Reprinted from Rescue Magazine Nov/Dec 2013
A growing risk is threatening homeless shelters. This threat is more insidious and less measurable than most risks for which we often prepare. I am writing about what is usually referred to as “cyber-risk”. Unlike buildings that are susceptible to fires and automobiles that are exposed to collisions, cyber risks are imposed upon a mission, not just by a rogue employee, but by people from outside the mission looking to steal without ever stepping foot on the premises. Unlikely, you think? Please don’t be naïve!
A World-wide Threat
According to the United Nations Office on Drugs & Crime’s 2013 Comprehensive Study on Cybercrime, over 2.3 billion people have access to the Internet (1/3 of the world’s population) with 60% being from developing countries. Cybercrime is any act against the confidentiality, integrity and availability of computer data or systems and any computer-related acts for personal or financial gain. Earlier this year, 3 men were prosecuted for creating and distributing the “Gozi” computer virus that, from 2005 to 2011, infested 1,000,000 computers worldwide. This virus enabled the accessing of personal bank information and the theft of over $50,000,000! This is but one of thousands of viruses in existence today.
Considering the fact that most missions use the Internet for donations, and many record resident/guest personal information in a data-base, the opportunity for privacy breaches is ever-present. Any missions that have a web site and/or use social media are especially susceptible to this risk. Federal Privacy & Security Regulations and State Data Breech Notification Laws further exacerbate the exposure of data breech and privacy loss. In the occurrence of a data breech, these laws may require your mission to notify every donor and/or resident/guest who may have been affected by the breech. Fines may even be levied while corrective action is being undertaken.
A final consideration includes the public relations and income loss risk. Should such a breech become public, as may be mandated by the previously-mentioned Federal and State laws, an expected loss of public confidence may result in lost revenue from donors or government sources.
Solutions to the Problem
Risk management recommendations to reduce the possibility of these exposures would include the following:
1. security audit by a qualified computer technician;
2. modern, quality firewall hardware and software on all mission computers and networks;
3. regularly update anti-virus, anti-malware software on all computers, even laptops;
4. off-site back-ups of all critical data;
5. quality Cyber Security insurance that includes coverage for data restoration, liability, errors & omission, extortion threats, lost income, public relations, and related reasonable expenses.