< Back to Thought Leadership

Cyber Security for Not-For-Profits

Data breaches can occur in any organization, and not-for-profits (NFPs) are not immune. Oftentimes NFPs can be at risk because their systems are not up-to-date or are simplistic in nature. It’s very important for NFPs, especially those that collect donor or member information (including names, addresses, email addresses, and credit card information), to address cyber security frequently and holistically. Data breaches don’t have to just mean cyber attacks, either. They can be caused by human error, like employee misplacement of equipment; i.e. laptops, smartphones or flash drives. Most cyber attacks can be prevented through a more vigilant approach to cyber security. There are several components to consider when assessing your organization’s overall security.

There are four cyber security principles to consider:

  • Confidentiality – ensuring information is protected from unauthorized access.
  • Availability – ensuring information and systems are reliable and available for end users.
  • Integrity – ensuring information is protected from unauthorized changes.
  • Security – ensuring that information is confidential, available, and held in integrity through the use of appropriate controls.

There are several controls or tools to consider to improve your organization’s cyber security.

  • Access controls – do you have strong passwords? Are they changed often? Passwords should be user specific and never shared.
  • Encryption – messages can be encrypted for secure delivery; this feature is becoming more cost effective, especially for smaller organizations as security needs increase.
  • Backups – off-site backups are a key component of security.
  • Firewalls – create a barrier between your secure systems and the rest of the internet.
  • Anti-virus and anti-malware software – invest in good software, which includes regularly installing updates from the vendors.

Have a plan for your organization that considers the factors above. Some additional components to consider when developing your organization’s plan include considering:

  • What’s important? Determine critical assets and what the threats could be.
  • How to be proactive? Include controls to prevent problems, not just to detect them.
  • Are we changing as often as necessary? Look at cyber security on an annual basis at a minimum and adjust accordingly.
  • Do we have the right people? Sometimes it’s necessary to outsource security needs to an information technology (IT) firm. There are firms that specialize in NFP security available.
  • Is open dialogue encouraged? All employees of an organization should be involved in assessing risk on a day-to-day basis. Encourage open dialogue if circumstances appear risky or out of the ordinary.
  • Is proper training in place? Educating employees about all aspects of the security plan, as well as current security threats, is key to preventing data breaches.

For more information, please visit the American Institute of CPAs Cybersecurity Resource Center.

If you would like to discuss your organization’s particular cyber security needs, please contact Tom Skoog, head of our IT Advisory Services, at tskoog@blueandco.com.

Blue & Co., LLC Announces New Partnership With Vsimple | Vsimple and Blue and Co logo

Blue & Co., LLC Announces New Partnership With Vsimple

CARMEL, Ind. (May 5, 2022) – Blue & Co., LLC is excited to announce our new partnership with Vsimple, a workflow management software company based in New Albany, IN.  Blue & Co and Vsimple will be working closely together to address the workflow and process improvement challenges of manufacturers throughout the Midwest. “At Blue & […]

Learn More
Proposed Rule FY 2023 for Skilled Nursing Facilities

Proposed Rule FY 2023 for Skilled Nursing Facilities

It is that time of year again! The Center for Medicare and Medicaid Services (CMS) has issued the proposed rule that would update Medicare payment policies and rates for the fiscal year (FY) 2023’s Skilled Nursing Facility (SNF) Prospective Payment System (PPS). The Patient Driven Payment Model (PDPM) was implemented on October 1, 2019. This […]

Learn More
Coverage Scheduling Solutions for Physician Practices and Hospital Systems

Scheduling Solutions for Clinician Work-Life Balance

One of the most challenging conversations in any multi-physician practice or specialty-based hospital employed group is about how to create a fair distribution of on-call and/or inpatient hospital service coverage while balancing the duties of an outpatient practice. The COVID-19 pandemic has contributed to clinician burnout, and physicians and Advanced Practice Providers (APPs) place significant […]

Learn More