Cybersecurity is a growing concern for all nonprofit organizations, especially those that store, process, and transmit sensitive data. While it is common to view the cyber issue as relevant to digital communications and networks, the rules and issues apply equally to plain old paper content delivered by the postal service, such as: B. Subscriber information, marketing mail, and appeals for donations to non-profit organizations.
Federal and state laws are increasingly requiring that such information be protected by cybersecurity measures and that consumers be notified in the event of unauthorized access or a breach. Liability and loss of donor and member trust are key risks that organizations often address by updating their legal and technical processes to better reflect the modern cyber threat environment.
As commercial mailing and publishing continues to go digital, business processes rely on the sharing of growing amounts of data. This includes, for example, sharing subscriber and mailing information with the US Postal Service (USPS), data aggregators, and other partners.
The ability of nonprofit organizations to keep such data confidential from competitors and to protect the data from unauthorized access or misuse often depends not only on the resilience of the organizations’ cybersecurity programs, but also those of the partners with whom they share data.
To make matters worse, a growing body of regulations are requiring nonprofits and other entities to have internal safeguards for confidential information and to ensure partners and service providers protect that information. However, it is not always clear how partner organizations adequately protect shared data from unauthorized access, breach and misuse.
For example, the USPS Inspector General (IG) recently released an audit report that raises serious concerns about the security of the USPS. The report found that USPS cybersecurity “is underdeveloped, limiting its ability to fully understand its risk exposure and protect the agency from cyberattacks.” According to IG, these and other issues expose USPS to potential exploitation by threat actors, which could lead to data breaches and greater disruption.
While the extent to which such alleged vulnerabilities in USPS security put donor/member and other personal information at risk is unclear, organizations should assess their legal liability, security posture, and processes to ensure they are minimizing risk and alerting to security breaches and respond to other incidents, including those that may occur at fundraising contractors. The integration of digital and print communications has only just begun, and the problems faced by participants in these markets are only just beginning to emerge. Now is the time to take action to protect your data.