A SOURCE for Tools, Advice, and Training to control risks… so you can focus on your nonprofit’s mission.

June 19, 2014

Cyber Liability: Internet Killed the Radio Star

By Erin Gloeckner

Remember the first music video that premiered on MTV? The Buggles’ “Video Killed the Radio Star” questioned the impact of new technology on the music industry. Technology and music videos have come a long way since then, and cyber culture continues to be both a benefit and a burden for nonprofits across the globe. It’s no longer 1979 when the Buggles described how video transformed the music scene; it is 2014 and we face a new technology titan: cyber liability. Cyber liability risk is a complex and growing issue for nonprofit leaders. Interest in this digital dilemma is especially high because, let’s face it, cyber liability is way over our heads. That’s why the Center promises the best and brightest cyber experts speaking on this important topic when we head to the Hard Rock Hotel in Chicago for our annual Risk Summit.

At this year’s conference we will be rocking out for risk awareness, and we’re proud to feature a new wave panel on cyber liability. Read on for a sneak preview of top cyber liability risks, and hum the modern version of the Buggles’ tune in your head: “I heard you on my smartphone back in 2012…”

Cyber Liability Risks

  1. Forgotten Dark Data: What happens to programs, documents, and other files that grow old on your obsolete CDs and perished computers? This decrepit stuff is known as ‘dark data’ because it hasn’t seen the light of day in years. Unmanaged and forgotten, dark data poses a huge risk--it is usually inaccessible (aka not useful to you) and worse—it is unprotected. Once you locate or identify your dark data, you’ll be faced with a tough question: “What on earth should I do with it?” Your options may include destroying the data or storing and protect it data. Aim to establish clear policies that set data protection requirements as well as timelines for data storage.
  2. Poor BYOD Protocols: Surely you know of BYOB, but what about Bring Your Own Device? Many nonprofit employees use personal devices at work, or they access work materials on personal devices while at home. The innate risk of BYOD is that the nonprofit must relinquish control of data management to its employees. That’s a worrisome concept when, according to Info Tech Research Group, roughly 50% of data breaches are caused by user ignorance. An employee could fail to protect organizational data in any number of ways: losing a device that contains sensitive data; inadvertently exposing the nonprofit’s network to malware located on the employee’s device; or, retaliating against the organization by deliberately destroying essential data.

    Your options are a bit tricky when it comes to protecting data on employee devices; in certain cases IT safeguards may be considered unlawful surveillance of employees. To balance employee privacy rights with data security needs, adopt a policy that specifies the information that employees may access from personal devices. Establish a simple system for employees to report lost or stolen devices, and consider maintaining access to devices so your IT team can wipe information immediately if a device is compromised.
  3. Useless or Harmful Tech Vendor Contracts: Any contract is a danger if you don’t fully understand it, or if you agree to terms and conditions beyond your means. With tech contracts, be especially wary of impractical escape clauses and conditions requiring you to sacrifice rights to intellectual property. Another common concern is a tech vendor who assumes little liability or responsibility for client damages. Oftentimes, tech contracts provide a great protective limit for the vendor but not the client. Read every contract thoroughly and don’t sign on any dotted lines until you’re confident your nonprofit organization is as protected as the vendor.

For more cyber liability tips, register now to attend the 2014 Risk Summit from September 21st—23rd at Hard Rock Hotel in Chicago. Early bird discounts are available until Friday, June 27th!

To receive a 25% discount on Summit registration, join our Affiliate Member program.

Erin Gloeckner is Project Manager at the Nonprofit Risk Management Center. She is also pursuing a Master of Public Health degree at Virginia Tech in Blacksburg, VA. She welcomes your questions about the topic of cyber liability or regarding the Center’s upcoming conferences. Erin can be reached at (703) 777-3504 or erin@nonprofitrisk.org.

 

Risk Webinars

Fit-to Suit Risk Policies

My Risk Management Policies, Version 2.0 helps you create custom risk policies for your organization in a matter of minutes. Need well-written policies? This cloud app makes policy drafting easy. After completing the quick registration process, search by keywords, categories or peruse an alphabetized list of 150 templates. Each template offers many options to consider. Some of the templates force you to make practical choices. For example, you might prefer an informal style over formal language. Or perhaps you want to strictly prohibit something that other nonprofits allow! With My Risk Management Policies, Version 2.0, custom-fitting policy language to suit your nonprofit is easy and dare we say… fun!

Version 2.0, What’s New?

We’re excited to announce some terrific new features, plus a bold new design. Many of the new features were developed with client feedback in mind. You spoke and we listened!

  • Multiple users, one account — The new version has two levels of users: Account Holder and Added User. This means that two or more staff from one organization can collaborate on the drafting of policies. Want to get your outside counsel involved? No problem! The Account Holder for your nonprofit may grant system access to expert advisors through the “added user” feature.
  • Policy drafting tips — We’ve added policy drafting tips at the top of many templates. This is our chance to offer a few hints from our years of experience drafting and editing risk policies for nonprofits!
  • More policies than ever before — We have added nearly 50 new policy templates and updated many of the templates in the first version, and we’re not stopping there! As always, we welcome your suggestions for new policy types, new policy language, policy options and more. Send your requests to info@nonprofitrisk.org.

To begin developing customized Risk Management Policies for your nonprofit, click here.

The one-time licensing fee for My Risk Management Policies is only $179 or just $29 if your nonprofit is an Affiliate Member of the Nonprofit Risk Management Center.

 

 

Pass it On!

If you enjoy reading the Center’s Risk eNews and know others who would as well, please use the Forward email link that appears at the bottom of this issue. The link offers an easy way to share this issue with a colleague. When you use the link your colleague will receive an invitation to subscribe.

Forward Email

© 2014 Nonprofit Risk Management Center