By: Billy Coulter The Greater Washington Nonprofit Symposium recently covered a variety of topics relevant to not-for-profit organizations, but one area seemed to keep coming up in various sessions: cybersecurity. One major obstacle that not-for-profit organizations will face in the upcoming years is the growing cybersecurity threat and the impact it can have on their operations. Cybersecurity threats can result from a variety of factors, including:

• Lack of software updates

• Third-party vendor security

• Lack of controls on who has access to the organization’s computer system

• Employees and other internal actors

Surprisingly, 43% of data loss—half intentional, half accidental—is the result of individuals within the organization. As a result, one of the most important steps that a not-for-profit organization can take to protect itself against cybersecurity attacks is to develop an incident response plan. There are five major areas that should be considered when establishing a plan: identify, protect, detect, respond, and recover.

1. The first step is to identify methods and practices for incident discovery and then focus on training and awareness of employees in their organization. A good starting point is to create an incident response team with designated responsibilities who can create a plan and then communicate it to the rest of the organization.

2. Once the team is educated and prepared for cybersecurity threats they can begin to take measures to protect their organization. It can be helpful to research typical incidents and cybersecurity breaches that have occurred in their industry.

3. Your incident response team should then focus their attention on detecting potential control weaknesses and areas susceptible to a cyber threat.

4. Next, establish a strategy for reporting needs when a potential threat is detected. This can include a variety of procedures that include eradicating, containing, and recovering from the threat, as well as how to publicly handle the issue.

5. Lastly, it’s important to plan how to restore any lost data or services.

The threat of cybersecurity attacks and breaches is one that is steadily increasing with predicted global costs of data breaches reaching $2.1 trillion by 2019. It is estimated that over $1 trillion will be spent on cybersecurity globally between 2017 and 2021. It’s best to take a proactive approach and start preparing to protect from these threats now versus the reactive approach that could have devastating repercussions down the road.If you have questions or would like additional information about this topic, please contact one of DeLeon & Stang’s professionals today at (301) 948-9825.