1. Miranda R. Dalton
511C
10.18.11
NPOs and Information Security
An analysis of the factors that contribute to the vulnerability of NPOs
and best practices in combating criminal activity.
2. Agenda
Recommendations
Securing
Information
Vulnerability of
NPOs
Responsible
Factors
The Interest in
Nonprofits
3. Research Approach
• Articles disseminated over a three year period
(2007-2010)
• Similarities and discrepancies among articles
explored
• Nonprofit Organizations will be referenced as
NPOs
4. Nonprofit Sector
A growing sector in our nation’s economy
1.5 Million
NPOs in 2008
A Target For Cyber Criminals
5. Why the Interest in Nonprofits?
Cyber Criminals see tremendous financial gain
•Nonprofit budgets are growing
• If successful, cyber criminals can gain access to organization’s financial accounts
and personal/financial information of donors
• Cyber Criminals are finding new and innovative malware to penetrate networks
• New malware is not easily stopped
• Development of new malware has morphed into a multi-billion dollar global
enterprise
6. The Vulnerability of NPOs
Responsible Factors
Human Carelessness Financial Constraints Underestimating the Risk
• Accidentally posting • Anti-virus software costly • NPOs have versatile
information online and quickly become out payments options for
of date donors
• Discarding information in
an unsecured dumpster • Majority of funding is for • In the process,
program services and information security is
• Stolen hardware & delivery lost
information by
temporary employees • Difficult to allot money to • Larger NPOs more
purchase current security security measures, but
software and employ IT greater financial
staff transactions -TARGET
7. Securing Information
A comparison of strategic approaches
Install latest antivirus Undergo cultural change Back up and redundant
software and employ IT staff related to information systems
security
• McAfee • Securing information is the • The issue – reactive in nature
responsibility of all
• Norton • Only relevant once networks
• Security Awareness Programs have been compromised
• Latest security versions - training in information
should be installed in security • Should not become the
computers prevailing IT strategy
• Adoption of proper
• Expensive protocols/procedures in
securing information
• Budgetary Issues –
organization can’t afford IT • Buy in needed of all key
staff or to contract out to stakeholders
third partyies
8. Recommendations to Nonprofits
• Information security must become a key component of
strategic planning
* Will assist in changing the culture of an organization
* NPOs will begin to dialogue concerning matters of information
security and the adoption of security initiatives
• Training must occur on an ongoing basis
* Argument: NPOs are already stressed and further training would
add to the frustration of NPOs
* Counter Argument: If IT and security matters are not a priority, it could harm
contributions if donors feel that their information has been compromised
9. Recommendations to Nonprofits
Five Steps in Creating an Information Security Plan
1. Develop information security policies
2. Communicate the information security policies
3. Indentify critical information assets and risks
Five Steps in Creating an Information
4. Test and reevaluate risks
Security Plan
5. Obtain stakeholder support
10. Security and the Internet - Fighting Malware. (2008, July). OECD Observer, 10-11.
Six ID Theft Trends for 2010. (2010, February). Credit Union Magazine, 42.
Baltzan, Phillips, & Haag. (2009). Information Technology and Management. (third, Ed.) McGraw-
Hill.
Dinerman, B. (2009, July 21). Security Threats: A guide for small and mid-size nonprofits.
Retrieved October 10, 2011, from TechSoup:
http://www.techsoup.org/learningcenter/techplan/page11904.cfm
Meron, J. (2009, January 26). NP Tech News. Retrieved October 10, 2011, from
http://www.nptechnews.com/management-features/increasing-data-security-in-an-increasingly-
insecure-world.html
Popa, C. (2007, February). Information Security for Nonprofits. CMA Management, 19-21.
Sherstobitoff, R. (2008, April 21). How to Make Sure You Aren't the "Low-Hanging Fruit" for Fraud.
8.