The Canadian Centre for Nonprofit Digital Resilience (CCNDR) has released their Building the Cybersecurity and Resilience of Canada’s Nonprofit Sector report.
CCNDR "convened a Working Group focused on Building the Cybersecurity and Resilience of Canada’s Nonprofit Sector. The following document captures the knowledge and insights of the working group participants as well as the many sector stakeholders who offered feedback on drafts...
Cyber risks are risks to operations (e.g. inability to access applications needed for service delivery) and risks to data (e.g. client and donor data getting into the wrong hands). These risks translate into real financial, reputational, operational, and strategic impacts. Cyber incidents – particularly data breaches – erode hard-earned community trust and the organization's reputation. They can impact program delivery and service capacity. They can also affect fundraising, volunteer engagement, and staff morale.
Nonprofits collect a good deal of data from clients, donors, staff, and others, including sensitive data such as personal health information and financial information. The biggest impact of a data breach can be on clients who may already be uncomfortable with technology, have limited knowledge of their data exposure, and/or face language barriers. Where clients are vulnerable for these reasons, their personal risk of experiencing fraud increases.
Most nonprofits have limited (if any) contingency funding to respond to a breach– including ransomware payments, fines, legal fees, and damages related to non-compliance actions and litigation. As a result of the dramatic rise in cybercrime-related claims, cyber insurance with relevant coverage limits has become prohibitively costly for many organizations. Even if they could afford cyber insurance, most nonprofits would not meet the stringent eligibility requirements."
A cybersecurity on-ramp in the settlement sector
We will prototype an on-ramp, including a risk assessment, with the immigrant and refugee-serving sector. The strategic approach is to go deep into the needs of one sector, develop a successful intervention, and then scale it to other sectors.
This pilot will focus on answering the following question: “How can we remove the overwhelm nonprofit leaders feel and provide an on-ramp to cybersecurity for organizations?”
A model cybersecurity policy for social services
In partnership with Islamic Family and Social Services Association, we will develop a model cybersecurity policy that can be adopted by other social service organizations."