By Drew Fox Jordan • October 21, 2020

    Data Security for Nonprofits: Human Layer Security

    As today's nonprofits face alarming and unprecedented donor data security risks, we're discovering that the majority of an organization's vulnerabilities rest with the well-intentioned employees who work to grow their missions every day. Gravyty CEO, Adam Martel, recently shed light on these risks, known as human layer security, which had yet to be addressed in the nonprofit sector.

    You can watch the on-demand webinar in its entirety for free, here.

    Human Layer Security Webinar

    There were a lot of highlights from the session, but we’ve identified 5 major takeaways that nonprofits should keep in mind as they consider their strategies to round out this year and into the next.

    1. Ransomware attacks up 273%
    Hacking is big business. We see it in the for-profit space where Shopify, Garmin, Walmart target were all hacked over the past few years. Now they're going after nonprofit organizations because they're starting to learn how much data we have on our donors. We store millions of data points within our database about our donors and hackers are becoming smart to what they can get access to, and how they can monetize that data.

    2. Humans are responsible for 85% of data breaches
    Well-Intentioned employees can still make mistakes because they're going against their policies to get their jobs done, because they're rushed, or because they're not focused at the moment or they're being hacked in some social way, like phishing or spear-phishing. Very rarely are hackers trying to break into a mainframe as we see in the movies.

    3. 88% of companies around the world were spear-phishing targets in 2019|
    Spear-phishing has become more of an issue over the last year and a half. These are attacks that use a personal relationship to try to get access to endpoints. We are all familiar with “Nigerian Prince” emails, but spear-phishing takes on a new approach. These emails appear to come from someone that you already know with a psychological component to get you to act quickly and without thinking.

    4. 75% of employees send work documents to their personal email
    Data exfiltration is the idea that the folks that have authorized access to the data database are taking data out. The majority of fundraisers who are doing this are well-intentioned. Take for example if you need to print something out at your house and your work laptop wasn't linked up to your printer, so you email it to your personal device and print it out. That's where the risk lies because we don't know what happens to those files on a personal device, either the next week, the next month, or when the employee leaves the organization. These are data breaches that put an organization's donor data at risk.

    5. 78% of professionals in high-volume email outreach roles admit they’ve sent a misdirected email before
    Has there ever been a time where auto-complete suggested a certain email address but it was the correct name at the wrong URL? You’re just trying to send an email to this person, and as soon as you see the first name, you hit “tab” to select the suggested recipient. This might be fine if it's just a simple email, but when it includes personal identifiable information or files with sensitive donor data, this is where data breaches happen the most.

    Is your organization protected by human layer security?

    Take our free 15-minute risk assessment to find out potential threats to your donor’s data and trust.


    But the best thing you can do other than our 15-minute assessment would be to attend The First Nonprofit Data Security Summit on Thursday, December 10, 2020. You'll learn how to make your people part of the solution, get inside the minds of hackers, and hear what experts think we should prepare for next.

    Posts by Topic

    see all