Protecting the information used within not-for-profit organisations has never been more important due to ever-changing threats to information security, increasing digital footprints and the need to adhere to legal and regulatory requirements.
The COVID-19 pandemic has seen an extraordinary increase in cyber security challenges for organisations and individuals alike, and the not-for-profit sector is not immune to these.
Our 2020 Digital Technology in the Not-for-Profit Sector research report analysed the sector’s use of technology across Australia and New Zealand to recognise areas of growth and where improvement is needed, including information security.
It's encouraging to see that the majority of not-for-profits have implemented some of the main practices required to secure their information. These practices include providing security awareness messaging for staff, monitoring and managing information security and cyber risks and addressing privacy requirements, particularly given the large amount of personal information not-for-profits hold.
69% of respondents do not currently have a plan to follow in the event of a security incident
Our survey found that:
- 69% of organisations do not currently have a security incident response plan
- 59% of organisations provide information to their staff about security-related threats and risks
- 75% of organisations rated their data protection measures as “good” or “excellent”
- 54% of organisations have ways of actively monitoring information security and cyber risks that could impact their organisation
- 44% are confident they have the skills and knowledge needed to manage these risks
- 54% have some gaps in the skills or knowledge required to manage these risks
- 2% do not know how to manage these risks
However, just under half of respondents do not have ways of identifying information security risks that could impact their organisation. In addition, 69% of respondents do not currently have a plan to follow in the event of a security incident – now more than ever, having a plan should be an important consideration for all organisations.
There are many resources available for not-for-profits looking to uplift their information security maturity. The ACNC’s cyber security governance toolkit is an excellent place to start, particularly their cyber security checklist. In taking these steps, organisations can improve their resilience and strengthen data protection across the sector.
There are plenty of ways that we can help too.
Are you adequately protecting your organisation from security risks? We can help.
Organisations have a responsibility to securely manage the information entrusted to them by customers and the public. Without the appropriate security measures in place, not-for-profits can find themselves at risk of security breaches.
Luckily, we’re here to help. We have decades of experience in supporting the Australian and New Zealand not-for-profit sectors through better use of technology.
Whether you’re a tiny team running on a shoestring budget or a large organisation operating across multiple locations and service areas, we have scalable options to suit your needs. And because we're a not-for-profit, we understand your needs better than anyone.
Some of the things we can help with include:
- IT support (including advice on information and data security, data backup and loss prevention, password management, configuration and ongoing management of secure IT environments)
- Discounted and donated technology products (including antivirus and online security products, secure operating systems and remote work solutions)
- Moving to the cloud
- Client and case management
- Building staff capability through training and webinars