Trust is the number one value for Salesforce. We take the importance of safeguarding customer data as our highest priority. As nonprofits emerge from Covid and adjust to the rapid shift to digital ways of working it seems timely to now revisit cyber-risk. Speaking with Salesforce customers we find they have not only realised their dependency on technology but doubled down to keep operating over the past 18 months. At the same time we have seen an explosion of both nefarious threats such as ransomware.
My belief given the scale of the challenge is that it is crucial at a Board and Leadership team level to reevaluate what the increased dependence on digital means from a risk and governance perspective. It is no longer sustainable to have an annual "IT risk" conversation when digital permeates every aspect of the modern non-profit. We see many organisations now mainstreaming cyber risk into every governance conversation. Functional leaders are beginning to evaluate the cyber-risks they hold and value chain risk, and the executive director and board incorporate cyber risk as a key criteria in every decision. If an effective risk and governance strategy is in place the execution will fall into place. This case study demonstrates how partnering with Own we can ensure that customers like Islamic Relief can protect their constituents data while focusing on their humanitarian work.
-Michael Duggan, Nonprofit Industry Advisor, Salesforce.org
Nonprofits are appropriately viewed primarily as mission-driven organizations. Success is measured by an organization’s impact in the community, and on achieving the mission which they set out to achieve when formed. However, nonprofits are business enterprises as well, built on an underlying model that makes the programs and organizations operate and succeed. Leaders of nonprofits are constantly being challenged with a need to modernize and keep up with digital innovation while maintaining donor trust. With some of the largest and ever increasing pools of constituent data, nonprofit leaders must take a page from commercial organizations and prepare for a potentially different approach to protecting personal data moving forward.
What's driving a greater need for data protection?
The data nonprofits collect on individual donors, corporate contributors, partners, vendors, and charities are critical to their operations. Lost or corrupted data such as names, addresses, credit card details, emails, and phone numbers would not only disrupt operations and create compliance risks, but also cause a major breach of trust among donors.
When it comes to external threats to their data, nonprofits are especially vulnerable as compared to other organizations. Limited budgets, lack of hardened security measures, and legacy data storage systems all make nonprofits susceptible to malicious cyberattacks. More than 80% of nonprofits don’t even have a strategy to deal with cyberattacks. Remote work and even further reduced budgets due to COVID-19 have only magnified these issues.
But while nonprofits should certainly be aware of outside threats to their data, the majority of incidents continue to be caused by innocent errors. According to Gartner, 99% of cloud security failures and resulting data loss will be the customer’s fault through 2025.
Now that you understand why protecting data is so important, here are three actions you can take to make data protection a priority at your nonprofit.
Get the board on board
Making data protection a priority at the highest levels of your organization is critical to getting the right solutions in place.
There’s no doubt that the pandemic changed the perception of technology for many nonprofit leaders. Tech kept these organizations connected to their supporters and allowed their missions to keep going, despite geographic barriers.
But how do you make sure that your nonprofit continues to invest in technology post-pandemic? One way is to remind them of the successes of the past year, and explain that digital transformation isn’t slowing down.
Additionally, if your board lacks tech expertise, make recruiting someone who understands the need for data protection — and how to achieve it — a priority. Your tech committee might be tasked with creating policies, determining budgets, evaluating software and products such as backup and recovery solutions, and planning how your organization would respond to a cyber attack.
Move data on to a secure platform
In their effort to fundraise effectively, nonprofits collect a plethora of personally identifiable donor data, including payment information, emails, addresses, and more. Unfortunately, many nonprofits either do not have proper systems in place for storing donor data, or have data scattered across multiple systems. A CRM platform like Salesforce can not only deliver an immediate upgrade in security (the platform has 99.999% uptime), but also provide nonprofits with connected experiences across communication channels.
One nonprofit who saw the value in moving to Salesforce is Islamic Relief Worldwide, an international humanitarian organization that responds to humanitarian disasters and tackles poverty in 40 countries around the world.
Mohammed Zabhier, Head of ICT and Information Systems at Islamic Relief, uses Salesforce to manage the organization’s Orphan Sponsorship program. He said the platform has been especially valuable in the past year to connect staff, donors and children.
“By centralizing all of our data in one place, we can truly leverage our global presence”, Zabhier said. If a donor in the U.S. can no longer sponsor a child, that child can be reallocated to a donor in another country in a few clicks ensuring continuity of funding.”
Salesforce has also been key to helping Islamic Relief maintain donor trust by having up to date data readily available at all times. “The biggest commodity we are trading is trust. Donors want to see they are making an impact and need to see accurate data. That transparency with end users relies on access to data at all times”, said Zabhier.
Invest in a cloud backup solution
Aggregating all of your valuable information in a single platform is a critical step in securing your nonprofit. Having a way to protect all of this information should come next.
Nearly all SaaS applications like Salesforce require shared responsibility for keeping data safe. That means you can count on Salesforce to ensure the security and integrity of the platform, but as a client, you are responsible for the data you put into it, and who you allow to access it.
Safeguarding essential data and sustaining business continuity requires automated cloud-to-cloud data protection. This modern approach detects and alerts you to data anomalies, safeguards data and metadata with complete data backups, and makes precision repair of data problems effortless.
For Islamic Relief, constituents demanded resiliency in the case of an unforeseen data loss incident. They became an Own customer last year for peace of mind that they could recover from such an incident.
“The worst case scenario would be not being able to access our Salesforce data", Zabhier said. "So having a backup solution that sits outside of Salesforce allows us to be able to access our data no matter what. With Own in place, we know we are honoring our responsibility for over 70,000 children we are helping through orphan sponsorship and the donors this program relies on.”
Protect your mission by protecting your data
Charities win on trust from supporters, and if that trust is compromised, the business model quickly falls apart. Regulators and donors demand resiliency and due diligence. Nonprofits need to be proactive in ensuring the correct resources are allocated to risk reduction and that donor data is protected. The future of nonprofit organizations is all about innovation – of products, services, and new business models. Focus on your innovation strategy or risk being disrupted.
Get in touch to understand how Own helps nonprofits protect their Salesforce data.