The Urgency of Cybersecurity for Nonprofits
The International Computer Security Day has been marked every 30 November since 1988 to remind people to secure their computers, networks, data, and, in more recent years, mobile devices. The day is coming on the heels of the National Cyber Security Awareness Month in October.
The International Computer Security Day is a reminder for organisations, businesses and individuals to protect the valuable information, resources and tools on their computers, and by doing so, the people who use them. Today, this is more important than ever as the use of computers has expanded to just about every facet of daily life and, consequently, so have the threats.
Ahead of the International Computer Security Day on 30 November 2020 Tara Doyle, Marketing Director with supportIT (The Wheel's preferred IT support provider), discusses the need for nonprofits to scale up their digital security to address cybersecurity risks, which have been exacerbated by the COVID-19 pandemic.
At a recent well-attended cybersecurity webinar held in conjunction with The Wheel, participants raised a lot of valid questions and concerns about cybersecurity during lockdown and in general.
A staggering 70% of the participants said they've not undertaken any cybersecurity training in the last 1 year. It is a stark reality of where many nonprofits are in respect of cybersecurity. It shows the 'human firewall' is not available in many organisations.. The national statistics on security awareness show that many organisations do not have a cybersecurity policy/plan and have not provided any training to users even though studies show that 95% of phishing campaigns target users. With more employees working from home and mostly from personal devices, a clear strategy is urgently needed.
Microsoft has just published Nonprofit Guidelines on Cybersecurity and Privacy. The following are the headline measures highlighted in the publication:
1) Identify the Risks
Develop an understanding of the cybersecurity risks confronting your organization, including the risks to systems, data, and capabilities. Doing so will allow you to better manage risks by focusing and prioritising cybersecurity efforts consistent with the organization’s risk management strategy and business needs.
2) Protect against cyber-security threats
Develop and implement safeguards to protect against cyber-security threats by implementing practices that will help, limit or contain the impact of a cybersecurity event.
3) Detect cybersecurity incidents
Cybersecurity incidents are often difficult to detect. Microsoft security researches have shown on average, attackers spend 146 days (20+ weeks) on a network before detection. However, implementing certain processes and monitoring solutions makes it much easier to timely detect anomalies or security events impacting the organisation’s information systems.
4) Develop a strategy for responding
Once a cybersecurity incident is detected, the organisation needs to have a plan in place to efficiently and effectively respond to and contain the impact of an incident.
5) Recover from a cybersecurity incident
After a cybersecurity incident is over, the organisation needs to recover and resume normal operations. Although a full recovery can sometimes take time, being prepared before an incident happens makes it easier for an organisation to restore any capabilities or services that were impaired or lost and reduce the impact of a cybersecurity event. In particular, nonprofits should consider developing procedures to execute recovery plans; ensure sufficient backup capabilities exist; update recovery plans based on lessons learned from the security incident; and coordinate with internal and external stakeholders to safely and securely restore normal operations.
6) Implement specific, high-value security controls
While nonprofits move towards strengthening their digital security strategies, Microsoft recommends that nonprofits implement a subset of identified security controls as soon as practicable.
supportIT are Microsoft Partners & IT Security specialists. Click here for contact details.