Looking for Something Specific?
Search the I.T. and Business News You Need Archives.
Managing a nonprofit organization is a difficult process. Resources are limited, and therefore even more valuable than in profitable companies. When the margins are thin and the operation is small and efficient, expenditures to keep your IT systems running properly can be difficult to justify. Are you getting your money’s worth from your San Jose IT support?
You can’t risk underinvesting in IT, especially when it comes to your cybersecurity. When resources are stretched thin, many nonprofits will cut corners where they think they can. Often, that means cybersecurity.
That’s why up to 70% of nonprofits have never conducted a vulnerability assessment. And nearly the same number have no type of cybersecurity response plan in place.
Everyone is aware that a data breach is always a possibility. But when it comes to nonprofits, those at risk are the ones that actually donated their money to a worthy cause. The last thing you want to do is put them at risk. That’s why you need to make sure you’ve invested in San Jose IT support that will keep your data (including the financial and personal information of your donors) secure.
1. Be Smart With Your Passwords
This is a basic part of safe computing. Have you considered how strong your passwords are?
Length and Complexity
Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. That’s why short and simple passwords are so common – users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.
Numbers, Case, and Symbols
Another factor in the password’s complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
Many users assume that information specific to them will be more secure – the thinking, for example, is that your birthday is one of 365 possible options in a calendar year, not to mention your birth year itself. The same methodology applies to your pet’s name, your mother’s maiden name, etc.
However, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when they were born, information about their family, personal interests, etc.
Pattern and Sequences
Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.
2. Have Your Patches And Updates Managed
Did you know that one of the most common ways that cybercriminals get into a network is through loopholes in popular software? Much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.
To address this, developers regularly release software patches and updates to fix those flaws and protect users. This is why keeping your applications and systems up to date is a key part of safe computing.
3. Back Up Your Data
Do you have a data backup policy in place?
If you have you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.
That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
Be sure to:
a. Back up data on a regular basis (at least daily).
b. Inspect your backups to verify that they maintain their integrity.
c. Secure your backups and keep them independent from the networks and computers they are backing up.
4. Delegate And Be Resourceful With Your Team
Appoint a reliable staff member to liaison with your San Jose IT support and make sure that your employees and volunteers strictly adhere to your cybersecurity plan.
Along with your IT professionals, this person will be your point-of-contact to make sure you are adhering to IT security-compliance regulations and standards so you can stay in good standing with governments and donors.
5. Strategize Cybersecurity
It’s essential that you determine exactly what data or security breach regulations could affect you. You need to know how to respond to data loss. All employees and contractors should be educated on how to report any loss or theft of data, and who to report to.
Data loss can expose you to costly state and federal regulations and litigation. You must be able to launch a rapid and coordinated response to a data breach to protect your reputation.
Your plan should include input from all departments that could be affected by a cybersecurity incident. This is a critical component of emergency preparedness and resilience. It should also include instructions for reacting to destructive malware. Additionally, departments should be prepared to isolate their networks to protect them if necessary.
6. Make Your Staff A Cybersecurity Asset
Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don’t, and thus present a serious threat to your security.
So, which is it? Do your employees and volunteers have the knowledge they need to spot cybercrime scams, avoid common pitfalls and keep your data secure?
Security awareness training helps your employees and volunteers know how to recognize and avoid being victimized by phishing emails and scam websites.
They learn how to handle security incidents when they occur. If your employees and volunteers are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.
7. Roll Out A Security Policy
Every organization should set a security policy, review it regularly for gaps, publish it, and make sure employees follow it. It should include such things as:
a. Not opening attachments or clicking on links from an unknown source.
b. Not using USB drives on office computers.
c. A Password Management Policy (no reusing passwords, no Post-it Notes on screens as password reminders, etc.).
d. Required security training for all employees.
e. A review of policies on Wi-Fi access. Include contractors and partners as part of this if they need wireless access when onsite.
8. Have An Incident Response Plan In Place
When you suspect an attack has taken place, you need to act quickly. Contrary to popular belief, some businesses take weeks or even months to realize they’ve been penetrated. If you suspect something has occurred, do the following:
a. Make sure all your software is up to date.
b. Scan your systems for virus or malware infections.
c. Disconnect devices from the Internet and perform a factory reset – ideally, your data will all be backed up elsewhere.
d. File a report with the local police and make sure there is a record of the incident.
9. Don’t Forget About Mobile Devices
This type of comprehensive policy dictates how your employees can use their personal devices for work purposes, dictating which security apps should be installed, and what best practices need to be followed.
An effective MDM policy should also instill safe and secure practices for employees that use personal devices for business purposes.
10. Test And Assess Your Cybersecurity
Determine how your data is handled and protected. Also, define who has access to your data and under what circumstances. Create a list of the employees, volunteers, donors or contractors who have access to specific data, under what circumstances, and how those access privileges will be managed and tracked. You must know precisely what data you have, where it’s kept, and who has rights to access it.
Like this article? Check out the following blogs to learn more: