Protecting Your Organization from Cyber Security Threats

Best Practices for Protecting Your Organization from Cyber Security Threats

By on Mar 4, 2022

Tagged:   

cybersecurity for nonprofits

Current world events have the globe on high alert. As the situation in Ukraine has continued to evolve, many governmental agencies have continued to release notices regarding the awareness of increased cyberattacks impacting various industries, and guidance to strengthen cyber security threat detection and response capabilities. Given this, your social good organization may be taking a fresh look at your cyber security practices to make sure you are well protected.

Here at Blackbaud, our Global Trust and Security Program is taking this matter very seriously, and the protection of our customers is top of mind. Below, you can find a series of high-level tips and reminders that your organization can leverage to ensure you are keeping cyber security in the forefront of your organization’s practices.

Eight Key Cyber Security Best Practices

Below are a few best practices to remind your organization of at any time, but especially in heightened threat scenarios.

  1. Enable Multifactor Authentication: Where possible, enable multi-factor authentication. Multi-factor authentication requires more than one way to identify yourself. If you have a phone these days, it’s likely you’re using multi-factor authentication to access it. Phones now use biometrics – your thumb or your face – to validate you are who you say you are in addition to your passcode. Multi-factor authentication can also come in the form of a security question, or a one-time passcode. Where it’s available to you, use it.
  2. Be Vigilant: If you receive an email, phone call or text message that feels odd, it probably is. Even if the origin of the contact seems authentic – a colleague, friend, your bank, etc. If the language is abnormal or if they’re asking you for confidential information, do not engage. Instead validate separately. Ensure your organization is aware of the various types of behavior to look out for:
    • Phishing – These are specific to an email form of deception used for malicious intent. The world of phishing has matured significantly since the days of emails from Nigerian princes. These days, phishing emails are incredibly difficult to detect. They replicate authentic brands, use seemingly legitimate URLS and no longer include such a sense of urgency or outward requests for money. Phishing emails often fit right into the normal construct of an email you’d receive.
    • Vishing – Vishing uses phone calls or voicemails for a similar art of deception. Imagine that you get a phone call from your bank telling you there’s been fraudulent activity on your account – that gets your attention, right? They then ask you to verify yourself before reviewing the activity – they ask for your social security number and address. That’s all a malicious actor needs to compromise your information. Vishing has been on the rise in recent years and is much more mature than a general spam call.
    • Smishing – You’re probably seeing a theme here. Smishing uses SMS – or what those of us in the normal world know as texting – to conduct fraudulent activity.
  3. Do Not Reuse Passwords: Remember, it’s likely that one of your passwords has been compromised at some point so you don’t want to fall victim to credential mining! Ensure your passwords are long and complex – it takes only minutes to crack an 8-character all lowercase password. If you make it 12 characters, it takes weeks. If you add 1 uppercase letter, it takes 5 years.
  4. Lock Your Devices: In this remote world, who knows who could either advertently or inadvertently do something malicious on your computer! All it takes is a child accidentally clicking on a phishing link on your computer to infect it.
  5. Use Secure WiFi: This applies when out and about or at home. Ensure the following to be safe:
    1. If you’re in a place that doesn’t have Secure Wi-Fi, use your phone hot spot to access the internet. Or ask if there’s another Wi-Fi network with a password. Otherwise, do not browse anywhere that you wouldn’t want others to see.
    2. Make sure you change the password on your home Wi-Fi router to make it personal.
  6. Restrict Access: Inevitably, companies have access to data and that data can be used against them! Data is incredibly valuable these days. The quickest and most efficient way to protect your data is to restrict access to only those individuals that need it to do their job.
  7. Train Your Staff – Be Security Aware! Your staff is your first line of defense from threats that could impact your company. Remember, 85% of breaches involve a human element. Make sure your staff understands the threat landscape and how to protect themselves and your company from a breach. To start, we recommend annual security training in addition to education around the threats of phishing.
  8. Implement Security Policies if you don’t already have one: Policies are critical to shaping a security posture and culture within your company. Policies set clear expectations of security practices and are easily digestible to your organization. They can include anything from password requirements to data management and ensure that any expectations you implement are measurable and enforceable.

 

Other Cyber Security Resources

The U.S. Cybersecurity Infrastructure & Security Agency has developed a program entitled “Shields Up” to assist organizations with preparation, response, and mitigation of potential cyber security threats. This program continually releases updates on industry guidance, that any organization can leverage to ensure appropriate protections and responses in the event of an incident of this level. For more information, please reference https://www.cisa.gov/shields-up .

Additionally, the below resources provide valuable information on creating a Cyber Security program within your organization:

 

For more information on Blackbaud’s Global Trust & Security Program, please also feel free to visit our website at www.blackbaud.com/security.

ABOUT THE AUTHOR

Ashley Wyand is the senior manager of Cyber Security Governance & Customer Trust at Blackbaud. She has been working in cyber security for the last 10 years, with a specific focus in governance, customer & sales enablement, and risk management. Previous to Blackbaud, Ashley led the Cyber Security Risk Management team at Constellation Brands. Ashley has a particular passion for helping enable non-technical teams to understand security principles, frameworks, and postures, which comes from her various experiences in IT, security, and network operations customer repair. When not working, she spends her time at the beach with her puppy, Jingles.

Comments (5)

  • JoAnn Strommen says:

    We recently started contacting all our vendor/partners requesting multi-factor authentication for users to get to our files.

    We also are expecting staff to lock computer when they leave their desk. Hard to get everyone in the habit. Especially critical for those with computers in public areas.

    Great reminders and tips!

  • Rosalinda Miguel says:

    Our organization has been receiving multiple scam calls and emails lately. It is also important to flag your IT department when you receive these.

  • Courtney says:

    Thanks for the sharing these best practices! A good reminder for anyone and everyone using technology.

  • Tom says:

    Good information to know and to share with others within our organization…

  • Amy Barker says:

    I am ging to share this with others in my development department. It’s a good article.

Leave a Reply

Your email address will not be published. Required fields are marked *