Advocacy groups may not consider cybersecurity as part of their fight, but it plays a vital role in protecting their mission and the people they serve.
Setting cybersecurity policies and following through on them can help advocacy groups continue their work without interruption. This process also can protect the personal and financial data they collect against being stolen and exposed. Privacy advocates may fight for stronger cybersecurity laws, which provide protection at the government level.
Why is cybersecurity so important, and how can your advocacy group implement it? Let’s find out.
What Do Cybersecurity Policies and Laws Protect?
Cybersecurity laws set standards for government organizations and businesses that handle certain sensitive information. The most well-known federal cybersecurity law in the United States is the Health Insurance Portability and Accountability Act (HIPAA). This law protects the privacy and security of healthcare patients’ medical records and other health information.
Within an organization or business, cybersecurity policies set internal rules that guard against security threats. These policies protect sensitive information and critical organizational functions from threats that can expose or break them.
Cyber threats can include:
- Denial-of-service attacks that bring down an organization’s website or network
- Vandalism of websites and social media pages
- Theft of personal or sensitive data, which may then be sold or used for fraudulent purposes
- Phishing schemes that trick someone into giving access to an attacker or downloading malicious software
- Ransomware attacks that hold data and computer systems hostage until a ransom is paid
- Malware that disables important systems and networks
Strong cybersecurity policies aim to prevent these attacks. If this isn’t possible, they include ways to stop attacks quickly and minimize the damage they cause.
The Role of Cybersecurity Policies in Protecting Advocacy Groups
Advocacy groups and nonprofit organizations may be especially vulnerable to cyberattacks. They handle politically and financially sensitive information, and they often have fewer resources than other sectors to protect it. Strong cybersecurity policies can protect the work of advocacy groups in multiple ways.
Protect Sensitive Information
Advocacy groups are often trusted with sensitive information. This can include personal information about supporters and staff, private communication with journalists and other external parties, and confidential campaign details. Cybersecurity policies help to keep this information private.
Even if a breach does not expose this information, it can still harm an organization’s credibility and reduce trust. This can make it difficult for the organization to work effectively in the future.
Protect Against Disruptive Attacks
Cyberattacks can interrupt an advocacy group’s activities. Attacks might disrupt their websites, donation systems, communications, and internal records. An attacker might vandalize website pages or social media accounts, posting hateful or vulgar messages to discredit them. Cybersecurity policies can help ensure that advocacy organizations keep running smoothly.
Protect Against Harassment
Staff and supporters of advocacy groups can be attractive targets for personal harassment. This is especially true if the organization is politically controversial. A cyberattack may target a particular person, or the attacker may use the personal information they uncover to bully or threaten people. Advocacy groups can use cybersecurity policies to help keep people safe from harm.
Case Study: The Importance of Cybersecurity Policy in Healthcare Advocacy
Recent cyber attacks in the healthcare field highlight the importance of cybersecurity laws and policies. These attacks often take the form of ransomware – malicious software that blocks access to data and computer systems. Cyber attackers then demand payment to unblock them.
In 2022, ransomware impacted a large hospital system, causing an estimated $100 million in damages. Attackers stole copies of patient data, disrupted payroll and online portals, interrupted access to health records, and delayed patient care. The cause was likely a phishing attack.
In early 2024, another ransomware attack struck Change Healthcare, a health payment processing company. This disrupted payment and claims processing at healthcare organizations across the country. Personal information may also have been taken and leaked. An investigation revealed that the cause of the attack was a lack of two-factor authentication, which allowed hackers to gain access.
In both of these cases, the ransom was paid, but that didn’t prevent damage or exposure of sensitive data. Strong cybersecurity policies can prevent these attacks and/or mitigate the damage from them. The healthcare field works with especially sensitive information that can cause great harm if exposed. Attacks in this sector also can prevent people from getting t
Advocacy groups with an interest in healthcare have called for stronger laws to protect health-related data. They’ve also urged healthcare organizations to adopt better security resources and guidance.
Tips for Incorporating Cybersecurity Best Practices Into Your Advocacy Work
Not sure where to start? Here are some ways your advocacy group can follow cybersecurity best practices.
Perform Regular Risk Assessments and Security Audits
Take stock of potential weak points and valuable information that attackers might target. This risk assessment will help strengthen security where your organization is most vulnerable. Regularly audit your cybersecurity measures to make sure they’re working as they should.
Create an Incident Response Plan
Incident response plans give instructions on how to handle security incidents. If an attack or breach does occur, your staff will understand who to notify and what to do to minimize the damage.
Train Employees
This is a vital part of any cybersecurity plan. Educate your employees about the importance of cybersecurity and how to avoid common threats. Train them on security best practices for all the systems they use. Remember to also train any volunteers who have access to your network or digital applications.
Use Strong, Unique Passwords
A weak password can be an easy point of entry for an attacker. Make sure your organization uses strong passwords that are long and complex. To avoid login data being leaked in a breach elsewhere, do not use the same passwords that you use for other websites. Enabling multi-factor authorization (MFA) is another good security measure. MFA helps guard against unauthorized access to accounts.
Secure Devices and Networks
Make sure that each device and network your organization uses has appropriate security measures installed, such as a firewall and antivirus software. Consider using services with end-to-end encryption for sensitive data and communication. Don’t forget about mobile devices! If employees use their personal phones for work, it’s a good idea to have a mobile device management policy that sets guidelines for data and network access.
Secure Email Communications
“Phishing” is one of the most common ways that an organization’s data is breached. Phishing scams trick people into giving the attacker access, often with an email that contains a fake login link or a malware attachment. Ensure that your email system has protections in place to detect malicious emails and files, and train staff and volunteers on how to spot them.
Manage Employee Access
Each person in your organization should have access only to the data, software, networks, and hardware necessary for their role. When someone leaves or moves to a new role, ensure their access is revoked accordingly.
Keep Software Up-to-Date
Many software companies issue regular updates to repair security vulnerabilities. Make sure to keep your operating systems and software programs up to date.
Back Up Data Regularly
Make copies of important data and save them as backups in a separate location onsite and/or in the cloud. If you lose access to your organization’s data, you can restore it from these backups.
Plural for Public Policy and Advocacy Teams
Top public policy and advocacy teams trust Plural for their legislative tracking needs. Plural users:
- Access superior public policy data
- Be the first to know about new bills and changes in bill status
- Streamline your day with seamless organization features
- Harness the power of time-saving AI tools to gain insights into individual bills and the entire legislative landscape
- Keep everyone on the same page with internal collaboration and external reporting all in one place
Create a free account or book a demo today!