Page 53 - Cyber Defense eMagazine - December 2017
P. 53

Risk assessment can be conducted within the organization or use an outside specialist.
               From the assessment, one can then determine how vulnerable their IT security is and

               identify  the  sensitive  data  that  may  be  targeted.  Due  to  the  constant  attack  on
               vulnerabilities,  cyber  assessments  should  be  updated  and  reassessed  as  often  as

               possible to make sure one remains protected from the latest threats. Better still if the

               assessment can be at-a-glance understood by non-technical users, so well-intentioned
               staff can take action to reduce the risk.



                   2.  Build awareness & educate yourself and team


               Make  cybersecurity  a  top  priority  and  security  awareness  part  of  the  organization’s

               culture, for example all employees should attend cyber security trainings. There are six
               ways that the majority of cyber criminals enter a nonprofit’s database.



                   •          Absence of Password Policy – Always make sure that every team member has
                       two-factor  authentication  on.  As  well  as,  enforce  a  comprehensive  password  policy,
                       which includes how long passwords need to be and how often passwords need to be

                       changed.
                   •          Unsecured software – Never skimp on software. Still to today there are nonprofits
                       using  out  of  date  software  and  sometimes  so  old  that  it’s  no  longer  supported  by

                       Microsoft.  Make sure your computers and network operating system is always updated.
                       The older the system is the more susceptible to data breaches.

                   •          Open-source software – Saving money by using open source software is asking
                       to be attacked since they tend to be extremely vulnerable.
                   •          Online payment processors – Invest in a reputable online payment processor.

                   •          Not using cloud-based platforms – Cloud-based products are usually free or low
                       cost to nonprofits. By using the cloud, it allows nonprofits to outsource a big part of their
                       security needs to leaders in the market, which then leverages technologies from those

                       who have the budgets and resources to combat evolving threats.
                   •          Your  employees  (or  former  employees) –  Make  sure  that  when  an  employee
                       leaves, there are measures to make sure that all devices are wiped clean and access is

                       denied, along with changing passwords and placing a two-factor authentication as well.
                        For current employees, they should be educated on not clicking on unfamiliar emails or

                       attachments since 70-80% of cyberattacks are carried out through email.

                   53    Cyber Defense eMagazine – December 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   48   49   50   51   52   53   54   55   56   57   58