Cyber security enables organizations to practice safe security techniques to minimize the number of successful cyber security attacks. Many tasks that were once done by hand are now carried out by computer; therefore sensitive information is frequently stored on computers that are attached to the Internet.
Joseph Steinberg, a cyber security expert and the C.E.O. of Green Armor Solutions, a leading provider of information security software, provides tips to nonprofit cyber security.
While a single article is not sufficient to cover all the aspects of cyber security in a non-profit setting, here are several high-level pointers…
1) First and foremost, commit to actively ensuring cyber security. The cost – in terms of time, money, and aggravation – will likely be far less if a proactive approach is taken.
2) Create proper policies governing who has access to which resources, and implement rules and technology to enforce these policies. Access to systems and information should always be on a “need to know” basis. Systems should be used for only their intended purposes and not for others, such as reading email or accessing Facebook. Ensure that every user has their own credentials and that all systems require a login with a password that is not easily guessable or found in the dictionary.
3) If wireless (or wired) Internet is provided for guests within a facility, implement it on its own separate network – isolated from any non-profit systems and networks. Visitors have no need to access any internal systems. Don’t let them.
4) Branch office managers should ensure that they conform to all security policies of the parent organization and should also implement security to ensure that a breach at another branch, or at the main office, does not prorogate to their location.
5) Ensure compliance with all credit card security rules, and, unless truly necessary, do not store credit card data after processing transactions. Never store credit card security codes or debit card PIN numbers.
6) Store all sensitive data – including donor information, employee data, documents related to programs being run and beneficiaries from any charity, etc. – in encrypted formats. When in doubt, encrypt.
7) Select and implement security technology to meet functional and security requirements– and ensure that all technology is kept up to date. Keep in mind that all major recent cyber security breaches have occurred to organizations running firewalls, anti-virus software, and other security products, and so…
8) Perhaps most importantly, leverage the services of a skilled cyber security professional to properly design your cyber security plan. Remember, cyber criminals have technical expertise. Shouldn’t you have it to defend your organization?
Joseph Steinberg (CISSP, ISSAP, ISSMP, CSSLP) is a respected cybersecurity expert and the C.E.O. of Green Armor Solutions, a leading provider of information security software. An industry veteran with 20 years of experience, Joseph is often sought after by organizations ranging from global corporations to small businesses to assist them with their digital security needs. He is the inventor of several cybersecurity technologies, the author of a book and many articles on cybersecurity-related matters, and a frequent lecturer on topics related to cybersecurity, technology, and business. For more information, or to contact him, please visit www.JosephSteinberg.com
- Federal IT Top Worries: Complex Attacks, Inside Threats (informationweek.com)
- The Obama Administration and Cyber Security (ritcyberselfdefense.wordpress.com)