Computer Security Practices in Nonprofit Organizations

A NetAction Report


Introduction

Information technology is increasingly important to the mission of many nonprofit organizations. As reliance on technology grows, so too does the need for computer security. Security experts were concerned about the vulnerability of computer systems to cyber attacks long before the horrendous events of September 11, 2001; the terrorist attacks on the World Trade Center and the Pentagon have only raised the level of concern.[1] Last year, U.S. corporations spent an estimated $12.3 billion to repair the damage done by computer viruses, and security experts predict the cost will be even higher this year.[2]While the focus of computer security concerns has primarily been on the potential threat to corporate and government computer systems, computers are no less critical to the operations of nonprofit organizations devoted to serving the public interest. Moreover, many nonprofit organizations lack sufficient financial resources to recover from a cyber attack.

Some risks are obvious:

Other risks may not be as obvious:

With experts warning that the vulnerabilities in computer systems are increasing faster than the nation can respond,[3] NetAction wondered whether nonprofit organizations were taking steps to ensure the security of their computer systems. We conducted an online survey of security practices in nonprofit organizations to find out what nonprofit organizations are doing to prevent cyber attacks.

Next: Summary of Findings NetAction's Cyber Security Checklist