padlock to depict protection, data privacy and security

Cyber Readiness – If it Ain’t Broke, You May Still Want to Fix It…

The saying “if it ain’t broke don’t fix it” is widely attributed to T. Bert (Thomas Bertram) Lance, the Director of the Office of Management and Budget in President Jimmy Carter’s 1977 administration.  Lance’s aim was to save money by adopting a fiscal policy that focused on needed repairs.  Over time, this colloquialism has come to represent a pragmatic approach to “triaging” issues.  When it comes to cyber-security readiness, however, this approach is ill-advised.  Put another way, the fact that your organization has not experienced a security incident to date should not be rationale for maintaining the status quo.

Data breaches are the leading threat in today’s digital world, with a new cyberattack occurring approximately every 39 seconds. Non-profit organizations are increasingly being targeted by cybercriminals, not only because of the wealth of data they possess, but because they simply do not take the same precautions nor employ the same resources as their for-profit counterparts.  In fact, small-to-medium-sized organizations are actually more likely to be targeted by hackers for that very reason.

The financial cost of managing a data breach is well documented.  A recent study estimated the average cost of a breech in 2021 at 4.24 million dollars, a 10% rise from 2019.  Although less tangible, the potential loss of trust of the nonprofit’s donors, volunteers and the community can be significant. Such a loss is not only difficult to restore, it can also affect fundraising activities, volunteer engagement, and partnerships with other organizations for years to come.

For organizations seeking to decrease their cybersecurity vulnerabilities, a good first step is to obtain a comprehensive understanding of the current risk environment. For example, what kind of data does your organization collect, store, share and transmit?  Where and how is the data being stored, and who has access to the data?  How does the organization transmit data? (Data transmission is often one of the most significant vulnerabilities; any time data is sent from one location to another, there is a risk of interception.) During the COVID-19 pandemic, the risk of insecure data transfer has increased as more and more individuals have begun accessing critical data from personal mobile devices or using personal digital storage solutions.  Assessing these weak points can be achieved through a data-privacy audit whereby information gathered is then used to strengthen the organization’s cyber-readiness.

Additionally, organizations should consider implementing the following measures:

Implement (Or Update) Organization-Wide Cybersecurity Policies
The first step in ensuring the security of an organization’s data is to have consistent, documented cybersecurity policies in place for all employees to follow.

Provide Ongoing Cybersecurity Training
Next, all individuals within the organization who have access to secure data should receive annual cybersecurity training.

Focus Your Cybersecurity Efforts/Revaluate Third-Party Vendors
Focus on security controls that would be the most effective based on your specific needs and resources. And as many breaches occur from the actions/omissions of third-party vendors who store an organizations data, review the legal terms of all such agreements to make sure there are appropriate terms and conditions to protect your organization (read Are You Protected? Five Points to Include in Every Technology Agreement).

Create A Data Retention and Deletion Policy
Most organizations collect more data than they need, and hold the data longer than necessary or practical.  The more data your organization stores, the greater the liability if a breach occurs.  It is imperative that organizations adopt a policy that dictates the types of data to be stored, and when/how that data is deleted when no longer relevant.

Prepare for the Unexpected
Every organization needs a plan for what to do in case of a data breach. An incident response can help organizations plan to comply with applicable laws and regulations, and launch a rapid and coordinated response that will mitigate the damaging consequences of a data breach.  On a side note, the recently enacted NY SHIELD Act requires organizations that collect information from NY residents to have both a Data Retention and Deletion policy as well as an Incident Response plan in place, among other requirements (read The SHIELD Act – A New York State of Mind … and Privacy).

Share this Post

Related Posts

Today, more and more nonprofits rely on third-party vendors for technology solutions to provide a range of services and operational support, including donor outreach and management, web platforms, payment …
perlman & perlman philanthropic sector law firm blue logo

click to exit page

silk lanterns

who we work with

Our clients are diverse nonprofit organizations with a broad range of missions, as well as for-profit companies in evolving areas such as social enterprise, corporate philanthropy, joint ventures, technology-driven fundraising, and impact investing.

