Build Your Cybersecurity Breach Defenses Before It’s Too Late

By Rachel Sams When a cybersecurity breach hits your organization, it’s too late to build optimal defenses. Your best opportunity to protect your nonprofit’s data exists now. It’s tough for any nonprofit to prepare for a crisis that hasn’t happened yet. Staffs and budgets are stretched thin everywhere. But with a reasonable amount of time … Continued

What Your Board Needs to Know About Cyber Threats

By Melanie Lockwood Herman Risk is top-of-mind for many nonprofit boards these days. Board members understandably want to grasp the top risks facing an organization and have confidence that the management team is prepared to weather the downside risks it cannot avoid. And based on our work with nonprofits across a wide spectrum of missions, … Continued

What Your Board Needs to Know About Cyber Threats

By Melanie Lockwood Herman Risk is top-of-mind for many nonprofit boards these days. Board members understandably want to grasp the top risks facing an organization and have confidence that the management team is prepared to weather the downside risks it cannot avoid. And based on our work with nonprofits across a wide spectrum of missions, … Continued

Framework to Implement a Cybersecurity Plan

by Afua Bruce for NTEN Once organizations understand what cybersecurity is and recognize that it is a threat to their operations, the next step is to assess what cyber risks the organization has. By conducting risk assessments and implementing appropriate protections, organizations can decrease the likelihood of a cybersecurity attack. Additionally, the risk assessment process … Continued

Know Your CyberSpeak: A Cyber Risk Glossary

Navigating the world of cyber risk often feels a lot like learning a foreign language. Terms and concepts can be confusing and unfamiliar. This Cyber Risk Glossary will help nonprofit leaders as they examine cyber liability insurance policies and develop the necessary technology-related security protocols to protect their missions. Cloud – The term “Cloud” refers … Continued

Cloud Computing – BCP Boon or Boobytrap?

(download The Business Continuity Planning issue of Risk Management Essentials, here.) By Katharine Nesslage Many nonprofits are routinely taking advantage of the “Cloud” to provide low-cost software and data solutions. Gone are the days when organizations were required to purchase and maintain expensive servers on-site to house their applications and data. The allure of being able … Continued

Managing Risk in Tech Vendor Selection

Choosing a technology vendor can feel like learning an entirely new language and consume valuable staff time your team would rather spend on something else! And because tech contracts and marketing materials are filled with unfamiliar terms, some nonprofit teams lean towards “trust” instead of “verify.” This webinar provides an overview of the risks that … Continued

Cyber Liability Insurance: What You Need to Know

Risks related to data privacy and systems security are top-of-mind for risk professionals. And although insurance coverage is available for many aspects of this complex risk landscape, insurance products differ in intent, structure, and protection. Attend this webinar to learn about the key components and features of insurance policies available to protect against the “what … Continued

Technology Mishaps: Planning for IT and Communications Disasters

By Christy Grano For most of us, the word “disaster” usually brings to mind a natural disaster like a hurricane or a tsunami, but in the risk management world technology disasters immediately come to mind. An unexpected loss of data or communication can bring an entire organization to a halt if power, internet, email, or … Continued

Social Engineering: Why People with Passwords are the Biggest Threat to Your Mission

By Melanie Lockwood Herman During a recent conversation with my daughter, she explained how despite the beautiful building, appealing inventory, and ideal location of her first retail job, she viewed it as the “worst place to work.” Why? “The people,” she explained. “If even half of the managers had been kind, supportive, patient or pleasant, … Continued

Not Even Remotely: Understanding & Managing Remote Worker Risks

As the popularity of flexible working arrangements grow, more and more employers are allowing employees to work remotely or telecommute. Allowing flexible arrangements is even expected in many workplaces, but many employers do not fully understand the risks that may be associated with the set-up. This webinar addresses topics including: Determining whether telecommuting can work … Continued

Managing Remote Worker Risk

By Melanie Lockwood Herman You’ve either heard the gossip about remote workers, been the subject of comments about your engagement as a remote worker, or perhaps you’re a dreamer, longing to replace an expensive, lengthy commute with a short walk to your home office. Recent research sheds a bright light on some of the myths … Continued

Cyberbullying & Cyber Threats to Young People

By Lexie Williams In August of 2009, a nonprofit college preparatory day school in Los Angeles was sued for $100 million dollars by a student’s parents following a case of on-site cyberbullying. The incident occurred when nine students accessed another student’s personal website from school computers and left death threats. The lawsuit alleged negligence committed … Continued

Avoid Distracted Driving: Don’t Get Teary & Put Down Siri

Whether it is sending a quick text or recalling a very emotional memory or event, distracted driving is incredibly commonplace on roads throughout the United States and abroad. The Centers for Disease Control and Prevention (CDC) describes three primary varieties of distraction: visual—taking your eyes off the road manual—taking your hands off the wheel cognitive—taking … Continued

