Small Charity Cyber Security Guide
Updated: Jul 11, 2020
This blog post will cover several controls charities can put into place to dramatically reduce the likelihood of a successful cyber attack.
The Cyber Security Breaches Survey (2020) by the UK Department for Culture, Media & Sport concluded that for the 12 month period studied between 2019 - 2020, it was found that roughly a quarter (26%) of all charities, and over half (57%) of high-income charities reported either a breach or cyber attack. From the previous two studies conducted on the matter in 2017 - 2018 and 2018 - 2019, the rate of reported cyber attacks for charities respectively rose from 19% to 22%.
“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”
Backing up data
One of the most prevalent threats in the industry today is ransomware. This type of malware infects your computer by encrypting all of your data and demanding a ransom in exchange for the key to decrypt the data. It is important to identify data which would be valuable to an attacker (i.e. documents, contacts, financial records, etc.) and create a solution to back the content up on a weekly basis. It's important to make sure the valuable data is backed up in a separate network isolated from your primary network. This will ensure that in the event of a ransomware attack, all of your important documents can be recovered without having to pay a ransom. Hackers for Change can help you back up your important data.
Consider the Cloud
With the introduction of cloud technology and virtualization it is easier then ever to transition your organization to the cloud. Multiple cloud providers, such as Amazon Web Services and Azure, offer virtualized infrastructure on demand which is significantly cheaper then its physical infrastructure counter part. In addition to the cost savings, the cloud offers a secure by default configuration which in return can leave a small attack surface for your organization. Hackers for Change can help your organization migrate to the cloud.
Installing endpoint protection
Endpoint protection should be installed on all of your organization's computer assets i.e. workstations and servers. Endpoint protection can help prevent successful client side attacks in addition to keeping your employees safe from cyber threats. Strong endpoint security can help protect your organization against cyber attacks, however, many organizations lack the expertise and resources to effectively protect their endpoint devices. Hackers for Change can help your organization implement secure and efficient endpoint protection to secure your network.
Keeping systems and applications up to date (patching)
While inconvenient, operating system/software updates are vital to an organization's security strategy. Updates often times bring new features or make changes to existing ones, however, most updates also bundle security fixes in them. These fixes act as mitigation to vulnerabilities reported/uncovered in the respective software. Software vulnerabilities are exploited by hackers to exfiltrate data, escalate privileges or to install malware on a server/workstation.
Using password managers
While password managers have faced their fair share of security breaches, the main players (i.e. LastPass, KeePass, etc.) offer a tremendous service offering and are the most efficient ways to manage complex passwords. Your organization should enforce employees to use a password manager for all logins related to the organization (i.e. gmail, salesforce, etc.). The passwords used for these sites should be complex and stored in a password manager of the organization's choosing.