How Nonprofits Can (And Why They Should) Prepare For Hacking

Hacking is real and nonprofits are not immune.

Consider this increasingly common scenario: a hacker illegally accesses an organization’s emails, looks for incriminating information, informs the organization that she/he/they possess this information, and threatens to leak it unless the organization pays up. Most nonprofit budgets do not have a line item labeled, “hush money,” so managing this type of crisis is – naturally – quite difficult from a moral, ethical, and financial standpoint.

Nonprofit leaders need to understand the negative impacts of being hacked. Does their organization have a policy or incident response plan? It may seem like a task for an intern, or a non-pressing issue that can be added to next fiscal year’s to-do-list.

Increasingly, however, an institution being hacked is not a question of “if” but of “when.” That means preparations should start now.

There are different types of hacking. Depending on the type, different players need to be involved.

1. If your organization is part of a larger breach and is notified by an outside public agency, involve the organization’s legal officer or representative.

2. If your organization’s trade secrets are stolen, the executive board should meet immediately.

3. If your organization’s private customer information is compromised, the compliance team – which most likely consists of the audit committee, CEO, CIO and HR manager – should all be included on the first call.

After determining the type of hack, an organization should be prepared to execute a seven step plan to navigate the incident.

1. Determine the type of hack and assemble key players to manage the incident.

2. Discover the breadth and depth of the hack. This step involves a response team, which should be established ahead of time. Think of these individuals as emergency response personnel or first responders. This team communicates directly and frequently with the key players during the immediate aftermath of a hack.

3. Execute an incident response procedure. This involves: 

 i. Communications – Each of an organization’s constituent groups should be addressed with unique messaging that is disseminated in a timely manner.

ii. Tech – Determine level of damage, continued threats, and next steps to clean up systems.

iii.Normalization – Be prepared to restore systems and files, as well as to replace machines, and adjust firewalls.

4. Investigate, analyze and remediate. This is the deep-dive stage which may require an expert third-party vendor stepping in to assist in order to make sure that the hacker has no residual access to organizational systems and the network’s environment is clean.

5. Prioritize work responsibilities. The organization should communicate to staff members that hack-related duties temporarily take precedence over on-going projects.

6. Internal communications plan. Provide transparent, accurate information to the board of directors to ensure that the organizational message is clear. This will ensure that they understand how to answer any questions directed to them by the media, public, or constituents.

 7. Post-mortem. Immediately following the clean-up of the incident, meet with staff, board members, and all of the vendors involved for a post-mortem discussion about what worked, what didn’t work, and ways to improve the process in case of future hacks.

Be aware of the dangers and threats that could harm your organization and take action early. Preparation will ensure a well-executed plan to combat unexpected attacks.


Girls in Tech: Hacking for Good

Girls in Tech – a nonprofit dedicated to empowering girls interested in technology – is taking a bold step and hacking for humanity.

The organization just kicked off a new series in Melbourne designed to generate innovative solutions to social issues through “hackathons” that involve teams of tech-savvy women competing to produce forward-thinking digital products.

Girls in Tech’s goal is to “create prototypes for technology that can address complex social problems. The hackathons are aimed at using technology to benefit charities, while also encouraging impassioned women to engage in innovation and entrepreneurship.”

More hackathons are slated to occur across the globe, tapping the energy and creativity of 60 chapters and more than 50,000 members of Girls in Tech. Hacking teams have recently tackled issues including hunger, supporting at-risk youth, and clean air.

The White House is even jumping into the gender-side of the STEM conversation, supporting  two new laws: The Inspire Act introduced by Representative Barbara Comstock and the Promoting Women in Entrepreneurship Act.

The former is said to “promote STEM fields to women and girls, and encourage women to pursue careers in aerospace.” The latter authorizes the National Science Foundation to support entrepreneurial programs for women.

The effort to level the playing field within all industries is no fad. It is an absolutely necessary task that supports economic growth while contributing to financial and gender parity.

PricingPrivacy PolicyRefund Policy