Resources
Build Your Cybersecurity Breach Defenses Before It’s Too Late
By Rachel Sams When a cybersecurity breach hits your organization, it’s too late to build optimal defenses. Your best opportunity to protect your nonprofit’s data exists now. It’s tough for any nonprofit to prepare for a crisis that hasn’t happened yet. Staffs and budgets are stretched thin everywhere. But with a reasonable amount of time … Continued
Comparison: HR Systems for Small Nonprofits
This factsheet compares and contrasts the features of 4 leading HR web products that offer pricing and options appropriate for small nonprofits: BambooHR, Eddy, Gusto, and Zenefits.
Ready to Respond: Building Resilience for a Cybersecurity Incident
Cybersecurity breaches can be scary and overwhelming for any nonprofit. This factsheet has six MUST-DO TASKS for any organization to ensure you’ll be ready if and when a breach happens.
What Your Board Needs to Know About Cyber Threats
By Melanie Lockwood Herman Risk is top-of-mind for many nonprofit boards these days. Board members understandably want to grasp the top risks facing an organization and have confidence that the management team is prepared to weather the downside risks it cannot avoid. And based on our work with nonprofits across a wide spectrum of missions, … Continued
What Your Board Needs to Know About Cyber Threats
By Melanie Lockwood Herman Risk is top-of-mind for many nonprofit boards these days. Board members understandably want to grasp the top risks facing an organization and have confidence that the management team is prepared to weather the downside risks it cannot avoid. And based on our work with nonprofits across a wide spectrum of missions, … Continued
Framework to Implement a Cybersecurity Plan
by Afua Bruce for NTEN Once organizations understand what cybersecurity is and recognize that it is a threat to their operations, the next step is to assess what cyber risks the organization has. By conducting risk assessments and implementing appropriate protections, organizations can decrease the likelihood of a cybersecurity attack. Additionally, the risk assessment process … Continued
Know Your CyberSpeak: A Cyber Risk Glossary
Navigating the world of cyber risk often feels a lot like learning a foreign language. Terms and concepts can be confusing and unfamiliar. This Cyber Risk Glossary will help nonprofit leaders as they examine cyber liability insurance policies and develop the necessary technology-related security protocols to protect their missions. Cloud – The term “Cloud” refers … Continued
Cloud Computing – BCP Boon or Boobytrap?
(download The Business Continuity Planning issue of Risk Management Essentials, here.) By Katharine Nesslage Many nonprofits are routinely taking advantage of the “Cloud” to provide low-cost software and data solutions. Gone are the days when organizations were required to purchase and maintain expensive servers on-site to house their applications and data. The allure of being able … Continued
Managing Risk in Tech Vendor Selection
Choosing a technology vendor can feel like learning an entirely new language and consume valuable staff time your team would rather spend on something else! And because tech contracts and marketing materials are filled with unfamiliar terms, some nonprofit teams lean towards “trust” instead of “verify.” This webinar provides an overview of the risks that … Continued
Cyber Liability Insurance: What You Need to Know
Risks related to data privacy and systems security are top-of-mind for risk professionals. And although insurance coverage is available for many aspects of this complex risk landscape, insurance products differ in intent, structure, and protection. Attend this webinar to learn about the key components and features of insurance policies available to protect against the “what … Continued
Technology Mishaps: Planning for IT and Communications Disasters
By Christy Grano For most of us, the word “disaster” usually brings to mind a natural disaster like a hurricane or a tsunami, but in the risk management world technology disasters immediately come to mind. An unexpected loss of data or communication can bring an entire organization to a halt if power, internet, email, or … Continued
Social Engineering: Why People with Passwords are the Biggest Threat to Your Mission
By Melanie Lockwood Herman During a recent conversation with my daughter, she explained how despite the beautiful building, appealing inventory, and ideal location of her first retail job, she viewed it as the “worst place to work.” Why? “The people,” she explained. “If even half of the managers had been kind, supportive, patient or pleasant, … Continued
Not Even Remotely: Understanding & Managing Remote Worker Risks
As the popularity of flexible working arrangements grow, more and more employers are allowing employees to work remotely or telecommute. Allowing flexible arrangements is even expected in many workplaces, but many employers do not fully understand the risks that may be associated with the set-up. This webinar addresses topics including: Determining whether telecommuting can work … Continued
Managing Remote Worker Risk
By Melanie Lockwood Herman You’ve either heard the gossip about remote workers, been the subject of comments about your engagement as a remote worker, or perhaps you’re a dreamer, longing to replace an expensive, lengthy commute with a short walk to your home office. Recent research sheds a bright light on some of the myths … Continued
Online Social Networks, Cyber Risk and Your Nonprofit: What You Need to Know
By Jeffrey S. Tenenbaum, Esq. and A.J. Zottola, Esq. Online social networking sites, such as the popular offerings provided by MYSPACE, FACEBOOK, TWITTER, and LINKEDIN, offer new ways for nonprofits to connect and interact with key stakeholder groups and the community at-large. An online networking site can offer opportunities and rewards due to the ease … Continued
Cyberbullying & Cyber Threats to Young People
By Lexie Williams In August of 2009, a nonprofit college preparatory day school in Los Angeles was sued for $100 million dollars by a student’s parents following a case of on-site cyberbullying. The incident occurred when nine students accessed another student’s personal website from school computers and left death threats. The lawsuit alleged negligence committed … Continued
Avoid Distracted Driving: Don’t Get Teary & Put Down Siri
