October 31st may be reserved for ghosts, goblins, tricks and treats – but ALL of October is officially Cybersecurity Awareness Month. It’s a collaborative national effort meant to raise awareness about the importance of cybersecurity and online safety. And when you’re tasked with either giving away massive sums of money to countless organizations or receiving grants and regular donations from people worldwide – cybersecurity becomes especially important. Imagine if a respected mega-donor realized their banking information, address, or other personal information had been lifted from your records. The consequences could certainly be scary. So read on and learn about a few of our best tips to keep your data safe; because trust us, you do not want to be tricked by a nasty phishing scam!
1. Train Your Team
It’s likely that most of your employees are not thinking about cybersecurity every day and may be unaware of the risks specific to your organization and its data. , So it’s the responsibility of your organization to ensure that everyone is aware of your particular security protocols, key cybersecurity terms, how to recognize scams, what a strong password looks like, and more. Most importantly, make sure everyone understands why this extra vigilance matters.
Invest in cybersecurity awareness training. Make sure each employee takes the training as soon as they join your organization and re-test all team members each year. Make ongoing training non-negotiable at your organization. IT might just spare you from some unpleasant surprises down the road. One option for cybersecurity awareness training and resources is the TAG network – they just completed a cybersecurity “Ask Me Anything” with Phil Stupak, who handled cybersecurity, technology research, and development at the Obama Administration.
They say two is better than one, and this is definitely true in the case of two-factor authentication (2FA). 2FA is the act of reconfirming your identity after password entry. If it’s enabled on your email it may look something like this: you enter your password and a code gets sent to your phone, you then enter this code as the final step in your login process. So wherever your sensitive or important information resides, enable two-factor authentication to stay protected. In fact, 2FA is considered “the single best thing for consumer security since antivirus.”
3. Move to the Cloud
Some people may still feel trepidation keeping sensitive information in the cloud, but believe me, the cloud is far more secure than papers stuffed in file cabinets; and if your grant activities, donor files, and more are in Word and Excel documents being passed back and forth via email, your organization’s data is exposed to cyber risk. Consolidating your information into a cloud-based system with rigorous administrative and login privileges will help you keep track of your data and work reliably. If you’re unsure about what cloud provider your grants management platform uses – ask!
Amazon Web Services (AWS), for instance, comes with layers of security protocols that are designed to detect unusual or unauthorized activities and conditions. These tools monitor server and network usage, portscanning activities, application usage, and unauthorized intrusion attempts. They also have the ability to set custom performance thresholds for unusual activity. Try doing that via email or with paper docs in a file cabinet!
4. Secure Your Wireless Network
Protecting your wireless network is critical in order to protect your data. A great way to do this is ensuring that your wireless network is secure with a passphrase – it’s longer and more complicated than a password, and therefore harder to crack. It’s also recommended to change your passphrase periodically. Lastly, make sure your employees understand that when working and accessing your sensitive data, they should be on a secure network, not using the free WiFi at an airport or local cafe.
5. Check Your Permissions
If you’re using a secure cloud-based grants management system (and even if you’re not), make sure that the only people seeing sensitive information have the credentials to do so. Administrative privileges should be doled out carefully - and information should only be able to be accessed by the people who need to see or use it. Protect your donors, your team, and your organization by limiting access to data to those who need to see it. The only way to limit the possibility of an accident, say a well-meaning volunteer or intern falling victim to a phishing scam is to encrypt sensitive information and keep it safe!
So, as you partake in the festive frights of the season, avoid the real scares that a breach or hack can bring. Stay safe in your digital domains!
Want even more security tips? Read our 5 Steps to Creating a Failsafe Data Security Plan for Your Foundation whitepaper.