Blackbaud breach – Executive Options in light of Reports to OPC & ICO
Three Executive Actions to help mitigate further risk
If your company leverages Blackbaud CRM – this article will provide you of three actions that will help mitigate risk.
Blackbaud a reputable company that offers a customer relationship management system has been hit and paid off ransomware. According to G2, Blackbaud CRM is a cloud fundraising and relationship management solution built on Microsoft Azure specifically for enterprise-level fundraising and marketing needs. The company released an official statement on their website available here https://www.blackbaud.com/securityincident.
As a client, whether you have been notified or not of the breach, your organization has a opportunity to follow breach mitigation and notification protocols
Blackbaud has already notified its clients which data was breached, that said, regardless if you have received the notice or not you have been affected. These are three actions that will ensure that you limit your liability:
1- Request Contract Review and third Party Review: Review service contract with Blackbaud and any other third party managing your Razors Edge systems to ensure that it includes notification and risk assessment clauses.
2- Seek a confirmation from Blackbaud: Request a confirmation that ascertains whether donor data or any other identity credentials have been compromised.
3- Post a statement : If your aggregate data or credentials have been compromised , follow your internal breach notifications protocol.
In all cases your information security or IT department should follow breach mitigation protocols, including but not limited to : password reset, enable two factor authentication for administrators, and enabling off cloud backup.
Since the publication of this article the Office of Privacy Commissioner of Canada and the Information Commissioner’s Office of the United Kingdom have received notices of the breach.
You are invited to contribute to this article in the comments or by sending me a direct email at firstname.lastname@example.org. visit waelhassan.com for more articles on Privacy, Security, and Social Media Analytics.
Waël is on twitter @drwhassan