Recently, I asked a nonprofit executive how his organization planned to comply with the new General Data Protection Regulation (GDPR) that will go into effect in the European Union this spring. I expected him to rattle off a loose outline of steps that his IT team is taking to prepare for the GDPR guidelines.
Instead, I was met with a blank stare. Although this executive’s organization has a significant presence in Europe, he’d never heard of the new data-protection measure.
Nonprofits must deal with a variety of existing regulations such as the Payment Card Industry Data Security Standard and HIPAA, as well as new regulations such as GDPR and emerging technologies such as the Internet of Things. It can be difficult to keep up with data security and regulatory compliance — especially for small and midsized organizations with limited IT staff. Three steps can help nonprofits stay compliant and secure.
1. Prepare for New Regulations
The GDPR guidelines go into effect May 25, 2018, and apply to all nongovernmental and nonprofit organizations that operate or share data in the European Union. Organizations that fail to comply face massive fines. Another new data security regulation, the Defense Federal Acquisition Regulation Supplement (DFARS), has already gone into effect, and applies to organizations that accept funds or have partnerships with the Department of Defense.
CDW helps more than 10,000 nonprofit organizations with their technology solutions, and I estimate about half are subject to the GDPR guidelines, while others must also comply with DFARS. Organizations that have not ensured compliance with these regulations will likely need consulting and assessment services, as well as software-based solutions from partners such as Microsoft.
2. Invest in Endpoint Security
Cybersecurity experts labeled 2016 “The Year of Ransomware.” Then, 2017 was perhaps more difficult, now many analysts are predicting the trend will continue in 2018 and beyond. By investing in robust endpoint protection tools, nonprofits can not only defend themselves against this growing (and costly) problem, but also can safeguard sensitive data against other types of cyberattacks. CDW’s nonprofit team works with security partners such as Intel, Fortinet, Proofpoint, Malware Bytes, Splunk and others to help nonprofits that have adopted a digital transformation strategy to improve how they achieve their mission.
Today’s endpoint security solutions go beyond the signature-based approach of traditional anti-virus software, incorporating features such as artificial intelligence and machine learning to detect anomalous behavior on users’ devices. Additionally, mobile devices and applications should be protected and monitored with enterprise mobility management tools.
3. Conduct a Risk Assessment
Too often, organizations assume that their security systems are working simply because nothing bad has happened. However, what this really means is that attackers simply haven’t breached their networks yet. Unless nonprofit leaders are aware of the threats facing their organizations, and have a solid understanding of how their systems will fend off those threats, a successful cyberattack is all but inevitable.
A professional risk assessment can help IT and other organizational leaders better understand the ways in which their nonprofit is vulnerable, leading to insights that will inform security improvements, user training and incident response plans.