You’re Hired! Time to Scrub Your Info From the Internet

More people are working at nonprofit organizations (NPOs) than ever before. According to a 2020 report by the Johns Hopkins Center for Civil Society Studies, nonprofits are the third-largest employer in the US — only lagging behind the retail and hospitality industries in terms of numbers.

According to studies, the vast majority of nonprofit employees are happy in their roles and believe they are making an impact through their work. Unfortunately, as more people work for NPOs, the number of nonprofit employees that are being targeted, bullied, and harassed online is on the rise. With our world becoming increasingly digitized, much of this targeting is made possible due to the easy availability of employee personal information online.

Nonprofit Employees Are Highly Vulnerable to Online Bullying and Harassment

Online harassment is a severe problem in the US. According to the Pew Research Center, about 4 in 10 Americans have experienced online harassment, with cyberbullying an especially pertinent problem for people who are female, identify as LGBTQ+, are religious, or come from an ethnic background. However, while these statistics are for the population as a whole, nonprofit workers are often over-exposed to the threat of online harassment.

To take just one horrifying example: In 2015, a hacking group called 3301, whose members include anti-abortion activists, shared a list of 333 individuals associated with the nonprofit Planned Parenthood, which featured their names and email addresses. The group also boasted of having the Social Security number of Planned Parenthood’s CEO. When asked by the media company Mic as to what the people working for Planned Parenthood should do now, seeing how their safety may have been compromised as a result of the data leak, the hacking group’s leader ominously replied, “I guess they just buy a gun.”

Regrettably, too many nonprofits are falling behind when it comes to keeping their employees safe. Not only do nonprofit employees lack cybersecurity awareness, but their employers also don’t take virtual threats seriously.

Online Harassment Can Damage Both a Nonprofit’s Image and Its Employees’ Wellbeing

Regardless of whether it happens in a personal or professional environment, online harassment can have a devastating impact on a person’s wellbeing. The sense of helplessness and insecurity that online harassment and cyberbullying creates can cause long-term physical and mental health problems for employees, such as stress, depression, burnout, and even post-traumatic stress disorder.

Professionally, harassment can also have a tremendous negative impact on workplace productivity. If they’re constantly harassed online, some nonprofit employees may even decide that the risk to their wellbeing outweighs their contribution to society and quit their job for a career in a different sector.

Harassment campaigns on nonprofit employees may also impact an organization as a whole. Since nonprofits exist outside of the market economy, they depend largely on their reputation and public goodwill for their funding. With bad press and employee scandals capable of shutting off the flow of individual donations, corporate sponsorships, and federal grants, protecting employees from harassment needs to be an organizational priority.

The Solution: Taking a Proactive Approach to Employee Protection

Despite everybody being on the internet, basic cybersecurity awareness is still rare among most people — and nonprofit employees are no different. Whether through oversharing on social media or poor cybersecurity practices like lax password management, NPO employees are frequently their, and their employers, own worst enemies. As a result, it’s up to their employers to protect NPO employees from themselves.

1. Enact privacy-first policies

A pre-COVID-19 survey by Accenture revealed that 51% of workers would consider leaving an employer who doesn’t take employee privacy protection seriously. Fortunately, employers can retain their workers’ trust and attract new talent by enacting privacy-first policies that place privacy protection on the same level as health coverage, paid vacations, and other employee benefits.

Similar to a privacy policy, a privacy-first policy regulates what information employers can and cannot require from their employees. However, a privacy-first policy takes the nonprofit’s commitment to employee privacy protection even further by giving guidelines about how employees can safely use the internet both at work and in their personal lives.

The guidelines can include making monitoring a collaborative process and giving employees access to tools and training resources that empower their ability to protect themselves. Critically, any privacy-first policy also needs to plot a clear route for employees experiencing online harassment to inform managers and receive targeted, timely support.

2. Training around security awareness

Nonprofit employees must safeguard their personal information against a wide array of attacks, like phishing or social engineering, to name a few. If these threats are left unaddressed and an employee’s data is exposed, threat actors will have free rein to bully, slander, steal banking information, or even physically attack nonprofit employees.

Being able to spot online threats is essential for employees. But if staying one step ahead of threat actors isn’t easy for organizations, it’s almost impossible for individuals. That’s why it’s up to nonprofits to ensure their workers are well-aware of the dangers they face online.

Nonprofits can use lectures and life-like phishing drills to teach workers how to recognize scams designed to expose their information and use social media safely. Likewise, circulating an email newsletter with security updates can do wonders to improve employees’ security both in and out of the workplace.

3. Give employees access to proactive privacy protection solutions

According to Dashlane, the average American has 150 online accounts. As a result, no matter how careful nonprofit employees are, online hygiene practices can only do so much to protect them. With an ever-growing amount of personal information that ends up online, employees may find it impossible to keep track of what they said or shared on every online account they own.

Technology offers a convenient, efficient way to solve this issue and prop up employees’ online defenses. For example, credit monitoring tools can alert users whenever a change is made to their credit reports, giving nonprofit employees time to confirm whether these changes are legitimate or if the bank needs to investigate them.

Likewise, nonprofits can make the process of tracking and cleaning their employees’ digital footprint much easier by providing access to employee privacy protection services that opt them out of popular data brokers’ sites as part of their employee benefits package.

Final Thoughts

As the world moves toward remote work, nonprofits must protect the health and wellbeing of their most valuable assets: their employees.

Every forgotten account or exposed personal detail that remains online represents a ticking time bomb that could blow up at any minute. Protecting employee personal information is a race against the clock to ensure that threat actors have as little ammunition against nonprofits or their employees as possible.

Only when nonprofits give employees the tools, training, and support they need to stay out of harm’s way online will they be able to ensure that their workers can stay safe, motivated, and focused on their cause.

Rob Shavell

Rob Shavell is CEO of Abine / DeleteMe, The Online Privacy Company. Rob has been quoted as a privacy expert in the Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California Privacy Rights Act (CPRA).