By: Melissa Musser, CPA, CITP, CISA | Risk & Advisory Services Principal and Darren Hulem | Network Administrator Auditor
Recent data security mandates and ongoing budget pressure have pushed many nonprofits and associations to change their traditional business model to leverage a suite of cloud providers, creating a new, distributed data environment. Consequently, these organizations are frequently unable to dedicate full time in-house resources to address their increasing information security challenges, often resulting in complacency in addressing critical information security issues. Small- to medium-sized nonprofits and associations are particularly at risk, and many are now employing an outsourced Chief Information Security Officer (CISO), also known as a Virtual CISO (vCISO), as part of their cyber security best practices.
Perhaps due to widespread media coverage of high-profile security breaches, many small- and medium-sized nonprofits and associations still believe they are not at risk because hackers typically focus on large organizations. Unfortunately, Verizon’s 2018 Data Breach report finds that 58% of security breaches were in fact against small businesses. Their reluctance to focus on IT security leaves many small- and medium-sized organizations susceptible to attacks, but a vCISO can provide the strategy needed to develop the appropriate security framework.
The vCISO offers a number of advantages to small- and medium-sized organizations and should be part of every nonprofit’s or association’s risk management practices. If you have questions about your organization’s cyber security practices or the benefits of vCISO services, please contact Melissa Musser, CPA, CITP, CISA, Risk & Advisory Services Principal at 301-951-9090 or firstname.lastname@example.org.