you store, the majority would end their relationships with you if they found out you leaked their data.
Even more, nearly 83% of people would completely stop spending money with an organization for a time period of at least three months during the aftermath of an attack. And the remainder would stop their engagements entirely.
Where does that leave you? With nearly no reliable base of clients or donors from which to rely on funding and support during probably some of the most trying time during your organization’s history.
What do you think your clients and donors will think?
Will They Call You Stupid…Or Just Irresponsible?
It’s EXTREMELY unfair, isn’t it? Victims of other crimes – burglary, mugging, carjacking, theft – get sympathy from others. They are called “victims” and support comes flooding in.
But unfortunately for your organization, cybersecurity—your responsibility as a steward to your client and donor information—isn’t taken so lightly. People invest in your organization and expect you to be keeping their information secure.
While security breaches are by no means a new phenomenon, U.S. attitudes toward them seem to be changing significantly. In the past, the majority of Americans—including those people that might be key people for your organization to continue to be sustainable.
Those key people are getting more and more interested that you are taking the appropriate security measures and how much you’re spending.
Even if they perceive you as having lax security practices, they will be 45% less likely to continue their relationship with you—even if you haven’t incurred a major data breach. If they lose trust that you are good stewards of their information, you better believe that they are questioning whether they should be investing their money and relationships with you.
Some might go as far as checking your security process to make sure you are doing enough to protect them. Do you even have a process documented that you can share with major donors or clients? While you might not have clients currently asking about how you keep their security, expect to get asked questions about how your network is protected in the future—specifically relating to how you safeguard their data.
What are some things you should be doing right away?
Make sure you have a cybersecurity strategy—simply having a firewall in place or a spam filter set up is not enough in 2018 to protect your organization from data breaches or cyberattacks. Making sure your data is completely protected means that you need to have a cyber strategy that evaluates current threats and comes up with ways to address those threats so that your office can continue to run efficiently. In addition, having a plan drawn up will give you a way to show your VIP clients and donors that you take protecting their information a priority and give them piece of mind that you are the organization they want to continue to do business with.
Create security policies that actually protect your organization—one key part to integrating cybersecurity into your organizational culture is to figure out how to construct policies related to security. By having clear and well-defined instructions on how your staff should approach security, you will eliminate any doubt that your organization is not securing their data.
Backup your data—in the event of a natural disaster or cyber event, one of the easiest ways to continue day to day operations without a hitch is to have tested backups of your data. From 1 to 10, how certain are you that your backups would recover you from a disaster? If you’re not a complete 10, you might want to get a second opinion.
Monitor your network—most cyberattacks take months to detect. During most of that time, criminals are slowly siphoning sensitive data from your office with no one catching it! If you had network monitoring that could decipher between normal operations and suspicious activity—even unexpected small movements in sensitive areas on your network—you would be able to nip most cyber breaches in the bud.
Assess the vulnerabilities on your network—one of the easiest ways to tell if you’re doing enough to protect your data is to know what your vulnerabilities are and how to resolve them. Cybersecurity experts unanimously recommend getting a network vulnerability assessment to determine what vulnerabilities are on your network and find ways to remediate any security issues. By showing your big clients and donors how you’ve improved data security to protect them, you will go a long way to ensuring you’re taking the right steps toward securing your sensitive information.