Safe Working from Home – Cyber Security Advice to help protect your Nonprofit
Hackers have become increasingly sophisticated in recent years and even more so during the COVID-19 pandemic. We are seeing an increase in the number of attempted attacks designed to target people who are isolated at home. Breaches, regardless of the severity, can be disruptive, costly and damaging to the reputation of any charity or business.
Ahead of the International Computer Security Day on 30 November 2020 Tara Doyle, Marketing Director with supportIT (The Wheel's preferred IT support provider), highlights some key areas to help protect your nonprofit.
Create a more security-aware organisational culture
Security awareness is a large part of the human side of prevention. Often, people are the weakest link and the best way to mitigate against this risk is to ensure your staff are aware of the latest threats; highlight attempted email scams so staff can know what to look out for and communicate to users the processes for reporting SPAM.
‘Many of supportIT clients request an alert when a potential SPAM issue is logged so that they can monitor the types of threats that are coming into the business and use that information for educational purposes.’ Joe McGivern, CEO, supportIT.
Agree policies that relate to devices that are used in the home
Ensure you put policies in place for work devices that are in use in the home. These should be used exclusively by the employee, not friends or family. Also, your nonprofit must have a ‘Bring your own device’ (BYOD) policy; devices that staff are intending to use should have adequate anti-virus software installed and be updated to ensure the latest security patching is in place.
Strong group policy & password settings
As a managed service provider, supportIT puts particular emphasis on strong group policy settings; forced password changes, minimum password length, screen locks & software installation restrictions can be activated centrally and pushed out to every machine for enhanced security.
Strong password policies should also apply to 3rd party applications being used, like CRM and Finance applications – discourage sharing passwords and, for audit trail purposes, create logins for each individual user.
Use Virtual Private Networks (VPN)
A VPN is needed if home workers need access to the company network, particularly if you want to make sensitive information available. Ensure your nonprofit has enough licenses in-place to allow all your remote workers to access the network, and reinforce this with the SSL security protocol and multi-factor authentication.
Ensure you have adequate anti-virus solutions in place
The best products are paid solutions with proven detection rates. Make sure that you include phones, tablets, and especially, laptops. Our recommendation is Webroot, it is an award winning solution with high detection rates.
Two Factor/Multi-factor enablement
Most applications now have two-factor/multi-factor enablement. This is activated within the application itself – this is best practice to ensure your application is secure, particularly if you store personal identifiable or finance data.
Data Loss Protection (DLP)
For those organisations that have more stringent compliance regulations, an added layer of protection called Data Loss Protection (DLP) is recommended. DLP is a built-in feature of Office365 and is activated through the management console.
If it happens, deal with it correctly
The reputational damage resulting from a data breach is devastating for any nonprofit or business. Your reputation is your most valuable asset. It needs to be protected. In our experience, if a breach does happen confidence can be restored if your customers know that you have taken the proper steps by:
- notifying them
- notifying the data protection commissioner
- putting procedures in place to ensure it doesn’t happen again.
Simply put, you can minimise the impact of a breach on our stakeholders through swift action and effective communications.
Contact supportIT for a consultation to discuss your IT security requirements.
Join The Wheel on 30 November as we host a free webinar on Securing Your Nonprofit Against Cyber Threats