SlideShare uma empresa Scribd logo

Minimizing the risk of a data breach – a guide for nonprofit organizations

NetSquared Vancouver
NetSquared Vancouver

Saved resource from Charity Village

Governo e ONGs
1 de 4
Baixar para ler offline
10/31/2017 Minimizing the risk of a data breach: A guide for nonprofit organizations https://charityvillage.com/Content.aspx?topic=Minimizing_the_risk_of_a_data_breach_A_guide_for_nonprofit_organizations#.WebOoxNSznX 1/4 3646 Views 0 Comments 1 Recommends Written by: Angela Byrne   March 8, 2017   More about:  Board of directors, Governance, IT, Management, Planning, Risk, Tools & Tips Text Size: A A 37 back Minimizing the risk of a data breach: A guide for nonprofit organizations About this article The risk of a privacy breach is a very real possibility for many organizations, including charities, and the consequences can be severe. The following headlines demonstrate that no organization is exempt. B.C. woman shocked to find private medical information of 10 other people in file A Calgary liquor store paid a ransom this week to regain access to its computers after hackers infected its database with a virus — and even got an unofficial receipt thanking it for its involuntary "purchase. It’s still unclear if personal data on an unencrypted hard drive missing from the BC Ministry of Education has been used by anyone. Family services sued after personal info hacked, posted on Facebook As many as 8,300 patients had contact information turned over to private RESP companies by employees Despite these headlines we know that many breaches are not reported and organizations are often caught off guard. According to the SC Magazine, about 77% of organizations are unprepared for cyber­security incidents. They quietly go about repairing damage and strengthening security; unbeknownst to the individuals who may be affected. For others, it is only when hearing news of a breach at a neighbouring organization that questions arise about the effectiveness of controls and security of information and systems. This will all change when the mandatory breach reporting requirements included in the new Digital Privacy Act (Bill S­4) comes into force. The Digital Privacy Act amended Canada’s privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). A number of important changes to PIPEDA to strengthen privacy protection came into effect in 2015. Regulations for mandatory data breach reporting are in process with no effective date announced. It is important to note that once mandatory reporting is in place, failure to meet requirements will carry fines of up to $100,000. In my experience charities are particulary vulnerable. The pressure to minimize administrative expenses and funnel all revenue into service delivery often means there is little left over to invest in technology. Particularly in smaller organizations, technology infrastructure is often cobbled together and heavy reliance is placed on the one “IT person” to fill a myriad of roles; from IT strategist to help desk support. To minimize the risk of data breaches, avoid the negative headlines and ultimately comply with emerging regulations, charities will want to implement a systematic approach that provides assurance that risks to the information that they collect and store and the systems that hold that information are being addressed. Implementing the following 5 steps will provide valuable information on the level of vulnerability of a data breach: 1. Formally define the objective 2. Identify and prioritize risks to achieving the objective 3. Evaluate risk treatments 4. Close the gaps
10/31/2017 Minimizing the risk of a data breach: A guide for nonprofit organizations https://charityvillage.com/Content.aspx?topic=Minimizing_the_risk_of_a_data_breach_A_guide_for_nonprofit_organizations#.WebOoxNSznX 2/4 5. Review and Refresh A discussion of each of these steps follows. 1. Formally define the objective The first step is to formally define an objective related to data privacy and security. Although this may seem obvious, it may come as a surprise that many organizations have not done so. Often attention and resources are focused on value creation objectives. They are aptly named, as they create value for the organization when achieved. Common examples relate to: Improving quality of service delivery Increasing revenue Reducing wait times for service Less familiar are those objectives that strive to preserve or prevent the erosion of the value of an organization. Although there are often no accolades or celebration for achieving these objectives; if not realized, they can cost money, expose the organization to fines and penalties, damage reputation and may even have catastrophic consequences as could be the case with the organizations in the headlines noted above. These objectives often address such areas as: Health and safety compliance Integrity of financial reports Compliance with legislation Protecting assets Preventing fraud We can see that objectives in any of the above areas, if not achieved present considerable risk to an organization and have the potential to erode value. Similar to the areas mentioned above objectives related to data privacy and security would also fall into the category of value preservation. Objectives may be developed for any of the following areas: Safeguarding personal and confidential data Protecting information systems from unauthorized access Ensuring full compliance with all privacy legislation Although many organizations may informally acknowledge the importance of value preservation objectives, often they not formally established, managed and monitored. Formally articulating objectives that relate to the security and safety of information and technology increases the chances they will be achieved. An important step in establishing the data security objective is to ensure an owner accountable for action is assigned. To demonstrate the following steps we will use the following example of a value preservation objective for data security: “Prevent unauthorized access to all information technology systems in 2017.” 2. Identify and prioritize risks to achieving the objective To achieve an objective it is necessary to understand what can get in the way of success. Anticipating the risks helps organizations to understand what could go wrong and how to get the organization back on track. As risks are identified, it is necessary to prioritize them based on likelihood and impact. This is critical to ensuring that scarce resources are focused on the highest priority risks. The two questions to ask are: 1. What is the likelihood that this will happen? 2. What is the impact to the organization if it does? A number of basic risks readily come to mind when we think about our objective above; “Prevent unauthorized access to all information technology systems in 2017.” The wrong people have access to information systems Information systems are not protected Users can modify or delete data
