Security is a big issue in our everyday lives and you need to make sure your employees, data, and organization are protected. Cybint News states, "43 percent of cyber-attacks target small businesses, 64% of companies have experienced web-based attacks, and 62% experienced phishing & social engineering attacks." These statistics are alarming. Cybercrime will continue to evolve because cybersecurity products and solutions simply can't keep up.
Many nonprofits may think that they are not large enough to be a target but being smaller in size is one of the things that makes your organization more appealing to cybercriminals. Nonprofits and schools usually have fewer IT staff and resources, making your organization particularly vulnerable. Nonprofit IT staff frequently juggle responsibilities to keep the organization’s systems running, which often means that you and your coworkers have less time to focus on security.
We’ve compiled 8 IT security tips to protect your data:
1. Avoid phishing scams. Here’s a not-so-fun fact – your email filters have a 10.5-15 percent failure rate. You can avoid phishing scams by practicing the motto, “think before you click”. Always check that you recognize the sender and domain by hovering over hyperlinks before clicking. Never open attachments from an unknown source and always contact the person via phone if something seems unusual. You can also configure rules in your company's email system to provide visual cues to your employees about email safety with external sender notifications. Office 365 also offers advanced threat protection for E1 and E3 plans at a discounted price through Microsoft's donation plan.
Employees are the first line of defense from cybercriminals and are more important than any firewall. Implementing a security awareness training program at your organization is critical to your IT security strategy. This should include ongoing training and it should be part of your new employee onboarding process. We currently offer free phishing testing for your employees, which can be a fun way to test their knowledge.
2. Practice ’think before you click’ when browsing the web. Avoid visiting unknown websites and always make sure the site is protected with HTTPS when submitting sensitive data. The ‘s’ in HTTPS stands for 'secure' and it means all communications between your browser and the website are encrypted. Make sure to never download software from untrusted sources. Sites that advertise free content such as TV shows, live-streaming, or free software are big red flags and may contain malware. We've written more about this here.
3. Utilize anti-virus or anti-malware programs. Anti-virus software helps to protect your computer by recognizing viruses that can harm your computer by deleting them. Anti-malware is software that defends against all malware including viruses, worms, spyware, Trojan horses, and other unwanted invaders that can harm your computer.
4. Keep all software up to date. Microsoft releases hundreds of security patches for computers and servers each month. Always follow best practices for patching and ensure that your devices have the proper updates installed. If you currently work with a MSP, take advantage of their server and workstation patching services to keep your data safe. This also applies to your server or workstation operating system - versions are only supported and secure for a certain time frame. The next big "end of life" support date is January 14, 2020 for Windows 7 and Windows 2008 Server R2.
5. Secure your devices. Always use a passcode on a phone or tablet so that no one can gain access while you’re not using it. For desktop or laptops, make sure you lock your screen or shut down the system when it’s not in use. If you keep sensitive information on an external hard drive or flash drive, keep them password protected.
6. Protect all sensitive data. Use encryption when storing or sending sensitive data via email. Delete sensitive data files from your devices when you no longer need them; this includes keeping social security numbers, credit card information, and healthcare documents removed from your devices. This will be especially important if you were ever victim of a ransomware attack where hackers lock your data and infiltrate your system.
7. Back up your data on a regular basis and keep it secured. If you are a victim of a security incident, this will allow you to retain your data. Backups for your entire network infrastructure are crucial and you can enlist the help of a MSP to choose the right solution. This is also relevant for websites, tablets, phones, and computers. We've written more about the ways you can avoid network failures and manage risk here.
8. Practice secure password management. A strong password should look like a series of random characters and there are some best practices that you should follow when creating them. While you can use secure password generators online, here are a few simple steps to create your own secure password:
- Step 1: Think of a sentence or phrase with at least 8 words that you can easily remember but is hard for someone else to guess. This phrase could be a line from your favorite movie, a quote that you like, or song lyric that always gets stuck in your head.
- Step 2: Take the first letter of each word in your phrase.
- Step 3: Capitalize some of the letters at random and leave the rest lower case.
- Step 4: Now, substitute a number for at least one of the letters, and substitute two more letters with special characters such as an exclamation mark, asterisk, or ampersand.
Example: “You can dance if you want to you can leave your friends behind” becomes Y&d!YwtYc1Yf6
As you know, you should never share your passwords or write them down. We recommend using a password manager on your computer or phone and always having a passcode or password lock on your devices.
We've also created a handy document of cybersecurity terms you need to know to stay informed.
Would you like a security assessment of your current IT environment? Could your staff use training on best practices to keep your organization safe? Tech Networks of Boston offers in-person cybersecurity trainings for staff, IT Security Assessments, and Security Awareness Training. Contact us to discuss different ways that we can help make your business more secure.
Do you have any tips we haven’t mentioned? We’d like to hear yours in the comment section below!