Data security is critical to making sure that vital information from your organization is not easily accessible, but maintaining data security isn’t easy. In fact, there have been 540 data breaches this year.
That’s 163,551,023 people affected in 2020 so far by breaches in data security. Let’s dive into this critical topic as more and more workers and students sign in online every, single day.
Top 6 Causes of Data Breaches
To increase your knowledge about data security, here are the top causes of data breaches.
1. Weak and Stolen Credentials
Passwords that are cracked through brute force algorithms are a main cause of data breaches, but so are stolen passwords.
To keep your passwords safe, make sure that you’ve made them complex enough to render them “unhackable”. You can randomly generated passwords and manage them with tools like LogMeOnce or LastPass. Extra points for a combination of upper and lowercase letters, numbers, and special characters.
2. Application Vulnerabilities
Hackers find the technical vulnerability in a software and then exploit it. Before using or launching a new application, make sure your team tests it for vulnerabilities and finds ways to patch those security threats. This includes applications that house your constituent data, like your Advancement CRM database.
“Malware” is short for “malicious software.” It describes a variety of threatening methods that are designed to infiltrate and damage, disrupt, or hack a device. For example, think of viruses, worms, ransomware, and Trojan Horses. You don’t want to be on the receiving end of malware.
4. Malicious Insiders
Taking care of your employees so that they don’t become a future risk to your institution is important, but so is screening out those who seem predisposed to betraying their employer. Malicious insiders are the employees who have access to sensitive information and then purposefully commit a data breach to harm the institution. Better hiring and screening processes, along with maintaining a good organizational culture and robust employee training programs, can help prevent these insiders from coming on board and wreaking havoc from within the organization.
5. Insider Error
Employees who do not have malicious intent but commit a data breach by mistake are also a threat. These employees may not be aware they’ve done anything wrong, but one accidental keystroke can cause a serious data breach.
For these employees, it’s important to remind them to take more care with their work and to encourage them to be transparent when they’ve made an error. Employee training is a crucial step to prevent these errors. Together, you can grow and learn, ultimately stopping similar mistakes from happening.
6. Physical Theft
Theft of a device that holds your institution’s sensitive information falls under this category. To prevent these breaches, you may want to take extra care in where you physically store this information—consider using a safe or a security system.
Why Preventing Data Breaches Is Important
Data breaches are preventable. In fact, 4 of the 6 causes of data breaches can be prevented based on changing human behavior. This means that every staff member in Advancement can be a part of the solution.
How To Prevent Data Breaches
There are several measures you can take to prevent data breaches.
Security Policy Training and Education: Setting The Standard
When you’re creating your security policy training and pulling together your educational materials, it’s important to clearly set the standard. When you’re completing this step, it helps to ask yourself and your colleagues the following questions:
- What is the policy?
- Why is it beneficial to the organization?
- How does a security breach impact Advancement?
- By making a breach relevant to Advancement itself, you’re adding a sense of urgency for employees to comply.
You’ll also want to discuss examples of behaviors that adhere to the policy and examples of behaviors that would violate the policy. By giving employees clear examples, you’re ensuring that they’ll fully understand what does and does not constitute a data breach.
Advancement Leadership as Security Champions: Lead by Example
As a leader in your Advancement team, you must champion the cause to protect sensitive information and build confidence with your donors and supporters. Give periodic Executive Briefings on the key points below:
- Know what data you have, including its:
- Location (is it in an on-premise data center, is it vendor-hosted, is it in a storage room, or is it in Mike’s desk drawer?)
- Format (is the data in a digital copy or a hard copy?)
- Volume (how much data is there, really?)
- Classification (whether the data is sensitive or confidential)
- What potential vulnerabilities exist based on the data you have, the software you’ve used, and access you’ve given staff members?
- Map these vulnerabilities out and identify them, before a breach occurs.
- What plans are in place to reduce the vulnerabilities your company has? Are they working? (Tip: If they’re not working, brainstorm ways to improve.)
Communication Plan for Data Breach
Have your plan ready before a data breach occurs. Establish a communication plan such that you and your leadership team can be immediately informed if there is a threat or possible threat of a data breach. Creating a data breach task force or committee can also help streamline that process internally. Determine how you will communicate to your constituents.
Performance Evaluations: Enforce Security Policies
You can’t simply rely on IT to be the sole security watchdog for your organization. By the time they are even aware of staff behavior that has compromised the organization, that door may have been open for months. Staff should be evaluated on a consistent and measured basis.
Data Security: Final Thoughts
Assessment of your Advancement team’s Data Security requires a 360-degree look into how your institution is performing, the vulnerabilities that exist, and ways that existing processes can be refined to prevent future data breaches.
When you’re trusting employees with sensitive data, remember—human error can and will happen, but with the right precautions, you’re taking safeguards to prevent future accidental breaches from happening again.
Malicious actors also exist, but again—with the right measures, you’re taking steps to prevent them from hacking into or stealing your data.