Non-profit organizations can be an alluring target for attackers. With the news and social media often focusing on the latest large retailer, bank, or government agency breach, we overlook the large amount of data that non-profit organizations store. This data would make an attractive target for any would-be attacker, and often, this data is less protected than you may think.
Non-profit organizations are responsible for sensitive information such as credit card data, employee/volunteer personally identifiable information (PII), health insurance data, donor PII, and more. They often have limited resources to invest in network equipment, IT security personnel, and the latest software. With increasing cyber security threats, it is essential that non-profit organizations are taking proactive measures to reduce their risk of a breach. Here are five tips to strengthen your security posture.
1. Include Your Employees
All employees play an integral role in keeping your organization’s data safe. Educate your team on cyber security threats and ways they can help reduce your risk.
2. Training and Phishing Exercises
The best way to ensure your employees are equipped with the knowledge needed to safeguard data is to routinely send out surveys and mock-phishing emails and track their progress.
3. PCI Compliance Checks
If your organization processes credit card transactions, familiarize yourself with the appropriate PCI-DSS requirements and perform a PCI self-assessment or obtain the services of a qualified PCI assessor.
4. Keep Your Devices Up-to-Date
Many vulnerabilities we find during client assessments are related to out-of-date software applications, so it is important that organizations apply the latest updates for their operating systems and applications and that anti-virus protection definitions and malware software are updated regularly.
5. Think Longterm
Just how you would undergo a financial audit each year, organizations should be performing regular network vulnerability assessments on at least a semi-annual basis. These scans allow insight into what vulnerabilities have been addressed and where new ones have emerged.
Use these five tips as a guide for your cyber security strategy. To help get you started, download our 5 Tips to Detect Phishing Emails guide and share it with your employees. Also, feel free to contact us if you would like to discuss your organization’s cyber security strategy further.