10/31/2017 Minimizing the risk of a data breach: A guide for nonprofit organizations https://charityvillage.com/Content.aspx?topic=Minimizing_the_risk_of_a_data_breach_A_guide_for_nonprofit_organizations#.WebOoxNSznX 3/4 As we apply the two basic questions to the risk examples, we may conclude that likelihood may be high and any breach to systems or the data will have a significant impact. Avoid the temptation to be lulled into a false sense of security with rationale that your organization is too small to bother or that you have nothing of value. According to Richard Wilson, partner, cyber security and privacy practice, PwC Canada: "Canadian business and public sector leaders need to better understand the full range of impacts a cyber security breach can have on their organizations. This issue has evolved far beyond data loss. Beyond financial and reputational damages, we are seeing impacts to competitiveness, product and service quality, employee retention, and the health and safety of both employees and the public." 3. Evaluate risk treatments in place Risk treatment is a term used to describe the action that the organization takes to control the exposure to risk. The most common types of risk treatments are: avoid, transfer or share, accept, or implement controls. Avoiding the risk involves stopping the activity that is creating the risk. For charities this may mean stopping service. Not a realistic option if the mission is to be achieved. Transfer or sharing risk is when the organization gets someone else to fully or partially accept the risk. Examples include purchasing insurance or sharing risk with another party. Risk acceptance is when an organization accepts the risk. This happens informally all the time, as organizations recognize a risk and move forward without taking any action. Whether acknowledged or not, the risk has been accepted. Implementing controls are actions that the organization takes to reduce the level of exposure to the risk. Actions can include staff training, policies and procedures, reviews, approvals, supervisor sign offs, completeness checks, etc. Assessing and determining the appropriate risk treatments to address priority risks provides an organization with the information they need to close the gaps. Continuing with our example, risk treatments may include a number of measures such as: Implementing access and permission controls such as ensuring users access is approved on a “need to know” basis Partnering with IT service providers that detect and monitor security Educating users on appropriate security protocols Regular evaluation of qualifications and competencies of IT staff Purchasing cyber security insurance Implementing retention and destruction policies to ensure personally identifiable information is not kept longer than necessary 4. Close the gaps With an understanding of the objective, the potential risk and risk treatments it is now time to take action to close any gaps. By taking action, the organization is increasing its chances of achieving the objective. It is not only important to take action but to also ensure that the action taken to mitigate risks is effective. That means evaluating the activities to ensure this is the case. Keep in mind that the only way to completely remove a risk is to avoid it. All other actions serve to reduce the risk but will not eliminate it. With that in mind, organizations need to understand the level of risk that continues to exist after action has been taken and if they can accept the remaining level of risk. In our example above, perhaps we conclude that users are not as security aware as needed. In this case, a common response is to implement user training. We know that after receiving training there is still a chance that users will not follow best practices and a security risk remains. Organizations need to determine if they can live with the remaining risk or if additional steps need to be taken. 5. Review and Refresh At least annually, or when major change occurs, objectives, risks and risk treatments need to be reviewed. Change is constant. This is particularly relevant in the field of technology where information security continually needs to address new and emerging threats. Objectives may need to be revised and risks to achieving the objective will change. Risk treatments also need to be continually reviewed to make sure they are working and reduce risk to an acceptable level. Implementing these five steps will ensure that value preservation objectives, such as those needed to protect data and information systems, are managed and dire consequences for organizations are reduced.
10/31/2017 Minimizing the risk of a data breach: A guide for nonprofit organizations https://charityvillage.com/Content.aspx?topic=Minimizing_the_risk_of_a_data_breach_A_guide_for_nonprofit_organizations#.WebOoxNSznX 4/4 Angela Byrne, president of Angela Byrne Consulting Inc., is passionate about helping organizations develop good structure and processes that manage risks and deliver results. She has extensive knowledge of charities and has worked with a number of organizations across Ontario. Angela is a Chartered Professional Accountant, Certified Management Accountant, Certified Internal Auditor and holds certifications in Information Systems Auditing and Risk Management Assurance. Angela welcomes thoughts and comments on this article by email to info@angelabyrnecma.com as well as any questions she might address in future articles. You can also find her on twitter at @byrne_angela and on LinkedIn. Go To Top Comments Sort by  Newest first No Comments Found                Please Login to Post Comments.

