Cybersecurity – The Best Offense is a Good Defense
By Mary Beth Foster, TPF’s Vice President of Information Systems
It seems that every day new technologies are emerging, and with each new advance comes a new possibility for a cyber threat. It is an unfortunate fact that cyber attacks are on the rise, with approximately 54% of organizations having experienced at least one cyber attack at some point. Unfortunately, this includes nonprofit organizations, large and small. Since most nonprofits have limited resources, a cyber attack could be a business-ending occurrence. While there is no guarantee that your church or organization will not be breached at some point, there are steps you can take to lower the risk – here are just a few:
- First and foremost, train your employees! A good training program can teach your staff to recognize red flags in phishing emails, social engineering, and other types of attacks. There are many quality cybersecurity awareness training programs. Be sure to do your research and choose one that works for you. Remember, training is an ongoing process. The threat actors don’t take breaks, so neither can your training.
- Strong Passwords and Multi-Factor Authentication (MFA) are critical to maintaining your security. The National Institute of Standards and Technology (NIST), in its most recent guidelines for password policies recommends a password at least 8 characters long (more is better) consisting of a mix of upper- and lower-case letters, numbers, and special symbols. However, even good passwords can be hacked. MFA is a security measure that involves using more than one way to authenticate your identity. Typically, this is your password combined with either a text to your mobile device with a passcode, or use of an authentication app on your mobile device. The most common of these apps are provided by Google and Microsoft, but there are several others. Most applications now either require or offer the option of using MFA authentication. Make the move to utilize MFA authentication whenever possible.
- Encourage your staff to take care of their devices. A Forrester survey found that 15% of breaches are caused by lost or missing devices. Devices should be kept up to date on security patches and app updates and be secured with at least a passcode or password to unlock.
- Set your computers and devices to automatically lock and go to a screensaver after a specified time of inactivity, and manually lock them when unattended. This helps prevent unwanted prying eyes from viewing or using your device when not in your possession.
- Warn your staff to never conduct business over a public wi-fi connection without a VPN (Virtual Private Network) connection. A VPN creates a secure layer to your connection to prevent your data from being intercepted in transit.
- Secure your networks. Safeguard your network with a firewall, antivirus software, and keep your systems updated and patched. There are cybersecurity assessments available which can identify any risks and vulnerabilities in your systems so that you can take steps to improve and maintain your security.
- Have Disaster Recovery and Incident Response plans for your organization and test your plans at least once a year to ensure your staff knows what to do in a cyber emergency. These plans exist to minimize damage in worst case scenarios. You don’t want to be caught without them.
It’s important to create a culture of awareness in your organization by encouraging vigilance and raising awareness. Your staff is your first line of defense against cyber threats, so arm your employees with the information and tools they need. Your best offense truly is a solid defense!
Are you interested in learning more about TPF? CLICK HERE to schedule a meeting with us.