We have a lot of respect for Nonprofit organizations. The organizations, and the people involved, are doing good in their community, are focused on helping others or the planet, or are serving the less fortunate. They do amazing work. Unfortunately, they are not exempt from cybersecurity attacks, which is a bit disheartening. Because nonprofits tend to collect a lot of data from donors, they are more at risk of a cyber-attack than one might think.
We recently recorded a webinar with senior technical leadership from United Way Worldwide and the Institute on Aging. We work with both of these organizations, but we wanted to provide an outlet for these two leaders to share insights on how their organization has pivoted in response to the transition to a remote work environment, and what that means for their cybersecurity plan, their team members, and their donor/client base.
Consider these key cybersecurity takeaways:
Streamline Your Technology
While it may be easy to layer in new technology platforms, limiting the number of platforms used can be a big benefit. Limiting platforms can cut down on the amount of training time required, as well as the ongoing troubleshooting that may take place. In addition, limiting platforms enables organizations to vet the applications properly and ensure the best security practices are in place. Limiting platforms can also potentially reign in unnecessary costs as well.
One of the tips shared during the call was to publish mini training videos about the platforms that are being used. These videos can be references for future employees, or they can focus on frequently asked questions (or both).
Implement Multi-Factor Authentication
In recent months, phishing emails and social engineering attacks have increased exponentially. Implementing multi-factor authentication helps mitigate a number of these types of attacks, and take some of the “human error, or human curiosity” out of the equation. These types of attacks, if successful, can cause major issues for nonprofits for years to come. In some cases, they may lose important donors.
Keep An Eye On User Access Control
With more employees working remotely, it’s even more important to monitor who has access to what. Monitor employee access and shut down access if they no longer need it, and certainly if they are no longer with the organization. Reigning in access also limits potential access points for hackers.
Continue Vulnerability Scans On Devices
Make this a priority, especially with devices that are now originating from home internet connections or other remote locations.
Reconsider Your Bring Your Own Devices (BYOD) Plan
The transition to remote work may have been sudden for your nonprofit, and personal devices are used more frequently at the moment. These devices should be protected and managed. There should also be processes established to help protect the organization, and also the employee. Take time to review BYOD plans that are currently in place. See how employees are using them to access nonprofit applications and files.
If possible, consider purchasing company cell phones and laptops for your team members. This may not work for all organizations, but it can help mitigate some cybersecurity risks.
Transition To A Cloud-Based Environment & Infrastructure
Remote workers need a secure way to access and share organization information quickly and securely. A cloud-based environment offers this opportunity, along with more security and protection, especially when multi-factor authentication and other security protocols are put in place. If the transition has not been made to a cloud-based environment, now is the time to research the options that make sense for your organization.
Execute A Security Assessment
A security assessment can help organizations determine where to start, and where to spend valuable budget. Look into opportunities to execute a risk assessment and cloud security assessment. In addition, consider auditing your current outside vendors to fully understand their security protocols. And, if they balk at the audit or the questions, consider that a red flag.
Look To Others
If you’re not exactly sure where to start, look to other organizations that already have a strong cybersecurity plan in place. Ask them questions to help get yourself informed, and ask how they are handling their security needs. They may have an internal IT team, an outsourced IT team, or use a combination of both. Use their knowledge to help get you up-to-speed, and on the right track.
We encourage you to watch the webinar for yourself and hear firsthand some of the situations that these two organizations have encountered over the past few months, and how they’ve handled them.