It’s October, and that doesn’t just mean Halloween – it’s also National Cybersecurity Awareness Month (NCSAM). NCSAM is a joint effort between government and industry “to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.”
It’s become more important than ever that museums, cultural institutions, and nonprofits verse themselves on the ins-and-outs of cybersecurity. With the rising number of recent online security breaches at major retailers, banks, and even museums, increasing reliance on technology, and the enormous volumes of sensitive data nonprofits collect, cybersecurity should be a high-priority topic for visitor-serving organizations and their leadership.
Here, we will explore the three reasons why cybersecurity is a critical (and urgent) issue for museums and nonprofits.
More occurrences of breaches
In the past few years, there have been several cases of cybersecurity incidents where museums and nonprofits were targeted. This past May, hackers launched a Ransomware cyber-attack that disabled much of San Francisco’s Asian Art Museum's computer systems. Back in 2017, a data breach from an email phishing scam at the Denver Art Museum compromised the personal information of hundreds of customers, donors and employees at the museum.
These cybersecurity breaches should serve as a cautionary tale to other similar institutions, and prompt organizations to ensure they have appropriate cybersecurity measures in place.
More reliance on technology
Museums and nonprofits are increasingly dependent on technology and employ complex digital infrastructure. For example, most nonprofits use cloud-based Customer Relationship Management (CRM) systems to keep track of constituent records, point of sale (POS) solutions for a variety of transactions, and various tools to accept payments online.
Some museums may also use emergent blockchain technology, which can store a vital ledger of information about the history and provenance of artifacts. There is certainly no shortage of new technologies!
As cultural organizations employ an increasing number of diverse digital tools, the need for cybersecurity protocols increases accordingly.
More amounts of data
The term “big data” has made its way into the commercial sector and nonprofit ecosystem alike. Big data refers to the increasing volume, variety, and velocity of data that is collected and analyzed.
More and more, nonprofits are looking towards data collection, data analytics, and data-driven approaches. They often collect data about visitors, members, donors, patrons, and employees, not to mention information about the museum collections itself. The rise of 5G technology will enable even faster, more detailed data collection and produce swaths of new metadata to be analyzed. In short, many museums and organizations have fully jumped onto the “data” bandwagon and there are no signs of this slowing down.
But with the increasing quantity of data, organizations need to call their attention to cybersecurity measures. As cultural organizations accumulate detailed personal information about high-value members and donors and sensitive information about priceless artifacts, there are new incentives for hackers to target them. All of this data needs to be protected so that organizations can maintain trust, reputation, and minimize financial risks and liabilities.
So, you’re thinking about cybersecurity – now what can you do about it? By developing a plan of action, educating your team, and ensuring you have a cybersecurity leader at your organization, you can be well on your way to better protect yourself and your data.
Develop a plan
First, you need a cybersecurity plan. This very idea can be both scary and overwhelming as it’s unknown territory for most organizations. Research conducted by the Nonprofit Technology Enterprise Network and Microsoft revealed that more than half of nonprofits (55%) have created a policy around cybersecurity, but the remaining portion did not have such a policy or was unaware of its existence.
According to a paper presented at the 2017 Museums and the Web conference, “An effective cybersecurity approach should include network firewalls and gateways, anti-malware, user access management, and authentication controls, backup management, business continuity, and disaster recovery planning, patch management, and software updates.”
Feeling overwhelmed? You’re not alone. All of this jargon can be anxiety-provoking, and it might seem difficult to figure out which initial steps to take.
We have some good news: this doesn’t have to be complicated. If you’re a small organization, there are myriad cybersecurity templates and checklists available online. These can be a great jumping-off point, especially if your organization doesn’t have an IT department or a budget to hire a cybersecurity firm.
Pro Tip: If you’re looking for inspiration, you can check out CSO’s 7 Cheap or Free Cybersecurity Training Resources.
Educate your team
If you’re intimidated by unfamiliar terms involved in cybersecurity, it might also help to know that the most important thing an organization can do to jump over the learning curve is to provide employee training. Cybersecurity is an organization-wide concern, and that’s why it should involve organization-wide training.
The stats are here to prove it. According to CSO, “Phishing still remains one of the biggest cyber threat for organizations.” In fact, according to cybersecurity consultant Tyler Cohen Wood, “most ransomware is introduced via phishing scams over email.” That means that one of the best things your organization can do to prevent a breach is “hold regular training programs to educate employees to avoid clicking suspicious links or downloads and teach them how to respond should they accidentally download malware.”
Pro Tip: To start dipping your toes or to begin this training, there are free cybersecurity awareness programs online to take advantage of.
Appoint a leader
Cybersecurity needs to be a priority and requires investment. It can't just an afterthought. This means someone at your organization needs to take the lead. Yet, most museums and nonprofits organizations are understaffed and operate within limited budgets that don’t leave much room to hire a chief security officer.
In the face of these challenges, tapping into tech-savvy board members is one option to help spearhead this important initiative. Nowadays, there are even affordable and easy-to-use solutions like Securicy that have free plans to help you get started and guide you through the process. What’s most important is that you have a leader in place who’s responsible for keeping the team accountable for cybersecurity and ensuring sensitive data is safe!
Pro Tip: Look for cybersecurity consultants who offer special discounts to nonprofits organizations, or jump onto the TechSoup network to find existing solutions.
With these measures in place, you’ll be well on your way to securing and protecting your organization’s data and systems.
Now, go out and celebrate National Cybersecurity Awareness Month by starting a conversation about cybersecurity at your organization! 🎉
Want to share your thoughts about cybersecurity in museums and cultural organizations? We’d love to hear from you.