Recomendados

How to vet charities for immigrant children
How to vet charities for immigrant childrenHow to vet charities for immigrant children
How to vet charities for immigrant childrenEdgar Gonzalez Anaheim
 
IT Trends - Cyber Security
IT Trends - Cyber SecurityIT Trends - Cyber Security
IT Trends - Cyber SecurityDatix Consulting
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggonermihinpr
 
NSTIC and IDESG Update
NSTIC and IDESG UpdateNSTIC and IDESG Update
NSTIC and IDESG UpdateIan Glazer
 
Group letter to FTC calling for workshop examining data breaches - March 2014
Group letter to FTC calling for workshop examining data breaches - March 2014Group letter to FTC calling for workshop examining data breaches - March 2014
Group letter to FTC calling for workshop examining data breaches - March 2014nationalconsumersleague
 
The 10 Most Trusted Healthcare IT Security Solution Providers 2018
The 10 Most Trusted Healthcare IT Security Solution Providers 2018The 10 Most Trusted Healthcare IT Security Solution Providers 2018
The 10 Most Trusted Healthcare IT Security Solution Providers 2018insightscare
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfgalagirishp
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 

Recomendados

How to vet charities for immigrant children
How to vet charities for immigrant childrenHow to vet charities for immigrant children
How to vet charities for immigrant childrenEdgar Gonzalez Anaheim
 
IT Trends - Cyber Security
IT Trends - Cyber SecurityIT Trends - Cyber Security
IT Trends - Cyber SecurityDatix Consulting
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggonermihinpr
 
NSTIC and IDESG Update
NSTIC and IDESG UpdateNSTIC and IDESG Update
NSTIC and IDESG UpdateIan Glazer
 
Group letter to FTC calling for workshop examining data breaches - March 2014
Group letter to FTC calling for workshop examining data breaches - March 2014Group letter to FTC calling for workshop examining data breaches - March 2014
Group letter to FTC calling for workshop examining data breaches - March 2014nationalconsumersleague
 
The 10 Most Trusted Healthcare IT Security Solution Providers 2018
The 10 Most Trusted Healthcare IT Security Solution Providers 2018The 10 Most Trusted Healthcare IT Security Solution Providers 2018
The 10 Most Trusted Healthcare IT Security Solution Providers 2018insightscare
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfgalagirishp
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
DataKillers
DataKillersDataKillers
DataKillersBrian Ethridge
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdframsetl
 
We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020Matthew Doyle
 
he nonprofit organization that I have decided to discuss is Childr.docx
he nonprofit organization that I have decided to discuss is Childr.docxhe nonprofit organization that I have decided to discuss is Childr.docx
he nonprofit organization that I have decided to discuss is Childr.docxpooleavelina
 
BBB April 2017 Market Monitor
BBB April 2017 Market Monitor BBB April 2017 Market Monitor
BBB April 2017 Market Monitor Better Business Bureau Serving Greater Cleveland
 
BBB Market Monitor: April 2017
BBB Market Monitor: April 2017BBB Market Monitor: April 2017
BBB Market Monitor: April 2017Better Business Bureau Serving Greater Cleveland
 
Protecting phi and pii - hipaa challenges and solutions - privacy vs cost
Protecting phi and pii - hipaa challenges and solutions - privacy vs costProtecting phi and pii - hipaa challenges and solutions - privacy vs cost
Protecting phi and pii - hipaa challenges and solutions - privacy vs costUlf Mattsson
 
The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018insightscare
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook Kristin Judge
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and SecurityPYA, P.C.
 
Ivanti Threat Thursday for September 26th
Ivanti Threat Thursday for September 26thIvanti Threat Thursday for September 26th
Ivanti Threat Thursday for September 26thIvanti
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityRow Murray
 
LifeLock Javelin Presentation
LifeLock Javelin PresentationLifeLock Javelin Presentation
LifeLock Javelin PresentationLifeLockBusinessSolutions
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
Social Media & Social Networking: A Cautionary Tale
Social Media & Social Networking: A Cautionary TaleSocial Media & Social Networking: A Cautionary Tale
Social Media & Social Networking: A Cautionary TaleMike Gotta
 
Creating a culture of security.pdf
Creating a culture of security.pdfCreating a culture of security.pdf
Creating a culture of security.pdfTechSoup
 
Veritas-Information-Governance-Solution-Brochure-EN
Veritas-Information-Governance-Solution-Brochure-ENVeritas-Information-Governance-Solution-Brochure-EN
Veritas-Information-Governance-Solution-Brochure-ENRichard Williams
 
