FREE Cybersecurity Support For Your San Jose Nonprofit
Cybersecurity should be a primary concern for any organization – but especially nonprofits.
Even the National Council of Nonprofits recognizes how important it is, stating, “it makes sense for every nonprofit to — at a minimum — assess the risks of a data security breach, and protect its data from unauthorized disclosure.”
You can’t afford to be one of the many (in fact, 60% of nonprofits) that say they do not have or know of an organizational digital policy that would identify how their organization handles cybersecurity risk, equipment usage, and data privacy.
It’s all about developing a comprehensive plan, and investing in verified and reliable security measures, that protect your data from accidental or intentional threats.
What Should Your Nonprofit Cybersecurity Plan Include?
Put a plan in place to make sure that your data is protected both in storage and transit. Hackers are looking to capitalize on your members’ confidential data, and you can’t afford a data breach.
You should also develop a Security Policy. This Policy should begin with a simple statement describing the information you collect about your members and donors and what you do with it. It should identify and address the use of any Personally Identifiable Information (PII) and how to keep it private.
Key aspects of your plan should include:
1. Anticipate Cybercrime.
It’s essential that you determine exactly what data or security breach regulations could affect you. You need to know how to respond to data loss. All employees and contractors should be educated on how to report any loss or theft of data, and who to report to.
Data loss can expose you to costly state and federal regulations and litigation. You must be able to launch a rapid and coordinated response to a data breach to protect your reputation.
Your plan should include input from all departments that could be affected by a cybersecurity incident. This is a critical component of emergency preparedness and resilience. It should also include instructions for reacting to destructive malware. Additionally, departments should be prepared to isolate their networks to protect them if necessary.
2. Don’t Forget About Disaster Recovery & Business Continuity.
You must have a backup copy of your data if it’s stolen or accidentally deleted.
Develop a policy that specifies…
- What data is backed up
- How often it’s backed up
- Where it’s stored
Who has access to the backups
Backup to both an external drive in your office and a remote, secure, online data center. Set backups to occur automatically. And make sure your backup systems are encrypted.
3. Train Your Staff.
Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don’t, and thus present a serious threat to your security.
So, which is it? Do your employees and volunteers have the knowledge they need to spot cybercrime scams, avoid common pitfalls and keep your data secure?
Security awareness training helps your employees and volunteers know how to recognize and avoid being victimized by phishing emails and scam websites.
They learn how to handle security incidents when they occur. If your employees and volunteers are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.
4. Manage Your Software Updates and Patches
Did you know that one of the most common ways that cybercriminals get into a network is through loopholes in popular software, applications, and programs?
Despite how advanced modern software is, it is still designed by humans, and the fact is that humans make mistakes. Due to this, much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.
Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.
This is why it’s imperative that you keep your applications and systems up to date.
Unfortunately, most users find updates to be tedious and time-consuming and often opt to just click “Remind Me Later” instead of sitting through an often-inconvenient update process.
5. Conduct Regular IT Inventory Assessments.
Determine how your data is handled and protected. Also, define who has access to your data and under what circumstances.
Create a list of the employees, volunteers, donors or contractors who have access to specific data, under what circumstances, and how those access privileges will be managed and tracked. You must know precisely what data you have, where it’s kept, and who has rights to access it.
That said, all of this can be difficult to manage on your own. You’re doing important work, and often, you only have the resources to focus directly on what you’re doing.
That’s why you could probably use a little help…
Enlist Veltec Networks For A Free Year Of IT Support
At Veltec Networks, we are a big supporter of nonprofits and we wanted to show our support in a big way this year.
On Thanksgiving Day (November 28, 2019) we will be awarding one nonprofit in the Silicon Valley with Free Technology Support for their organization for one full year. This year of expert IT services will include support for your cybersecurity efforts.
The contest entry period will run from August 1, 2019 until November 27, 2019. Our team of judges will select the winner based on the online entries that we receive.
The winner will be announced LIVE on Facebook on Thanksgiving Day!
Like this article? Check out the following blogs to learn more: