As Data Breaches Surge, Nonprofits Are at Particular Risk
In today’s digital age, nearly every nonprofit organization depends upon technology for their operations, especially when it comes to managing sensitive information about their donors, volunteers and people they serve. And with rising threats of cyber-attacks and data breaches, these nonprofits are increasingly tasked with safeguarding this information. While all companies are vulnerable for cyber security threats, many nonprofits are particularly at risk due to the nature of their business.
Because nonprofits often have limited resources and staff to focus on cyber security, they can be a big target for cyber theft,” said Ned Eldridge, CEO of eLoop, an Export, PA-based electronic recycling company that works with many area nonprofits. “Nonprofits collect valuable financial data about their donors, and keeping that information safe needs to be their highest priority.” One common way for a nonprofit to have its sensitive information stolen is by not properly disposing its old computers, phones and other electronic equipment (e-waste) when it reaches their end-of-life stage. Deleting files on a computer or resetting a phone can be a good first step in protecting information when a device reaches end-of-life, but it will not be enough to ensure that the data is secure. These steps will make it more difficult to access the files, but they can still be recovered using specialized software or hardware.
To ensure that a nonprofit’s information is fully protected, it is strongly recommended to use a certified IT Asset Disposition (ITAD) company, such as Export, PA-based eLoop, that uses specialized software designed to wipe the device’s hard drive or flash memory. This software will overwrite the data on the device multiple times, making it virtually impossible to recover and eLoop also validates and provides certification that all hard drives are free of data. Certified ITAD companies will also ensure that equipment is recycled or disposed of in a way that minimizes its impact on the environment and can identify equipment that can be resold or repurposed to help nonprofits recoup some of their costs.
Increasingly, nonprofits who improperly dispose of their e-waste find themselves at risk for being exposed to financial losses, damaged reputations and legal consequences. For example, in 2014, Goodwill Industries suffered an information leakage that compromised the personal information of over 870,000 individuals. The breach occurred because the organization did not properly dispose of a number of point-of-sale systems, which contain credit card and other sensitive financial information. In 2018, the Salvation Army suffered a data breach that exposed the personal information of over 100,000 individuals contained on a server that was not properly disposed. These are just a few examples of the many times nonprofits—and the people they serve—have been damaged by improperly disposing of their e-waste.
“By working with a certified ITAD company, nonprofits can be confident that their e-waste is managed responsibly and that their data is secure,” says eLoop’s Eldridge.
Here are some reasons why nonprofits should use certified ITAD companies:
1. Security of Data Nonprofits have a responsibility to protect the sensitive data they hold. This includes donor information, personal records of beneficiaries, and other confidential data. When upgrading or disposing of IT equipment, nonprofits must ensure that their data is securely destroyed. Certified ITAD companies have the expertise to provide secure data destruction services that meet industry standards.
2. Compliance with Environmental Regulations E-waste is a significant contributor to environmental pollution. Nonprofits have a responsibility to manage their e-waste in a way that is environmentally sustainable. Certified ITAD companies are well-versed in the regulations around e-waste management and can ensure that nonprofits comply with them. For instance, the e-Stewards certification is a globally recognized standard for responsible e-waste management. ITAD companies like eLoop hold e-Stewards certification and are required to adhere to strict standards for the handling, refurbishing, and recycling of IT equipment. They must also ensure that e-waste is not exported to developing countries where it can be improperly handled or dumped.
3. Sustainability Certified ITAD companies have the expertise to refurbish and recycle IT equipment, extending the life of the equipment and reducing the amount of e-waste that ends up in landfills. By refurbishing IT equipment, nonprofits can save money on new purchases and reduce their environmental impact. eLoop provides all of its customers with complete carbon footprint reports so that they can use this information for ESG purposes.
4. Social Responsibility Using certified ITAD companies also demonstrates a nonprofit’s commitment to social responsibility. By working with a certified ITAD company, nonprofits can ensure that their e-waste is not contributing to the exploitation of workers in developing countries.
You can learn more about eLoop’s ITAD program here.
