According to the AICPA (American Institute of Public Accountants) over 90% of corporate breaches start with a phishing email. Unfortunately, far too many Non-Profit organizations do not have or know of a policy that identifies how their organization handles cybersecurity risk and data privacy. Cybersecurity is a real concern that all types of organizations, including all types and sizes of Non-Profits must address. Here are several cybersecurity tips from the AICPA.
Promote organization-wide awareness – Every member of an organization is responsible for security. Take the time to educate users on this fact and make security part of your culture.
Strengthen your passwords and use multi-factor authentication – Have a unique, complex password for every system you use. If you have trouble remembering multiple passwords, use a password manager to store them in a secure manner. Use multi-factor authentication (MFA) as a second layer of defense.
Make sure you install and update anti-virus software – At a bare minimum, have anti-virus software installed on every machine within the organization and keep it up to date. Updated anti-virus software can help prevent malware from infecting your machine or network if a user clicks on an infected link.
Install a SPAM and virus email filter – If you have a local email server, look into a SPAM and virus filter to prevent infected emails from getting to your users.
Install a firewall – A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.
Use caution when choosing service providers – Many small organizations are outsourcing their IT to managed service providers (MSP). For a monthly fee, the MSP will monitor and manage all or part of your IT infrastructure. Be sure to choose a Secure MSP. A Secure MSP is committed to following strict standards throughout their organization to ensure that they keep your business safe and secure. Look for a SOC Type II Audited service provider. A SOC Type II Audit is an audit of a service organization’s non-financial reporting controls as they relate to the Trust Services Criteria which is the security, availability, processing integrity, confidentiality, and privacy of a system.
If you are interested in discussing Cybersecurity for your organization, please contact Mike Green, Director of Sales, NET Xperts LLC at 412.244.NETX (6389)