Whether it is sending a quick text or recalling a very emotional memory or event, distracted driving is incredibly commonplace on roads throughout the United States and abroad. The Centers for Disease Control and Prevention (CDC) describes three primary varieties of distraction: visual—taking your eyes off the road manual—taking your hands off the wheel cognitive—taking … Continued
Go Phishing: Understanding Current Cyber Terms and Risks
Join us as we explore hot topics and trends in cyber security, including cloud computing risks, email scams such as phishing, and risks associated with BYOD programs. The webinar will help define and explain these risks, and will provide risk tips on how to protect your nonprofit from cyber threats. Learn how to identify weaknesses that expose your … Continued
Risk in the Cloud: Keep Your Assets Protected When Flying High
Are you leery of cloud computing? Many nonprofit leaders are considering the upsides of cloud computing, but remain concerned about data security in the cloud. This webinar will explore security risks in a cloud computing environment and offer actionable tips and recommendations to smooth your transition to the cloud. This content-packed webinar will address the … Continued
BYOD: Managing the Risk of Personal Devices at Work
Many nonprofit employees are asking to use personal devices for business purposes, including devices containing apps, music collections, photos and more. This webinar will explore the risks and rewards of the “BYOD” movement — Bring Your Own Device. Tune in for practical advice on managing the risks of dual-use devices in a nonprofit workplace, including … Continued
Managing Technology Risks: Employee and Volunteer Blogs, e-Commerce, and Internet Piracy
Organizations are finding that technology is both a blessing and a curse: easy access to information on the outside can also mean easy access by the public to the nonprofit’s proprietary information and to employees’ use (and abuse) of the Internet. Blogs, employees’/volunteers’ Web sites and e-mail, as well as e-commerce activities of nonprofits themselves … Continued
Your Biggest Security Risk is Close at Hand
March 25, 2015 By Arley Turner According to an article titled “Planet of the Phones” featured in the 2/25/15 edition of The Economist, by 2020 over 80% of adults will have a smartphone, and 80% of current smartphone users reach for their phones within 15 minutes after waking up. I am one of them. After … Continued
Hitting the Tweet Spot: Managing Social Media Risk
By Emily Stumhofer and Melanie Lockwood Herman The only way to dodge social media risk these days is to abstain from posting, peeking and, with a new ruling from the National Labor Relations Board, liking! And few employers or employees are choosing abstinence these days according to a recent poll. The 2014 Pew Internet Project … Continued
Data Privacy and Cyber Liability: What You Don’t Know Puts Your Mission at Risk
By Erin Gloeckner and Melanie Lockwood Herman If you were a long-time donor to a nonprofit, and just learned that your credit card details provided to the nonprofit to make a donation are now in the hands of a hacker, would you ever trust that organization again? In an article about nonprofits and sensitive data … Continued
Effective Training is Key to Managing the Risks of Staff Turnover
By the Nonprofit Risk Management Center Team Turnover is a recurring challenge for nonprofit organizations. Paid and volunteer staff may move on to new challenges or better paying positions. From time to time, a nonprofit may need to terminate the employment of a poor performer or lay off employees during an economic downturn. In all … Continued
Full Speed Ahead: Managing Technology Risk
By the Nonprofit Risk Management Center Preventing Employee Misuse of Technology A nonprofit employer places a great deal of trust in its employees when providing equipment and an electronic connection to the outside world. The survival and viability of your nonprofit may depend on how, and whether, employees uphold that trust, and how well you … Continued
The Flaw of Unintended Consequences
By Melanie Lockwood Herman My travels often involve taxi rides and I find that there is much to learn while traveling from the airport to the center city. Sometimes the lessons are provided through a conversation with a taxi driver, while in other cases I learn simply from observing my surroundings. During a short trip … Continued
The Evolution of Spam
By Melanie Lockwood Herman Where did those pesky, inbox-clogging spam e-mail messages go? According to an article titled “Long life spam” appearing in a series of three pieces on the topic in the November 18th edition of The Economist, “Spammers are moving onto social-networking sites such as Facebook because they find e-mail increasingly unrewarding.” Spam … Continued
Conquering the Fear of Scrutiny
By Melanie Lockwood Herman I Would Prefer That You Not Look To err is human. And to fear scrutiny of our shortcomings is human nature. Although the popularity of reality TV shows suggests otherwise, most people value their privacy and would prefer to keep television cameras out of their homes. It should not be surprising … Continued
Kicking and Screaming
By Melanie Lockwood Herman This past weekend I served on a panel at the annual conference of the National Association of Planning Councils. The session topic was “social media” and I was asked to speak about the risks associated with the use of social media tools in nonprofit organizations. It was a terrific opportunity to … Continued
Short, Sweet and Shallow
By Melanie Lockwood Herman The sense of frustration that overcomes me when I cannot remember something that seems vital in the moment has become a recurring, increasingly unpleasant phenomenon. Like many of my generation I instinctively blame the inability to recall information on my aging brain. I blame my inaccurate recall (e.g., “cappy hampers” instead … Continued
5 Steps to Effectively Managing Social Media Risk
By Chris Croll Is your organization among the 97% of nonprofits in the US that use Facebook, Twitter, LinkedIn and other social media as a key part of your communications and development efforts? If so, you should be thinking about how best to protect your organization from any number of risks that are unique to … Continued
3 Benefits and 2 Risks for Nonprofits Leaders Using LinkedIn
By Chris Croll First, the good news. LinkedIn is a valuable social media channel where nonprofit leaders can network with one another, recruit volunteers and communicate with donors and other key audience members. But there are risks of using LinkedIn that you should be aware of before you jump in. Here are some of the … Continued
Is Cloud Computing Risky?
