Why Cybersecurity Needs To Be Part Of Your Not-For-Profit’s Onboarding

How seriously does your NFP organisation take cybersecurity? You only have to scroll through your newsfeed to know that cyber intrusions are happening more frequently and are becoming increasingly sophisticated. For individuals, businesses and institutions alike, the threat is quite serious – and it’s growing. A 2015 report from Ponemon Institute predicts an 82% net increase in cybercrime by 2021.

Cybercrime infographic

Although threats to cybersecurity affect all sectors, the stakes are especially high for not-for-profits. Of course, the obvious financial costs associated with recovering from cyber attacks can cause serious operational injury to a not-for-profit organisation. However, there’s also the risk of a damaged reputation following a cybersecurity breach, which can be even more difficult to recover from. The fear of identity theft and fraud may never leave the minds of your former donors and constituents. Even if you do manage to rebuild their trust, this will probably take several years, throwing the organisation’s mission well and truly off course.

There are a number of steps not-for-profits must take to ensure they adequately address this pervasive and ever-evolving cyber threat. First and foremost, investing in high quality firewalls and antivirus programs and, secondly, keeping them up-to-date. This is a must for providing your organisation with a basic level of protection. Finally it is important that cybersecurity measures are extended to workplace policies and procedures, and that the HR department ensures every member of the organisation knows the risks and consequences for breaking data handling rules.

In order to protect your organisation from cybercrime, it’s important to include cybersecurity training at each phase of the every employee’s tenure. However, there is no more critical time to administer cybersecurity training than during the employee onboarding process.

Onboarding should include an introduction to your organisation’s policies and procedures for handling data and using the organisation’s devices, as well as training on how to recognise different kinds of scams and other cybersecurity threats. If this is not already part of your not-for-profit’s onboarding program, a new hire can actually pose a threat to the organisation’s cybersecurity for a number of reasons:

1. New hires are not yet familiar with your organisation’s digital communications.

Onboarding will ensure your new hire is able to identify the types of communication they can expect to receive from within the organisation. If your onboarding process includes training and information about phishing scams, your new hire will be able to identify suspicious emails and be wary of requests for usernames, passwords or credit card numbers.

2. New hires can potentially overshare on social media.

Given the widespread use of social media, it is essential that new hires are educated on how their seemingly innocent online behaviour can pose a serious threat to the organisation’s security and reputation. Making cybersecurity training a priority in your onboarding process will prevent new hires from inadvertently sharing sensitive information or clicking on the wrong links.

3. New hires might use unofficial (and unsafe) productivity and messaging apps.

Most not-for-profits, like other organisations, will have a list of approved productivity and messaging apps. New hires are likely to have their own preferred systems, and may not have an understanding of how using unofficial software can pose a threat to the organisation. Unofficial software that hasn’t been approved by the IT department is known as Shadow IT, and it can cause new hires to unwittingly breakdown security barriers or create a data leak. Cybersecurity training during the onboarding process will be the most effective way to ensure new hires use approved software for work purposes.

4. New hires are more likely to misplace or misuse devices.

During the onboarding process, new hires should be advised on how to look after the organisation’s laptops, mobile devices and other hardware. Training new hires to keep a watchful eye on these sensitive items, both inside and outside the office, will help keep private information out of the wrong hands. Furthermore, many new hires may not even be aware of the risks associated with using free public wifi for work purposes. When cybersecurity training is part of your onboarding process, new hires will understand the implications of not using a VPN when working from cafes or other public wifi hotspots, significantly reducing the risk of cyberattacks on your organisation.

If you’re ready to make cybersecurity part of your onboarding, then the first step is to learn how to create a great onboarding process. Making cybersecurity part of your onboarding does not need to be complicated, time consuming, or expensive. In fact, it can be part of an automated process, with personalised e-Learning activities to engage your new hire, whilst enabling you to keep tabs on their task completion and competency. To learn more, why not check out our whitepaper today.