BLOG

Though it is disheartening to consider, even not-for-profits are susceptible to costly fraud and devastating data breaches. That is why we like to remind all of our readers that we offer secure disposal of physical and electronic information for a variety of individuals and industries.

A recent study conducted by the Association of Certified Fraud Examiners (ACFE) found that a disproportionate amount of occupational fraud occurred in the not-for-profit sector. Though it ranked lowest in the list of industries under investigation for number of cases reported, it nearly shared the same median of loss as the highest ranking industry.

Researchers speculated that not-for-profit organizations had such a high margin for fraud due to a lack of professional and financial support. Many organizations rely solely on volunteers to function, operating under an implicit contract of trust. The assumption is that if a person is charitable enough to be volunteering his or her time towards a good cause, then he or she should find defrauding the organization for his or her own gain to be morally repugnant. Unfortunately, as we will learn, this is not always the case. Meanwhile, non-profits typically don’t have enough revenue to support comprehensive internal and external security measures in addition to their normal operations, which opens them up to even greater risk.

These are the perfect set of circumstances for those who have no qualms about scamming a charity, and as many not-for-profits have discovered, when opportunity presents itself, people will take it. The Salvation Army realized it was victim to two separate attacks in 2012. Over $2 million worth of toys was gradually stolen from a Toronto storage facility, starting in 2010. In an unrelated theft, the executive director of the charity was fired when over $250,000 had been found missing over the course of 8 years. The investigations for both of these cases are ongoing, but it’s obvious both scams were possible due to lenient security measures.

In March of last year, the British Pregnancy Advice Service (BPAS) was victim to a hacker that threatened to release the personal details of their clients. The organization had been storing the date of birth and contact information of anyone who had requested information via their website. Luckily, the police was able to recover the data before this information could be released. An investigation revealed the BPAS to have poor online security, and the organization was deemed negligent. The Information Commissioner’s Office (ICO) slapped the BPAS with a hefty £200,000 fine for exposing their clients’ confidential information.

For a not-for-profit that struggles to secure revenue, a fine of any amount can be devastating, especially one that amounts to nearly half a million dollars in Canadian funds. But the damage done to a charity’s reputation after a breach is detected is much more destructive than any monetary penalty. Those individuals whose information was hacked through the BPAS’ website are likely hesitant to file a request with that organization again. If donors fear that their money and personal information are at risk, then they are less likely to support a charity.

Implementing sufficient operating systems to decrease the risk of fraud and data breaches is essential to protecting any not-for-profit’s reputation and finances. Internal safety measures such as firewalls, password controls, access cards, and restrictive use on laptops are an essential step towards security. Proper data retention and disposal are also important to safeguarding any physical or electronic information.

For any not-for-profit organization that wishes to implement secure and timely disposal strategies, give us a call today. Our digital and paper disposal services are fundamental to the welfare of your charity and its beneficiaries.