Issue Paper Year Of The Breach Final 021706
Issue Paper Year Of The Breach Final 021706Issue Paper Year Of The Breach Final 021706
Issue Paper Year Of The Breach Final 021706Carolyn Kopf
 
TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...NetSquared Vancouver
 
How to Make Your Donors’ Dollars Go Even Further
How to Make Your Donors’ Dollars Go Even FurtherHow to Make Your Donors’ Dollars Go Even Further
How to Make Your Donors’ Dollars Go Even FurtherNetSquared Vancouver
 

Mais conteúdo relacionado

Semelhante a Minimizing the risk of a data breach – a guide for nonprofit organizations

Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdframsetl
 
We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020Matthew Doyle
 
he nonprofit organization that I have decided to discuss is Childr.docx
he nonprofit organization that I have decided to discuss is Childr.docxhe nonprofit organization that I have decided to discuss is Childr.docx
he nonprofit organization that I have decided to discuss is Childr.docxpooleavelina
 
Protecting phi and pii - hipaa challenges and solutions - privacy vs cost
Protecting phi and pii - hipaa challenges and solutions - privacy vs costProtecting phi and pii - hipaa challenges and solutions - privacy vs cost
Protecting phi and pii - hipaa challenges and solutions - privacy vs costUlf Mattsson
 
The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018insightscare
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook Kristin Judge
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and SecurityPYA, P.C.
 
Ivanti Threat Thursday for September 26th
Ivanti Threat Thursday for September 26thIvanti Threat Thursday for September 26th
Ivanti Threat Thursday for September 26thIvanti
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityRow Murray
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
Social Media & Social Networking: A Cautionary Tale
Social Media & Social Networking: A Cautionary TaleSocial Media & Social Networking: A Cautionary Tale
Social Media & Social Networking: A Cautionary TaleMike Gotta
 
Creating a culture of security.pdf
Creating a culture of security.pdfCreating a culture of security.pdf
Creating a culture of security.pdfTechSoup
 
Veritas-Information-Governance-Solution-Brochure-EN
Veritas-Information-Governance-Solution-Brochure-ENVeritas-Information-Governance-Solution-Brochure-EN
Veritas-Information-Governance-Solution-Brochure-ENRichard Williams
 
Issue Paper Year Of The Breach Final 021706
Issue Paper Year Of The Breach Final 021706Issue Paper Year Of The Breach Final 021706
Issue Paper Year Of The Breach Final 021706Carolyn Kopf
 

Semelhante a Minimizing the risk of a data breach – a guide for nonprofit organizations (20)

DataKillers
DataKillersDataKillers
DataKillers
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
 
We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020
 
he nonprofit organization that I have decided to discuss is Childr.docx
he nonprofit organization that I have decided to discuss is Childr.docxhe nonprofit organization that I have decided to discuss is Childr.docx
he nonprofit organization that I have decided to discuss is Childr.docx
 
BBB April 2017 Market Monitor
BBB April 2017 Market Monitor BBB April 2017 Market Monitor
BBB April 2017 Market Monitor
 
BBB Market Monitor: April 2017
BBB Market Monitor: April 2017BBB Market Monitor: April 2017
BBB Market Monitor: April 2017
 
Protecting phi and pii - hipaa challenges and solutions - privacy vs cost
Protecting phi and pii - hipaa challenges and solutions - privacy vs costProtecting phi and pii - hipaa challenges and solutions - privacy vs cost
Protecting phi and pii - hipaa challenges and solutions - privacy vs cost
 
The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and Security
 
Ivanti Threat Thursday for September 26th
Ivanti Threat Thursday for September 26thIvanti Threat Thursday for September 26th
Ivanti Threat Thursday for September 26th
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - Cybersecurity
 
LifeLock Javelin Presentation
LifeLock Javelin PresentationLifeLock Javelin Presentation
LifeLock Javelin Presentation
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
 
Social Media & Social Networking: A Cautionary Tale
Social Media & Social Networking: A Cautionary TaleSocial Media & Social Networking: A Cautionary Tale
Social Media & Social Networking: A Cautionary Tale
 
Creating a culture of security.pdf
Creating a culture of security.pdfCreating a culture of security.pdf
Creating a culture of security.pdf
 
Veritas-Information-Governance-Solution-Brochure-EN
Veritas-Information-Governance-Solution-Brochure-ENVeritas-Information-Governance-Solution-Brochure-EN
Veritas-Information-Governance-Solution-Brochure-EN
 
Issue Paper Year Of The Breach Final 021706
Issue Paper Year Of The Breach Final 021706Issue Paper Year Of The Breach Final 021706
Issue Paper Year Of The Breach Final 021706
 