A.B. Data
AB InBev Foundation
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
Americans for Ben Gurion University
Association of Fundraising Professionals
Avalon Consulting
Baton Rouge Area Foundation
Black Lives Matter Global Network Foundation
Bleeding Blue for Good Fund
Bradley Cooper’s One Family Foundation
BrightFocus Foundation
Brooks Brothers
Chadwick Boseman Foundation for the Arts
Changing Our World
Charity Defense Council
Christian Appalachian Project
Doctors of the World/ Medecins du Monde
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Estee Lauder Companies, Inc.
Feed The Children
Food For The Poor
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Hope for New York
International Campaign for Tibet
International Crisis Group
International Justice Mission
J. Crew Group
Johns Hopkins University
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law

LSU Foundation
Marts & Lundy
Meyer Partners, LLC
Milken Institute
NAACP Foundation
National Alliance on Mental Illness (NAMI)
National Marrow Donor Program
National Park Foundation
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
PopSockets
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rockefeller Philanthropy Advisors
Save the Children Federation
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Subaru of America
The Little Market
Touro University
United States Equestrian Team Foundation
United Way Worldwide
University of Connecticut
University of Virginia
Vote.org
Whitney Museum of American Art
World ORT
World Wildlife Fund
YWCA USA

A.B. Data
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
Americans for Ben Gurion University
Association of Fundraising Professionals
Baton Rouge Area Foundation
BrightFocus Foundation
Burger King McLamore Foundation
Cancer Care
Carnegie East House and James Lenox House Association
Center for Car Donations
Changing Our World
Charity Defense Council
Christian Appalachian Project
Coca-Cola Scholars Foundation
Convoy of Hope
Cornell University
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Feed The Children
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Helen Keller Services
Hope for New York
Human Rights Watch
Humane Society of US
Indiegogo
International Campaign for Tibet
International Crisis Group
International Justice Mission
Japanese American National Museum
Johns Hopkins University
Lane Bryant Charities
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law
LSU Foundation
Mattel
Meyer Partners, LLC
Milken Institute
National Breast Cancer Coalition
National Marrow Donor Program
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Obama Foundation
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rock and Roll Hall of Fame and Museum
Rockefeller Philanthropy Advisors
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Steinhardt Foundation
Subaru of America
United States Equestrian Team Foundation
University of Montana Foundation
University of Nevada, Las Vegas Foundation
Whitney Museum of American Art
World ORT
World Wildlife Fund
YMCA USA
YWCA of New York City
YWCA USA

perlman & perlman philanthropic sector law firm blue logo

click to exit page

news & events

Our attorneys’ recent contributions to the media and nonprofit sector publications.

news & events

Check out our attorneys’ recent contributions to the media and industry publications.

Secure Your Data – Seriously, AFP New York Chapter News
As Jon Dartley, a data privacy and security attorney at Perlman and Perlman says, “It is vital to have the appropriate legal terms in the contract to protect your interests.”  Find out what your liability limit is.  Have it in writing who bears the responsibility and cost of a data breach.  And, have the vendor agree on a specific timeframe within which they need to advise you of a data breach.

Warning: Don’t Cut Legal Corners When Mixing Social And Business Impact,  Forbes
Particularly striking is that (Karen) Wu believes this is the “first multi-state regulatory activity involving cause marketing in almost two decades.”

Is stealing, then giving back, OK?
Cliff Perlman lends his advice on theft within a nonprofit.

Buyer Beware: Negotiating Terms in Technology Agreements
Jon Dartley provides tips on negotiating contracts with technology vendors.

Four Ways Charitable Giving Could Change with a Tax Overhaul
Cliff Perlman remarks on the possible threat of a change to charitable deduction.

How To Deal With Residual Data, Nonprofit Times
Jon Dartley’s advice on addressing “data exhaust”.

Secure Your Data – Seriously, AFP New York Chapter News
As Jon Dartley, a data privacy and security attorney at Perlman and Perlman says, “It is vital to have the appropriate legal terms in the contract to protect your interests.”  Find out what your liability limit is.  Have it in writing who bears the responsibility and cost of a data breach.  And, have the vendor agree on a specific timeframe within which they need to advise you of a data breach.

Warning: Don’t Cut Legal Corners When Mixing Social And Business Impact,  Forbes
Particularly striking is that (Karen) Wu believes this is the “first multi-state regulatory activity involving cause marketing in almost two decades.”

Is stealing, then giving back, OK?
Cliff Perlman lends his advice on theft within a nonprofit.

