Nonprofits Cybersecurity Plan

Company X focuses on providing support and training for individuals with developmental disabilities. The overall cybersecurity posture of the organization does not rank high on their funding priority list. As a rule of thumb, an organization should spend between 7% and 10% of its IT budget on security (Violino, 2019). Company X requires a considerable amount of Personally Identifiable Information (PII) to perform their services. This includes: parents’ address, clients’ Social Security Number, State Identification Number, medical insurance number, medical history, and bank account numbers. Clearly, this is a substantial amount of sensitive information. Such PII should and must be protected by HIPAA law. The cybersecurity resource burden falls hard on nonprofit organizations and cybercriminals have discovered the gold mine that is nonprofit data (Nimishakavi, 2017). Although cybercriminals are equally likely to target nonprofits and major companies, nonprofits struggle to meet the expense of providing adequate protection for the data they collect. In 2019, The Internet Crime Complaint Center (IC3) received a total of 467,361 complaints with reported losses exceeding $3.5 billion. The most prevalent crime types reported were Phishing/ Vishing/ Smishing/ Pharming, Non-Payment/Non-Delivery, Extortion, and Personal Data Breach (Gorham, 2019). What makes the issues more troubling is the fact that a considerable amount of that information can be stored on the managers’ and employees’ personal laptops and cell phone. This can increase the risk of a cyber-related events occurring. With that in mind, the purpose of this project is to create a security plan for Company X to protect such confidential information.