With increased threats as well as new cyber data legislations, cyber security is an important topic for all organizations to consider. We have compiled an overview to ensure your organization is informed and is setup for success.
What is Cyber Security?
Cyber security is the protection of computer systems and their networks from theft and/or destruction of their hardware (computers or devices), software (the programs that run on the computers or devices) and the data stored in the systems.
Why are Associations and Not-for-Profits at Risk? Associations and non-profits organizations are at risk of being hacked because of the sensitive member data stored in their systems. Member information is valuable to cyber thieves because it can contain personal financial information, like credit card numbers, mailing addresses and email addresses.
Malware Malware (a contraction of malicious and software) can be in the form of trojans, viruses, spyware, worms, botnets or ransomeware. Hackers infect computers by sending malicious files or links that infect, lock your computer, and steal data when opened. Sometimes a ransom is demanded to unlock or disinfect the files, typically using block chain currency.
Phishing It’s critical to not only set up the proper infrastructure to ensure that data is protected but to also ensure that you are educated on cybersecurity. Phishing, for example, is defined as a scam by which an Internet user is duped (as by a deceptive e-mail message) into revealing personal or confidential information which the scammer can use illicitly. We have experienced incidents where phishers have gone to a client’s website, determined who the Treasurer was and sent e-mails posing as another Board Member requesting for funds to be released.
Legal Issues Cybersecurity is extremely important from a legal standpoint as well. There are a number of laws and regulations across the globe that now enforce the protection of an individual’s data. One of the most recent legislations that came into effect on May 25th, 2018 is the General Data Protection Regulation (GDPR). Under GDPR, EU residents have the right to access their personal data, the right to rectify incomplete or inaccurate data, the right to be forgotten and the right to restrict the processing of their data. Many other countries also have their own legislation around processing/using data, so it is imperative to ensure you are informed of the laws in the countries where your members are located. If you have any questions let us know.
What can you do? The first course of action is to train employees and volunteers to be vigilant and aware with incoming emails or external drives. Do not open attachments or download files from anyone you do not know or if the email address looks suspicious.
Strong Passwords and Password Managers
“Creating and remembering complex and unique password for every different login is hard. As a result, people tend to use the same 'easy to remember' password every time. The problem is that it only takes one of these web sites to get compromised for the hackers to have your 'easy to remember' password to try on every other site. Instead, use a password manager like LastPass (https://www.lastpass.com/) or 1Password (https://1password.com/) . Then just create and remember one complex password and have the password manager create and remember the rest of the passwords for you.” Kevin Dawson, President and CEO, ISA Cybersecurity Inc.
Install Antivirus and Anti-spyware software Installing and antivirus software like Norton’s Antivirus will catch viruses before they make it into your computer. They are easy to install and relatively inexpensive or free. Non-profits and associations can often buy antivirus tools at a reduced rate. Anti-spyware is used to detect programs that are engineered to steal valuable information from a computer. They often are hard to detect and work covertly in the background of your applications.
Secure Internet Usage Make sure your Wi-Fi is set to private and set a strong password. It’s also recommended to hide your network’s name so that it doesn’t appear when would-be hackers are seeing what networks are available. Reputable and Secure Payment Processes A secure payment processing tool or service is integral in keeping your members’ information secure. PayPal, Stripe and BluePay are examples of secure payment processing tools and applications.
Cyber Security Insurance
Cyber policies cover the association’s liability for a data breach in which the association’s customers' personal information, such as credit card numbers, is exposed or stolen by a hacker or other criminal who has gained access to its network. Typical premiums run anywhere from $1,000-$1,500 for non-profits.
Fortunately, securing your organization can be done relatively simply at little or no cost. Managing Matters ensures that all its tools are secure and gives our clients the best and safest cyber experience. Contact us for more information on this part of our services. Citations: John Mason, Protect Yourself: Preparing Your Nonprofit’s Workplace For Cybersecurity, May 29, 2018, https://www.techsoupcanada.ca/en/community/blog/protect-yourself-preparing-your-nonprofit%E2%80%99s-workplace-for-cybersecurity
Kevin Dawson, President and CEO, ISA Cybersecurity Inc.