Chapter 6 Risk Management
Sara Beth Mitchell, the executive director of Palma Verde Food Bank put the phone down and put her head in her hands. “I can’t believe hackers would bother with a food bank!” she said. The food bank was experiencing a boom in donations and many of them were made electronically through the organization’s website. A representative from the company who oversaw the nonprofit’s website traffic found that personal information of 5,000 donors had been compromised. “I just don’t get it! Now I will have to report this to the board and the donors. Who knows what information the hackers have now. The donors will feel betrayed. This news could be all over social media in a matter of hours. How could I have prevented this?” Sara Beth picked up the phone again to call the organization’s insurance company.1
Some Risks Can Be Mitigated With Insurance
Fortunately, the Food Bank had a cyber insurance policy. These policies can be valuable in relieving the financial burden of the hack. In addition, insurance companies have contacts that can be useful in assessing the damage and making suggestions on how to prevent further occurrences. The type of entity may not make a difference. Some hacks are perpetrated by robots that are targeting vulnerable IT addresses and are not distinguishing between nonprofits and commercial entities. One of the first things the Food Bank did was to add PayPal to accept donations. That way sensitive information is not housed on the organization’s ...
Get Best of Boards, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