Mais de NetSquared Vancouver

TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...NetSquared Vancouver
 
How to Make Your Donors’ Dollars Go Even Further
How to Make Your Donors’ Dollars Go Even FurtherHow to Make Your Donors’ Dollars Go Even Further
How to Make Your Donors’ Dollars Go Even FurtherNetSquared Vancouver
 
Show, Don’t Tell: How Your Data Can Reveal Your Impact Story
Show, Don’t Tell: How Your Data Can Reveal Your Impact StoryShow, Don’t Tell: How Your Data Can Reveal Your Impact Story
Show, Don’t Tell: How Your Data Can Reveal Your Impact StoryNetSquared Vancouver
 
Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...
Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...
Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...NetSquared Vancouver
 
What is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime Value
What is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime ValueWhat is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime Value
What is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime ValueNetSquared Vancouver
 
Digital Marketing Diagnostics Part 1
Digital Marketing Diagnostics Part 1Digital Marketing Diagnostics Part 1
Digital Marketing Diagnostics Part 1NetSquared Vancouver
 
Digital Marketing Diagnostics pt. 2.pdf
Digital Marketing Diagnostics pt. 2.pdfDigital Marketing Diagnostics pt. 2.pdf
Digital Marketing Diagnostics pt. 2.pdfNetSquared Vancouver
 
Improve Your Event Marketing Strategies by Leveraging What Already Works
Improve Your Event Marketing Strategies by Leveraging What Already WorksImprove Your Event Marketing Strategies by Leveraging What Already Works
Improve Your Event Marketing Strategies by Leveraging What Already WorksNetSquared Vancouver
 
Sara Hoshooley — Building donor relationships in 2022
Sara Hoshooley — Building donor relationships in 2022Sara Hoshooley — Building donor relationships in 2022
Sara Hoshooley — Building donor relationships in 2022NetSquared Vancouver
 
Shelina Dilgir — Learning the latest trends in individual giving and donor st...
Shelina Dilgir — Learning the latest trends in individual giving and donor st...Shelina Dilgir — Learning the latest trends in individual giving and donor st...
Shelina Dilgir — Learning the latest trends in individual giving and donor st...NetSquared Vancouver
 
Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...
Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...
Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...NetSquared Vancouver
 
Meaningful Work: Building Resilience and Capacity through Skilled Volunteering
Meaningful Work: Building Resilience and Capacity through Skilled VolunteeringMeaningful Work: Building Resilience and Capacity through Skilled Volunteering
Meaningful Work: Building Resilience and Capacity through Skilled VolunteeringNetSquared Vancouver
 
Demo Event: Four Innovative Apps for Food Pantries and Food Banks
Demo Event: Four Innovative Apps for Food Pantries and Food BanksDemo Event: Four Innovative Apps for Food Pantries and Food Banks
Demo Event: Four Innovative Apps for Food Pantries and Food BanksNetSquared Vancouver
 
Measuring the Impact of Your Nonprofit
Measuring the Impact of Your NonprofitMeasuring the Impact of Your Nonprofit
Measuring the Impact of Your NonprofitNetSquared Vancouver
 
Measuring the Impact of Your Nonprofit
Measuring the Impact of Your NonprofitMeasuring the Impact of Your Nonprofit
Measuring the Impact of Your NonprofitNetSquared Vancouver
 
How Nonprofits Can Create 10x the Content Without More Work
How Nonprofits Can Create 10x the Content Without More WorkHow Nonprofits Can Create 10x the Content Without More Work
How Nonprofits Can Create 10x the Content Without More WorkNetSquared Vancouver
 
Leah Chang — E-tapestry lingo bingo worksheet
Leah Chang — E-tapestry lingo bingo worksheetLeah Chang — E-tapestry lingo bingo worksheet
Leah Chang — E-tapestry lingo bingo worksheetNetSquared Vancouver
 
Leah Chang — CRM naming poll sample
Leah Chang — CRM naming poll sampleLeah Chang — CRM naming poll sample
Leah Chang — CRM naming poll sampleNetSquared Vancouver
 

Mais de NetSquared Vancouver (20)

TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
TechSoup Connect Western Canada: Data To Action: Making Your Data Visible and...
 
How to Make Your Donors’ Dollars Go Even Further
How to Make Your Donors’ Dollars Go Even FurtherHow to Make Your Donors’ Dollars Go Even Further
How to Make Your Donors’ Dollars Go Even Further
 
Show, Don’t Tell: How Your Data Can Reveal Your Impact Story
Show, Don’t Tell: How Your Data Can Reveal Your Impact StoryShow, Don’t Tell: How Your Data Can Reveal Your Impact Story
Show, Don’t Tell: How Your Data Can Reveal Your Impact Story
 
Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...
Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...
Most Digital Transformations Fail – Make Yours Succeed - with Kevin Christop...
 
