Ian Gottesman is CEO of a coalition of 200+ NGOs and 20 major IT companies working together to improve cybersecurity for the nonprofit sector (NGO ISAC). He has decades of experience in executive roles in nonprofit cybersecurity in a variety of organizations.

In these challenging times for the nonprofit sector generally, many nonprofits are taking a harder look at their cybersecurity policies to better protect their organization and staff. Community IT recommends getting to a foundational level of basic cybersecurity, and you can download our free Cybersecurity Readiness for Nonprofits Playbook to learn what that means and how to put those basics in place. 

Three cybersecurity basics to think about: manage your identity, patch your hardware and software, and look out for phishing – train your staff. You will get 80% protection from just doing those three low cost things – why would you want to get 0%?

When your cybersecurity basics are in place, Ian recommends strengthening your nonprofit data retention policy and compliance as your first next step. Again, this is low cost in terms of your budget, but will have costs to your organization in terms of staff time and energy. So let this challenging moment motivate your team to take on a sorting-and-retaining-or-deleting project.

Some Key Takeaways:

• Cybersecurity Basics are not difficult and protect you from 80% of hacks.
  • Manage your identity. Accounts must be protected, your staff should be verifying they are who is supposed to be logging in.
  • Patch your hardware and software. The easiest way to do this is reboot – log out, restart, and log back in periodically. Your IT provider or internal IT staff should be patching as part of your cybersecurity strategy.
  • Look out for phishing – train your staff. More than 90% of attacks start out tricking a user into clicking a link. For more information on anti-phishing training, check out this webinar on Cybersecurity Awareness Training Tips.
• Cybercrimes are crimes.
  • Don’t feel that you were responsible for your own victimization. Clicking on links happens. Huge companies fall for scams. Encourage a culture of openness and sharing around cybersecurity best practices and incident response planning.
  • Make sure your nonprofit culture embraces a team approach to cybersecurity, and that everyone on your staff knows to tell someone when they see something suspicious or make a mistake, and who to tell. 
  • Holding cybercriminals accountable in every country should be a bigger goal for our governments and our laws. 
• Nonprofit Data Retention Policy is a valuable project now.
  • Remind your staff not to put in writing in any device or app something they would not want to be public about your organization
  • Creating and monitoring compliance with a nonprofit data retention policy does not require expensive tools but it does require the time and energy of your staff. Avoiding unnecessary reputational risks is worth it. 
  • Make sure your nonprofit data retention policy covers emails and messaging in addition to documents and files.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.