When the credit reporting agency Equifax announced in 2017 that it was breached, the personal data of 143 million people was exposed. The company subsequently agreed to a global settlement worth up to $425 million. Cyber attacks do not only occur in the private sector. Cybercriminals simply look for the places where defenses are down and entry is easy. The truth is, community foundations collect and store significant amounts of sensitive information, including donor data, credit card numbers, grantee information, and payroll, all of which must be protected. And given the realities of tight budgets and lack of unrestricted funding, IT investments and cyber safeguards are often limited.
Bryan Del Rosario, Staff Counsel of Legal Affairs, discusses cyber risk and the law, the crucial role of leadership in managing risk, incident response and designing and implementing a mitigation strategy.