What is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime Value
What is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime ValueWhat is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime Value
What is a New Member Worth? A Guide to Acquisition Costs + Member Lifetime Value
 
Digital Marketing Diagnostics Part 1
Digital Marketing Diagnostics Part 1Digital Marketing Diagnostics Part 1
Digital Marketing Diagnostics Part 1
 
Digital Marketing Diagnostics pt. 2.pdf
Digital Marketing Diagnostics pt. 2.pdfDigital Marketing Diagnostics pt. 2.pdf
Digital Marketing Diagnostics pt. 2.pdf
 
Improve Your Event Marketing Strategies by Leveraging What Already Works
Improve Your Event Marketing Strategies by Leveraging What Already WorksImprove Your Event Marketing Strategies by Leveraging What Already Works
Improve Your Event Marketing Strategies by Leveraging What Already Works
 
Jai Djwa — User Experience FTW
Jai Djwa — User Experience FTWJai Djwa — User Experience FTW
Jai Djwa — User Experience FTW
 
Sara Hoshooley — Building donor relationships in 2022
Sara Hoshooley — Building donor relationships in 2022Sara Hoshooley — Building donor relationships in 2022
Sara Hoshooley — Building donor relationships in 2022
 
Shelina Dilgir — Learning the latest trends in individual giving and donor st...
Shelina Dilgir — Learning the latest trends in individual giving and donor st...Shelina Dilgir — Learning the latest trends in individual giving and donor st...
Shelina Dilgir — Learning the latest trends in individual giving and donor st...
 
Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...
Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...
Kevin Christopher-George - Quantifying Your Desired Outcomes from Investments...
 
Meaningful Work: Building Resilience and Capacity through Skilled Volunteering
Meaningful Work: Building Resilience and Capacity through Skilled VolunteeringMeaningful Work: Building Resilience and Capacity through Skilled Volunteering
Meaningful Work: Building Resilience and Capacity through Skilled Volunteering
 
Demo Event: Four Innovative Apps for Food Pantries and Food Banks
Demo Event: Four Innovative Apps for Food Pantries and Food BanksDemo Event: Four Innovative Apps for Food Pantries and Food Banks
Demo Event: Four Innovative Apps for Food Pantries and Food Banks
 
Motivating Group Leaders
Motivating Group LeadersMotivating Group Leaders
Motivating Group Leaders
 
Measuring the Impact of Your Nonprofit
Measuring the Impact of Your NonprofitMeasuring the Impact of Your Nonprofit
Measuring the Impact of Your Nonprofit
 
Measuring the Impact of Your Nonprofit
Measuring the Impact of Your NonprofitMeasuring the Impact of Your Nonprofit
Measuring the Impact of Your Nonprofit
 
How Nonprofits Can Create 10x the Content Without More Work
How Nonprofits Can Create 10x the Content Without More WorkHow Nonprofits Can Create 10x the Content Without More Work
How Nonprofits Can Create 10x the Content Without More Work
 
Leah Chang — E-tapestry lingo bingo worksheet
Leah Chang — E-tapestry lingo bingo worksheetLeah Chang — E-tapestry lingo bingo worksheet
Leah Chang — E-tapestry lingo bingo worksheet
 
Leah Chang — CRM naming poll sample
Leah Chang — CRM naming poll sampleLeah Chang — CRM naming poll sample
Leah Chang — CRM naming poll sample
 

Último

Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Dipal Arora
 
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...CedZabala
 
(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service
(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service
(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30JSchaus & Associates
 
PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)ahcitycouncil
 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...tanu pandey
 
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Call Girls in Nagpur High Profile
 
2024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 292024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 29JSchaus & Associates
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxxIncident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxxPeter Miles
 
Climate change and occupational safety and health.
Climate change and occupational safety and health.Climate change and occupational safety and health.
Climate change and occupational safety and health.Christina Parmionova
 
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Call Girls in Nagpur High Profile
 
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...tanu pandey
 
Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.Christina Parmionova
 
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Call Girls in Nagpur High Profile
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...tanu pandey
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos WebinarLinda Reinstein
 
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 

Último (20)

Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
 
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
 
(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service
(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service
(ANIKA) Call Girls Wadki ( 7001035870 ) HI-Fi Pune Escorts Service
 
2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30
 
PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)
 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
 
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
 
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Dapodi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
2024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 292024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 29
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
 
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxxIncident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
 
Climate change and occupational safety and health.
Climate change and occupational safety and health.Climate change and occupational safety and health.
Climate change and occupational safety and health.
 
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
 
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
 
Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.
 
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar
 
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
 
Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...
Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...
Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...
 

