As the number of cyber attacks around the world continues to grow, organisations of all sizes, including not-for-profits, are faced with a very real threat. So, how prepared are you? According to ACSC Annual Cyber Threat Report July 2019 to June 2020, over 2,200 cybersecurity incidents were reported by Australian businesses between 2019 and 2020. While the majority of large companies have security strategies in place, there are still many smaller organisations who are yet to take the necessary steps to minimise their risk.
Unfortunately, many not-for-profits find themselves under-prepared, which can now directly impact getting grants or funding, as basic security measures are requested by many businesses and government agencies prior to providing funding.
The good news is that you don’t need big budgets and endless resources to tackle cyber security. There are plenty of simple and affordable steps you can take right now to protect your organisation.
Here are 7 top security tips that will minimise your risk today.
1. Keep Your OS and Patches Up-to-Date
One of the simplest and most important things you can do to protect yourself from cyber threats is to keep your operating systems current. Some of the worst security breaches, including the recent PrintNightmare attack, targeted businesses using almost every version of Windows, exploiting the printing system to gain full access to your computers and servers.
As a not-for-profit, if your systems are breached, and your sensitive data is compromised, the impact on your customers and employees can be devastating. By ensuring your computers, servers and networking components are patched and running on the latest OS, you significantly reduce the risk of a breach.
2. Next-Generation Prevention
As ransomware and other threats continue to evolve, it’s critical that your security measures do too. The reality is, that if your security applications are three or four years old, they may not be able to detect and stop the new attacks your business is now facing,
Today, organisations need a multi-layered approach to prevent the next generation of threats. For not-for-profits, an effective strategy includes protection against SPAM and zero-day attacks, as well as current versions of firewall, email filters and anti-virus applications.
3. Security Policies
Implementing, monitoring and enforcing a good security policy is a must if you’re serious about preventing cyber attacks. An effective policy provides your end users, IT department and management team with the knowledge they need to identify threats and understand their responsibilities should a breach occur.
Your policy needs to include specific training on avoiding ransomware and other threats. It should also clearly explain the processes to follow during an attack to minimise damage. Plus, if your not-for-profit organisation has an annual turnover of more than $3 million, you’ll also need to include specific information on handling the mandatory notification legislation introduced in the Privacy Amendment (Notifiable Data Breaches) Bill 2016.
4. Employee Security
The major focus of cyber security is usually to stop hackers getting into your systems remotely. It’s critical that you tighten your internal defences too because most of your employees now have phones, tablets or watches that are connected to the internet. It provides hackers with another avenue to infect your network. If any of your team open an email containing a virus, anything they have access to as a user can be compromised. For this reason, it’s a good idea to tighten up access controls on all internal documents on your server, and only give your staff access to what they need to do their job.
5. Be Sure to Backup
Because viruses, crypto lockers and other threats are evolving at a rapid rate, even the best cyber defences can fail. This means a reliable and up-to-date backup is a must for every not-for-profit organisation.
While most companies today realise the importance of backups, many are not doing it effectively. Always backup to a secure location. Be wary of backing up to hard drives that are connected to your server, as they are vulnerable to infection. Most importantly, test your backup to make sure it is properly configured and capable of fully restoring your system.
6. Test Your Defence
Following all the above tips will significantly lower your risk of attack. The reality is your defences need to continually evolve to combat new threats. Auditing your security measures using external tools and systems is a critical step in maintaining your guard. By completing quarterly or half-yearly checks, you can pinpoint any gaps in your defence, and rectify them before a breach occurs.
7. Have a Failsafe Plan
As we’ve mentioned, cyber threats are increasing and changing at a rapid rate, and a multi-layered defence strategy will reduce the likelihood of your organisation falling victim to an attack. So, what do you do if something does slip through?
If you’re not fully prepared, it can be a disaster. Having a documented process to follow in the event of a security breach will lessen the damage caused and get you back on your feet fast. It will also help you avoid the massive fines that organisations are now liable for if they breach the regulated mandatory disclosure laws.
With a clear strategy - you can be prepared
While cyber attacks are complex, your security strategy doesn’t need to be. When you keep your systems current, have a clear security policy, be smart about your access and backups, and test things regularly, you’ll minimise the chance of your not-for-profit becoming the target of an attack. Subnet can also help you in preparing your strategy and assessing your currently maturity level with our Subnet Security Maturity Journey. This simple one page tool helps your organisation align to the Australian Government's Essential 8, and other key security frameworks to ensure you continued improvement in the overall security within your organisation, and its a great way to plan how to tackle all of the items above in a structured way.
Taking it further
If you enjoyed this blog, you'll love our FREE not-for-profit IT guide. Download it today and simplify your approach to technology.
