Nonprofit’s Cybersecurity Strategy




        By Amy Burroughs


        October was National Cyber Security Awareness Month, but anytime is a good time to engage your staff in a
        best practices review and to assess your organization’s risk management strategy. When it comes to investing
        staff time and resources into a cybersecurity initiative, there are plenty of compelling reasons to do so. Here
        are four that can get your organization started.


        Stay Compliant with Payment Card Industry Requirements

        Understanding your organization’s obligations and liabilities under PCI compliance is imperative. Any nonprofit
        that accepts payments by credit card must achieve some level of compliance, even those that outsource most
        of their payment processing. The short answer is that if any processing of financial transactions happens on the
        nonprofit’s server, liability exists, and penalties for noncompliance can be steep.

        Compliance gets more complex as nonprofits expand the number of ways in which supporters can give money,
        including mobile apps and portable card readers. Engaging on multiple channels can be a boon for fundraising,
        but nonprofits that fail to keep PCI compliance top of mind as they do so may open themselves up to new
        liabilities. Nonprofits that use third-party providers to process payments, for example, should ask each new
        vendor with whom they start a business relationship to demonstrate their compliance. The bottom line is that

                                                                                     (Continued on next page)
                                                                   Resource Guide & Directory     November 2018   INLEAGUE  | PAGE 27