Minimizing the risk of a data breach – a guide for nonprofit organizations

  • 1. 10/31/2017 Minimizing the risk of a data breach: A guide for nonprofit organizations https://charityvillage.com/Content.aspx?topic=Minimizing_the_risk_of_a_data_breach_A_guide_for_nonprofit_organizations#.WebOoxNSznX 1/4 3646 Views 0 Comments 1 Recommends Written by: Angela Byrne   March 8, 2017   More about:  Board of directors, Governance, IT, Management, Planning, Risk, Tools & Tips Text Size: A A 37 back Minimizing the risk of a data breach: A guide for nonprofit organizations About this article The risk of a privacy breach is a very real possibility for many organizations, including charities, and the consequences can be severe. The following headlines demonstrate that no organization is exempt. B.C. woman shocked to find private medical information of 10 other people in file A Calgary liquor store paid a ransom this week to regain access to its computers after hackers infected its database with a virus — and even got an unofficial receipt thanking it for its involuntary "purchase. It’s still unclear if personal data on an unencrypted hard drive missing from the BC Ministry of Education has been used by anyone. Family services sued after personal info hacked, posted on Facebook As many as 8,300 patients had contact information turned over to private RESP companies by employees Despite these headlines we know that many breaches are not reported and organizations are often caught off guard. According to the SC Magazine, about 77% of organizations are unprepared for cyber­security incidents. They quietly go about repairing damage and strengthening security; unbeknownst to the individuals who may be affected. For others, it is only when hearing news of a breach at a neighbouring organization that questions arise about the effectiveness of controls and security of information and systems. This will all change when the mandatory breach reporting requirements included in the new Digital Privacy Act (Bill S­4) comes into force. The Digital Privacy Act amended Canada’s privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). A number of important changes to PIPEDA to strengthen privacy protection came into effect in 2015. Regulations for mandatory data breach reporting are in process with no effective date announced. It is important to note that once mandatory reporting is in place, failure to meet requirements will carry fines of up to $100,000. In my experience charities are particulary vulnerable. The pressure to minimize administrative expenses and funnel all revenue into service delivery often means there is little left over to invest in technology. Particularly in smaller organizations, technology infrastructure is often cobbled together and heavy reliance is placed on the one “IT person” to fill a myriad of roles; from IT strategist to help desk support. To minimize the risk of data breaches, avoid the negative headlines and ultimately comply with emerging regulations, charities will want to implement a systematic approach that provides assurance that risks to the information that they collect and store and the systems that hold that information are being addressed. Implementing the following 5 steps will provide valuable information on the level of vulnerability of a data breach: 1. Formally define the objective 2. Identify and prioritize risks to achieving the objective 3. Evaluate risk treatments 4. Close the gaps
  • 2. 10/31/2017 Minimizing the risk of a data breach: A guide for nonprofit organizations https://charityvillage.com/Content.aspx?topic=Minimizing_the_risk_of_a_data_breach_A_guide_for_nonprofit_organizations#.WebOoxNSznX 2/4 5. Review and Refresh A discussion of each of these steps follows. 1. Formally define the objective The first step is to formally define an objective related to data privacy and security. Although this may seem obvious, it may come as a surprise that many organizations have not done so. Often attention and resources are focused on value creation objectives. They are aptly named, as they create value for the organization when achieved. Common examples relate to: Improving quality of service delivery Increasing revenue Reducing wait times for service Less familiar are those objectives that strive to preserve or prevent the erosion of the value of an organization. Although there are often no accolades or celebration for achieving these objectives; if not realized, they can cost money, expose the organization to fines and penalties, damage reputation and may even have catastrophic consequences as could be the case with the organizations in the headlines noted above. These objectives often address such areas as: Health and safety compliance Integrity of financial reports Compliance with legislation Protecting assets Preventing fraud We can see that objectives in any of the above areas, if not achieved present considerable risk to an organization and have the potential to erode value. Similar to the areas mentioned above objectives related to data privacy and security would also fall into the category of value preservation. Objectives may be developed for any of the following areas: Safeguarding personal and confidential data Protecting information systems from unauthorized access Ensuring full compliance with all privacy legislation Although many organizations may informally acknowledge the importance of value preservation objectives, often they not formally established, managed and monitored. Formally articulating objectives that relate to the security and safety of information and technology increases the chances they will be achieved. An important step in establishing the data security objective is to ensure an owner accountable for action is assigned. To demonstrate the following steps we will use the following example of a value preservation objective for data security: “Prevent unauthorized access to all information technology systems in 2017.” 2. Identify and prioritize risks to achieving the objective To achieve an objective it is necessary to understand what can get in the way of success. Anticipating the risks helps organizations to understand what could go wrong and how to get the organization back on track. As risks are identified, it is necessary to prioritize them based on likelihood and impact. This is critical to ensuring that scarce resources are focused on the highest priority risks. The two questions to ask are: 1. What is the likelihood that this will happen? 2. What is the impact to the organization if it does? A number of basic risks readily come to mind when we think about our objective above; “Prevent unauthorized access to all information technology systems in 2017.” The wrong people have access to information systems Information systems are not protected Users can modify or delete data