By Melanie Lockwood Herman There are certain facets of nonprofit management that haven’t changed in the 25+ years I’ve been working in the nonprofit sector. As was true in the “old days,” it’s still vital to recruit qualified staff to execute the vision of the nonprofit board. And it remains true that written policies that … Continued
Volunteers, Social Media and Risk
Here are a few tips for managing the risks that arise from volunteer use of social media or the use of social media to attract, support and connect volunteers. Don’t overreact — Posting a “tit for tat” response to every negative post by disgruntled volunteers may cast your nonprofit in a negative light. Stakeholders may … Continued
Six Tips for Playing it Safe: At Work, At Home, On the Web
Six Tips for Playing it Safe: At Work, At Home, On the Web by Dennis M. Kirschbaum, ARM We have all heard the saying, To err is human; to really foul things up requires a computer.” The fact is, computers do not foul things up, people do. But computers allow us to foul them up … Continued
Setting Your Sites: Fraud Resources on the Web
This month we profile several websites that offer helpful information on fraud prevention. American Institute of Certified Public Accountants (AICPA) website: www.aicpa.org AICPA sells a number of publications that provide very specific guidance on the topics of fraud and fraud investigations. Institute of Internal Auditors (IAA) website: The Institute of Internal Auditors The IIA website … Continued
Making Net Gains
Staying Safe While Making a Name for Your Nonprofit on the Internet The following article is adapted from a chapter on managing the risks of Web functionality and content featured in a new book by the Nonprofit Risk Management Center titled: Full Speed Ahead: Managing Technology Risk in the Nonprofit World. Given how easy it … Continued
Personal Privacy: The Latest Oxymoron on the Internet
Personal Privacy: The Latest Oxymoron on the Internet
Tech Risk Q & A
Tech Risk Q & A by Melanie Lockwood Herman & Erin Gloeckner Q: What questions should we ask the references of a prospective new tech vendor? A: Checking references for any new vendor is a good idea and sound risk management practice. When checking references for a new technology vendor, try to ask questions that … Continued
Technology: Boon or Bust?
Technology: Boon or Bust? By Jennifer Chandler Hauge
Practice Safe Surfing and Defensive E-Mail
Practice Safe Surfing and Defensive E-Mail By Barbara B. Oliver
Private, Keep Out!
Private, Keep Out! Meeting Your Clients’ Expectations of Privacy Online by Dennis M. Kirschbaum, ARM I would not call myself a runner. Yes, I do jog for exercise a few times a week, but to me a runner is someone who competes in races, wears a number, and has the special shorts and shirts purchased … Continued
Blogs Are Here to Stay
Blogs Are Here to Stay It’s time to update your policies By Jennifer Chandler Hauge Attendees at the 2007 Summit for the Nonprofit Sector in Winston-Salem heard a lot about the Internet and cyber-safety from plenary session speaker and national syndicated columnist Larry Magid as well as the Center’s executive director, Melanie Herman. Both speakers … Continued
eNoculation
eNoculation Shortly after the I Love You” virus shut down computers all over the world, The Wall Street Journal published an editorial titled, “Love Bug Victims Don’t Want the Cure.” The gist of the piece was that folks actually enjoy these disruptions to the routine and that it is especially good for companies that market … Continued
Personal Devices at Work
by Erin Gloeckner Employee-owned versus organization-owned… the battle wages on. As employees, many of us prefer to use personal phones and laptops for work because they are convenient, commonsense, and a lot cooler than what the IT department provides. Nonprofits know there is no way to prevent all employees from accessing personal phones at work, … Continued
Risk in the Cloud
Risk in the Cloud by Erin Gloeckner Remember the craze over beanie babies in the 1990s? I was just a kid during the 90s, so I innocently endorsed that craze. My parents suffered through my childhood, spending heaps of money when I demanded to have the next bear, skunk, or whale in my collection. … Continued
Remote Workers: Plugged in Resources or Unmanaged Risk?
Is working from home an efficient alternative to the traditional office job or does it drain or even kill productivity and camaraderie? According to a recent CareerBuilder study, 10% of U.S. workers telecommute at least once a week, up from eight percent in 2007. Cloud computing and high speed wireless networks have made remote worker programs affordable … Continued