Go Phishing: Understanding Current Cyber Terms and Risks

Join us as we explore hot topics and trends in cyber security, including cloud computing risks, email scams such as phishing, and risks associated with BYOD programs. The webinar will help define and explain these risks, and will provide risk tips on how to protect your nonprofit from cyber threats. Learn how to identify weaknesses that expose your … Continued

BYOD: Managing the Risk of Personal Devices at Work

Many nonprofit employees are asking to use personal devices for business purposes, including devices containing apps, music collections, photos and more. This webinar will explore the risks and rewards of the “BYOD” movement — Bring Your Own Device. Tune in for practical advice on managing the risks of dual-use devices in a nonprofit workplace, including … Continued

Risk in the Cloud: Keep Your Assets Protected When Flying High

Are you leery of cloud computing? Many nonprofit leaders are considering the upsides of cloud computing, but remain concerned about data security in the cloud. This webinar will explore security risks in a cloud computing environment and offer actionable tips and recommendations to smooth your transition to the cloud. This content-packed webinar will address the … Continued

Managing Technology Risks: Employee and Volunteer Blogs, e-Commerce, and Internet Piracy

Organizations are finding that technology is both a blessing and a curse: easy access to information on the outside can also mean easy access by the public to the nonprofit’s proprietary information and to employees’ use (and abuse) of the Internet. Blogs, employees’/volunteers’ Web sites and e-mail, as well as e-commerce activities of nonprofits themselves … Continued

Your Biggest Security Risk is Close at Hand

March 25, 2015 By Arley Turner According to an article titled “Planet of the Phones” featured in the 2/25/15 edition of The Economist, by 2020 over 80% of adults will have a smartphone, and 80% of current smartphone users reach for their phones within 15 minutes after waking up. I am one of them. After … Continued

Hitting the Tweet Spot: Managing Social Media Risk

By Emily Stumhofer and Melanie Lockwood Herman The only way to dodge social media risk these days is to abstain from posting, peeking and, with a new ruling from the National Labor Relations Board, liking! And few employers or employees are choosing abstinence these days according to a recent poll. The 2014 Pew Internet Project … Continued

Data Privacy and Cyber Liability: What You Don’t Know Puts Your Mission at Risk

By Erin Gloeckner and Melanie Lockwood Herman If you were a long-time donor to a nonprofit, and just learned that your credit card details provided to the nonprofit to make a donation are now in the hands of a hacker, would you ever trust that organization again? In an article about nonprofits and sensitive data … Continued

Effective Training is Key to Managing the Risks of Staff Turnover

By the Nonprofit Risk Management Center Team Turnover is a recurring challenge for nonprofit organizations. Paid and volunteer staff may move on to new challenges or better paying positions. From time to time, a nonprofit may need to terminate the employment of a poor performer or lay off employees during an economic downturn. In all … Continued

Full Speed Ahead: Managing Technology Risk

By the Nonprofit Risk Management Center Preventing Employee Misuse of Technology A nonprofit employer places a great deal of trust in its employees when providing equipment and an electronic connection to the outside world. The survival and viability of your nonprofit may depend on how, and whether, employees uphold that trust, and how well you … Continued

The Flaw of Unintended Consequences

By Melanie Lockwood Herman My travels often involve taxi rides and I find that there is much to learn while traveling from the airport to the center city. Sometimes the lessons are provided through a conversation with a taxi driver, while in other cases I learn simply from observing my surroundings. During a short trip … Continued

The Evolution of Spam

By Melanie Lockwood Herman Where did those pesky, inbox-clogging spam e-mail messages go? According to an article titled “Long life spam” appearing in a series of three pieces on the topic in the November 18th edition of The Economist, “Spammers are moving onto social-networking sites such as Facebook because they find e-mail increasingly unrewarding.” Spam … Continued

Short, Sweet and Shallow

By Melanie Lockwood Herman The sense of frustration that overcomes me when I cannot remember something that seems vital in the moment has become a recurring, increasingly unpleasant phenomenon. Like many of my generation I instinctively blame the inability to recall information on my aging brain. I blame my inaccurate recall (e.g., “cappy hampers” instead … Continued

Conquering the Fear of Scrutiny

By Melanie Lockwood Herman I Would Prefer That You Not Look To err is human. And to fear scrutiny of our shortcomings is human nature. Although the popularity of reality TV shows suggests otherwise, most people value their privacy and would prefer to keep television cameras out of their homes. It should not be surprising … Continued

Kicking and Screaming

By Melanie Lockwood Herman This past weekend I served on a panel at the annual conference of the National Association of Planning Councils. The session topic was “social media” and I was asked to speak about the risks associated with the use of social media tools in nonprofit organizations. It was a terrific opportunity to … Continued

