If there’s one topic we love (and need) to revisit at Fluxx, it’s security. During her tenure as CEO, Madeline Duva penned a piece for Forbes on the importance of good security measures, and last Halloween we shared 5 tried and true tips for those of you who are spooked by cybercrime.
Most recently, we shared a survey with Fluxx clients in order to learn more about the security habits of their organization. The responses varied widely, and reminded us how it never hurts to refresh oneself on the best ways to keep you and your team secure.
Here are our top three must-implement recommendations. These are essential security tips that should not be ignored!
An eye watering truth about security in the digital world is that security is a matter of time and effort. Security hinges on consistent data protection. It takes commitment from everyone at your organization. And if you fail to stay vigilant, it’s only a matter of time before you experience an exposure, breach, or worse.
Conversely, investing time into educating yourself about prevention techniques and attack vectors only covers part of the problem. Advocate for organization-wide security training. This gives you more eyes to help protect your data and grantmaking process. The more team’s are educated on these issues – the more you can help protect yourself and others from common attack vectors. Phishing scams (where an attacker masquerades as a trusted co-worker hoping to dupe someone into opening an email or instant message that allows them access to your system, for example), are rarely targeted to one person. If all employees are on the lookout, then the likelihood is that these scams will fail.
So ask yourself – does this organization require security training for each team member? If the answer is no, be the voice of reason, and advocate for mandatory security training at your organization at least annually. Everyone, no matter what their role, should be required to put in the time to educate themselves. This can be as easy as requiring team-members to read and study these top 10 security awareness topics. This is especially important during the COVID-19 pandemic, which has led to a rise in email-related scams.
Does your organization have protections in place for distributed systems during this time of remote work?
Your organization should have a virtual private network (VPN) enabled, and required for employees whenever they access important work related information or systems. There are countless VPN services available that are within budget and effective, including these 5 recommendations from BestValueVPN.
No matter how remote your workforce, everyone should be required to access their work via a safe network.
One of the easiest (and best) ways to help your team stay secure, is to require multi-factor authentication (MFA). Two-factor authentication (2FA) is used ubiquitously and is part of the MFA ecosystem. This form of security is built on having two separate forms of security - something you know and something you have. To enter your mobile bank site, you enter the password (something you know). The bank then sends a code to your phone (something you have) and you enter that, proving that you have the phone.
When we surveyed funders about their security practices, we were dismayed to find that not many had enabled 2FA. Considering the fact that 2FA is applauded as “the single best thing for consumer security since antivirus,” we encourage all who read this blog to enable 2FA.
Need another reason to require 2FA for your team? The most commonly used password in 2020 is 123456 and the rest of the top 20 most common passwords of this year are also “laughably insecure” according to PC Mag. If you want to understand how bad this can be, Equifax was breached in 2017. In the ensuing lawsuit, it was alleged that “Equifax employed the username ‘admin’ and the password ‘admin’ to protect a portal used to manage credit disputes.” The breach settlement cost them $700 million, and approximately 165 million users were affected by the identity theft.
This year has brought us all countless challenges and stressors. Don’t let a security breach be one them. Please – take the time to advocate for good security practices at your organization. Staying secure takes time and effort, but it’s well worth it.
For more information read our 5 Steps to Creating a Failsafe Data Security Plan for Your Foundation whitepaper.
For those of us in information security, CIA is an acronym referring to the foundational pillars of InfoSec. Here's how to use it to stay secure.
This year approximately 200 foundations responded to the TAG 2018 State of Philanthropy Tech survey. Naturally, as a SaaS provider ourselves, we’re...
The Cynthia and George Mitchell Foundation is a mission‐driven grantmaking foundation that seeks innovative, sustainable solutions for human and...