Despite the best technology defenses (next-gen firewalls and antivirus, advanced threat protection, mail washing, web filtering, regular patching) infections and security events can still occur due to what is often the biggest risk – your people
People-risk is harder in not-for-profits because typically their people aren’t just staff – most not-for-profits also rely on hard working volunteers.
Those volunteers come in all shapes and sizes, with various levels of awareness and knowledge. They often use their own home-IT for their volunteer work, and that can be as varied as the people themselves.
How can you make sure all the people in your organisation are able to best defend themselves?
Social Engineering Protection
Whilst attacks that use “social engineering” have been around for a long time, they are now common-place and every business will be targeted.
It is no longer realistic to say “it won’t happen to me”.
Attacks such as “Spear phishing” uses spoofed emails purporting to be from the CEO to convince a finance person to transfer money to an unintended recipient. They often know a lot about your company (e.g. who your key staff are, and if they are out of the country) and can be very convincing. As they are plain text, they cannot be blocked by technology.
Another common attack involves harvesting information and then sending very realistic invoices to your customers with a different bank account number.
Mitigating Risks
Regularly training of staff and volunteers on good security practices, and updating them on the latest security threats, can help mitigate the danger of security risks impacting your business. We have done this training for other clients via short presentations, e-Learning tools or via internal marketing campaigns using posters and email newsletters.
The other big thing that was a “nice to have” and is now a “must have” is two factor authentication for cloud services. This means that your people need to authenticate using a username and password, and then also approve the login using a mobile device. This is the best way to prevent hackers around the world from gaining access to your user accounts.
For more information, contact us today.
If you aren’t sure who in your organisation is best to answer these questions, it is probably time you tried a contract part-time IT Manager, to help you manage ALL your valuable IT.
Check out our structured, programmatic “IT Manager as a Service” approach to help you.