3 Benefits and 2 Risks for Nonprofits Leaders Using LinkedIn

By Chris Croll First, the good news. LinkedIn is a valuable social media channel where nonprofit leaders can network with one another, recruit volunteers and communicate with donors and other key audience members. But there are risks of using LinkedIn that you should be aware of before you jump in. Here are some of the … Continued

5 Steps to Effectively Managing Social Media Risk

By Chris Croll Is your organization among the 97% of nonprofits in the US that use Facebook, Twitter, LinkedIn and other social media as a key part of your communications and development efforts? If so, you should be thinking about how best to protect your organization from any number of risks that are unique to … Continued

Is Cloud Computing Risky?

By Melanie Lockwood Herman There are certain facets of nonprofit management that haven’t changed in the 25+ years I’ve been working in the nonprofit sector. As was true in the “old days,” it’s still vital to recruit qualified staff to execute the vision of the nonprofit board. And it remains true that written policies that … Continued

Six Tips for Playing it Safe: At Work, At Home, On the Web

Six Tips for Playing it Safe: At Work, At Home, On the Web by Dennis M. Kirschbaum, ARM We have all heard the saying, To err is human; to really foul things up requires a computer.” The fact is, computers do not foul things up, people do. But computers allow us to foul them up … Continued

Volunteers, Social Media and Risk

Here are a few tips for managing the risks that arise from volunteer use of social media or the use of social media to attract, support and connect volunteers. Don’t overreact — Posting a “tit for tat” response to every negative post by disgruntled volunteers may cast your nonprofit in a negative light. Stakeholders may … Continued

Tech Risk Q & A

Tech Risk Q & A by Melanie Lockwood Herman & Erin Gloeckner Q: What questions should we ask the references of a prospective new tech vendor? A: Checking references for any new vendor is a good idea and sound risk management practice. When checking references for a new technology vendor, try to ask questions that … Continued

Personal Privacy: The Latest Oxymoron on the Internet

Personal Privacy: The Latest Oxymoron on the Internet

Making Net Gains

Making Net Gains Staying Safe While Making a Name for Your Nonprofit on the Internet The following article is adapted from a chapter on managing the risks of Web functionality and content featured in a new book by the Nonprofit Risk Management Center titled: Full Speed Ahead: Managing Technology Risk in the Nonprofit World.

Tame Junk E-Mail

Tame Junk E-Mail Take Me Off Your Spam List!

Setting Your Sites: Fraud Resources on the Web

Setting Your Sites: Fraud Resources on the Web This month we profile several web sites that offer helpful information on fraud prevention. American Institute of Certified Public Accountants (AICPA) web site: AICPA sells a number of publications that provide very specific guidance on the topics of fraud and fraud investigations. Institute of Internal Auditors … Continued


eNoculation Shortly after the I Love You” virus shut down computers all over the world, The Wall Street Journal published an editorial titled, “Love Bug Victims Don’t Want the Cure.” The gist of the piece was that folks actually enjoy these disruptions to the routine and that it is especially good for companies that market … Continued

Private, Keep Out!

Private, Keep Out! Meeting Your Clients’ Expectations of Privacy Online by Dennis M. Kirschbaum, ARM I would not call myself a runner. Yes, I do jog for exercise a few times a week, but to me a runner is someone who competes in races, wears a number, and has the special shorts and shirts purchased … Continued

Technology: Boon or Bust?

Technology: Boon or Bust? By Jennifer Chandler Hauge

IRS Warns of Internet Scam

IRS Warns of Internet Scam

Blogs Are Here to Stay

Blogs Are Here to Stay It’s time to update your policies By Jennifer Chandler Hauge Attendees at the 2007 Summit for the Nonprofit Sector in Winston-Salem heard a lot about the Internet and cyber-safety from plenary session speaker and national syndicated columnist Larry Magid as well as the Center’s executive director, Melanie Herman. Both speakers … Continued

Practice Safe Surfing and Defensive E-Mail

Practice Safe Surfing and Defensive E-Mail By Barbara B. Oliver

Risk in the Cloud

Risk in the Cloud by Erin Gloeckner   Remember the craze over beanie babies in the 1990s? I was just a kid during the 90s, so I innocently endorsed that craze. My parents suffered through my childhood, spending heaps of money when I demanded to have the next bear, skunk, or whale in my collection. … Continued

Personal Devices at Work

by Erin Gloeckner Employee-owned versus organization-owned… the battle wages on. As employees, many of us prefer to use personal phones and laptops for work because they are convenient, commonsense, and a lot cooler than what the IT department provides. Nonprofits know there is no way to prevent all employees from accessing personal phones at work, … Continued