  • 3. 10/31/2017 Minimizing the risk of a data breach: A guide for nonprofit organizations https://charityvillage.com/Content.aspx?topic=Minimizing_the_risk_of_a_data_breach_A_guide_for_nonprofit_organizations#.WebOoxNSznX 3/4 As we apply the two basic questions to the risk examples, we may conclude that likelihood may be high and any breach to systems or the data will have a significant impact. Avoid the temptation to be lulled into a false sense of security with rationale that your organization is too small to bother or that you have nothing of value. According to Richard Wilson, partner, cyber security and privacy practice, PwC Canada: "Canadian business and public sector leaders need to better understand the full range of impacts a cyber security breach can have on their organizations. This issue has evolved far beyond data loss. Beyond financial and reputational damages, we are seeing impacts to competitiveness, product and service quality, employee retention, and the health and safety of both employees and the public." 3. Evaluate risk treatments in place Risk treatment is a term used to describe the action that the organization takes to control the exposure to risk. The most common types of risk treatments are: avoid, transfer or share, accept, or implement controls. Avoiding the risk involves stopping the activity that is creating the risk. For charities this may mean stopping service. Not a realistic option if the mission is to be achieved. Transfer or sharing risk is when the organization gets someone else to fully or partially accept the risk. Examples include purchasing insurance or sharing risk with another party. Risk acceptance is when an organization accepts the risk. This happens informally all the time, as organizations recognize a risk and move forward without taking any action. Whether acknowledged or not, the risk has been accepted. Implementing controls are actions that the organization takes to reduce the level of exposure to the risk. Actions can include staff training, policies and procedures, reviews, approvals, supervisor sign offs, completeness checks, etc. Assessing and determining the appropriate risk treatments to address priority risks provides an organization with the information they need to close the gaps. Continuing with our example, risk treatments may include a number of measures such as: Implementing access and permission controls such as ensuring users access is approved on a “need to know” basis Partnering with IT service providers that detect and monitor security Educating users on appropriate security protocols Regular evaluation of qualifications and competencies of IT staff Purchasing cyber security insurance Implementing retention and destruction policies to ensure personally identifiable information is not kept longer than necessary 4. Close the gaps With an understanding of the objective, the potential risk and risk treatments it is now time to take action to close any gaps. By taking action, the organization is increasing its chances of achieving the objective. It is not only important to take action but to also ensure that the action taken to mitigate risks is effective. That means evaluating the activities to ensure this is the case. Keep in mind that the only way to completely remove a risk is to avoid it. All other actions serve to reduce the risk but will not eliminate it. With that in mind, organizations need to understand the level of risk that continues to exist after action has been taken and if they can accept the remaining level of risk. In our example above, perhaps we conclude that users are not as security aware as needed. In this case, a common response is to implement user training. We know that after receiving training there is still a chance that users will not follow best practices and a security risk remains. Organizations need to determine if they can live with the remaining risk or if additional steps need to be taken. 5. Review and Refresh At least annually, or when major change occurs, objectives, risks and risk treatments need to be reviewed. Change is constant. This is particularly relevant in the field of technology where information security continually needs to address new and emerging threats. Objectives may need to be revised and risks to achieving the objective will change. Risk treatments also need to be continually reviewed to make sure they are working and reduce risk to an acceptable level. Implementing these five steps will ensure that value preservation objectives, such as those needed to protect data and information systems, are managed and dire consequences for organizations are reduced.
  • 4. 10/31/2017 Minimizing the risk of a data breach: A guide for nonprofit organizations https://charityvillage.com/Content.aspx?topic=Minimizing_the_risk_of_a_data_breach_A_guide_for_nonprofit_organizations#.WebOoxNSznX 4/4 Angela Byrne, president of Angela Byrne Consulting Inc., is passionate about helping organizations develop good structure and processes that manage risks and deliver results. She has extensive knowledge of charities and has worked with a number of organizations across Ontario. Angela is a Chartered Professional Accountant, Certified Management Accountant, Certified Internal Auditor and holds certifications in Information Systems Auditing and Risk Management Assurance. Angela welcomes thoughts and comments on this article by email to info@angelabyrnecma.com as well as any questions she might address in future articles. You can also find her on twitter at @byrne_angela and on LinkedIn. Go To Top Comments Sort by  Newest first No Comments Found                Please Login to Post Comments.