CRM data theft: are you ready?

What would you do if you discovered today that all of your CRM data may have been accessed by criminal hackers?

How would it impact your organization, and your constituents?

What are you doing to prevent such a breach? And what are you prepared to do, if and when it happens to you?

I know — it’s not fun to think about. But believe me, it happens. I've seen it happen, even to organizations who were sure they were “just too small to be a target.”

So it's absolutely worth thinking about.

But it’s a big complex issue. Where would you even start?

Starting anywhere is better than not starting, but this article from the National Council of Nonprofits outlines 3 steps to get you going:

1. Perform a generalized risk assessment: Ask yourself, "What data do we collect about people? What do we do with it? Where do we store it? Who is responsible for it?" — and document those answers.

2. Consider the law: Know whether the data your organization collects and maintains is covered by federal or state regulations as specially protected “personally identifiable information.” If so, you'll have an additional duty to report any unauthorized disclosure of that data.

3. Drill down on the risks: Consider using the US National Institute of Standards and Technology (NIST) Cybersecurity Framework to help you identify risks, and make management decisions to mitigate those risks. Also consider how the use of third-party technology and service vendors can create holes in your data security.

Here's the thing:

Criminal theft of your constituent data is a serious situation. Naturally you're working hard to prevent it.

But there are no guarantees. Try a quick web search on “data breach lawsuit” to see how often such things are happening.

So, yes; do what you can to prevent it.

And beyond that, be prepared for what you must do if it should ever happen to you.

All the best,
A.