Buyer Beware: Negotiating Terms in Technology Agreements
Jon Dartley provides tips on negotiating contracts with technology vendors.

Four Ways Charitable Giving Could Change with a Tax Overhaul
Cliff Perlman remarks on the possible threat of a change to charitable deduction.

How To Deal With Residual Data, Nonprofit Times
Jon Dartley’s advice on addressing “data exhaust”.

perlman & perlman philanthropic sector law firm blue and green logo

click to exit page

perlman & perlman philanthropic sector law firm blue and green logo

click to exit page

silk lanterns

who we work with

Our clients are diverse nonprofit organizations with a broad range of missions, as well as for-profit companies in evolving areas such as social enterprise, corporate philanthropy, joint ventures, technology-driven fundraising, and impact investing.

who we work with

Our clients are diverse nonprofit organizations with a broad range of missions, as well as for-profit companies in evolving areas such as social enterprise, corporate philanthropy, joint ventures, technology-driven fundraising, and impact investing.

A.B. Data
AB InBev Foundation
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
Association of Fundraising Professionals
Avalon Consulting
Baton Rouge Area Foundation
Black Lives Matter Global Network Foundation
Bleeding Blue for Good Fund
Bradley Cooper’s One Family Foundation
BrightFocus Foundation
Brooks Brothers
Chadwick Boseman Foundation for the Arts
Changing Our World
Charity Defense Council
Christian Appalachian Project
Doctors of the World/ Medecins du Monde
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Estee Lauder Companies, Inc.
Feed The Children
Food For The Poor
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Hope for New York
International Campaign for Tibet
International Crisis Group
International Justice Mission
J. Crew Group
Johns Hopkins University
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law
LSU Foundation

Marts & Lundy
Meyer Partners, LLC
Milken Institute
NAACP Foundation
National Alliance on Mental Illness (NAMI)
National Marrow Donor Program
National Park Foundation
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
PopSockets
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rockefeller Philanthropy Advisors
Save the Children Federation
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Subaru of America
The Little Market
Touro University
United States Equestrian Team Foundation
United Way Worldwide
University of Connecticut
University of Virginia
Vote.org
Whitney Museum of American Art
World ORT
World Wildlife Fund
YWCA USA

A.B. Data
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
American Rivers
Association of Fundraising Professionals
Baton Rouge Area Foundation
BrightFocus Foundation
Burger King McLamore Foundation
Cancer Care
Carnegie East House and James Lenox House Association
Center for Car Donations
Changing Our World
Charity Defense Council
Christian Appalachian Project
Coca-Cola Scholars Foundation
Convoy of Hope
Cornell University
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Feed The Children
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Helen Keller Services
Hope for New York
Human Rights Watch
Humane Society of US
Indiegogo
International Campaign for Tibet
International Crisis Group
International Justice Mission
Japanese American National Museum
Johns Hopkins University
Lane Bryant Charities
LSU Foundation
Mattel
Meyer Partners, LLC
Milken Institute
National Breast Cancer Coalition
National Marrow Donor Program
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Obama Foundation
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rock and Roll Hall of Fame and Museum
Rockefeller Philanthropy Advisors
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Steinhardt Foundation
Subaru of America
United States Equestrian Team Foundation
University of Montana Foundation
University of Nevada, Las Vegas Foundation
Whitney Museum of American Art
World ORT
World Wildlife Fund
YMCA USA
YWCA of New York City
YWCA USA
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law

perlman & perlman philanthropic sector law firm blue and green logo

click to exit page

Culture & Values

Vision

We view our clients as partners that share our commitment to bring about change in the world. Our goal is to provide them the peace of mind of knowing that they are in compliance with their legal obligations and to further empower them to achieve positive social impact and financial success.

Our Mission

Our mission is to provide the highest quality, integrity-driven legal services to our clients, using a practical, consultative, client-focused approach to identify and respond to problems and challenges.

We strive to maintain a culture characterized by respect, opportunity, diligence, mutual empowerment, entrepreneurship, and fair reward for efforts made on behalf of clients and the firm.

Perlman & Perlman is a Certified B Corporation

Certified B Corporations use the power of business to solve social and environmental problems. B Corps are unlike traditional businesses because they

  • Meet comprehensive and transparent social and environmental performance standards
  • Meet higher legal accountability standards
  • Build business constituency for good business