1. Create a Strong Passphrase for a Password
The keys to making strong password are Length (the longer the better), a mix of upper- and lower-case letters, numbers, symbols, and no references to any personal info (hence the word “phrase” rather than “word”). Make sure you never include your pet’s name, the birthdays of you and your loved ones, parts of your home address, your name or a family member’s name, or any words related to your hobby/job.
2. Password Manager
If you are worried about remembering all these passwords, you can use a secure password manager application (make sure to vet the application first) and do not use autofill in google.
3. Don’t Reuse passwords:
Every single device, app, and website requires the use of a strong password. Once a hacker guesses one, they will try to use that password (and variations of that password) to hack into all your personal and professional accounts.
4. Enable Two-factor authentication
A system that uses single-factor authentication only requires the employee to provide a username and a password to gain access. The problem with single-factor authentication systems is that their level of protection depends solely on how secure an employee’s password is. Strong access security protocols, such as using passphrases for authentication or implementing strict password guidelines can be implemented to ensure employees are using strong passwords. Still, there is a limit to how secure the system can be. A system that uses two-factor authentication is more secure than one using single-factor because it requires an additional form of authentication to access it. If you have ever used a system that required you to verify your identity by inputting a code that was texted or emailed to you, then you have accessed a system using two-factor authentication. A system that uses multi-factor authentication requires a minimum of two forms of verification to access it. The more factors required to access the system, the more secure it is. However, it is important to make sure that there are not so many authentication factors required that impedes employees from being able to do their job.
5. Use Secure Cloud Serves
Cloud services allow you to securely store data. Using Cloud software can eliminate the risk of sharing data via unsecured emails or USBs.
6. Keep Software Up-to-date
Software updates are essential to ensuring the security of your systems, but not all updates are the same. Major updates should not be done without being properly vetted by your organization’s IT department. The types of updates that you are going to want to stay on top of are our minor and patch updates. To determine what type of update you are being asked to do, look at the version number. A version number consists of three groups of numbers separated by periods. An example of a version number you might see is 2.5.3. Here the major number is 2, the minor number is 5, and the patch is 3. Every time a new major or minor version is released the following numbers are replaced this allows you to determine the type of update without needing to know the prior version. So, if the software you are updating is version 3.0.0, it is a major update. If the update is version 3.4.0, then it is a minor update. Any time a number other than 0 exists in the third group, it is a patch update. Patch updates are used by developers to provide fixes for common bugs or to fix any flaws in the system’s security. While patches and minor updates are important to stay up to date on, patches are the most important because they could fix potential vulnerabilities in your current system. A good way to make sure you are keeping your system up to date is by using automatic updates. Most systems will only perform automatic updates on minor and patch updates and will require manual verification before doing any major updates.
7. Eliminate Data
A good way to minimize your organization’s risk is by reducing the information available to be stolen. This can be accomplished by establishing a data retention policy that outlines what types of data are actively being stored, how long that data should be stored, and how it should be destroyed or relocated at the end of that time. It is crucial to purge emails and files periodically to avoid how much information could be stolen if a breach occurs.
8. Don’t Use Public Wifi
Public Wifi networks are not necessarily secure. Next time you’re thinking of checking your bank account while running errands make sure to use your data and not public wi-fi, unless you are sure it is secure.
9. Educate your Staff
This is perhaps the MOST important step! Don’t underestimate the importance and power of educating your employees on cybersecurity risks and preventative measures. A well-informed staff who knows what to look out for can help to spot potential risks and take the steps necessary to hold each other accountable.
10. Run Phishing Tests
Phishing is a type of cyber-attack where an individual sends a fraudulent message to a recipient to try and trick them into sharing sensitive information with the sender or installing malicious software on the recipient’s device. Phishing tests are automated tests that send the employees in your organization phishing emails to assess the organization’s susceptibility to this type of cyber-attack.
11. Use a VPN
A great way to add an extra layer of protection to your nonprofit is by requiring all remote employees to use a VPN (Virtual Private Network) when accessing internal applications and data from off-site. A VPN encrypts your internet traffic and disguises your online identity. This makes it more difficult for cybercriminals to track your activities online and steal data. VPNs can also be used to create a single shared network across multiple locations. This means that if your nonprofit has two offices, both can use the same shared network system.
12. Perform Vulnerability Assessments and Audits
We keep a lot of important Data on our computers, which means all that data is consistently susceptible to online vulnerabilities. It is important to run routine assessments and check comp software to see where your holes are and prevent data breaches.
13. Watch what you email
Email is a great way to communicate but email does not encrypt data so make sure you aren’t sending secure information via email, and if you do need to password protect it or encrypt the file.
LEARN MORE IN THE SHORT VIDEO BELOW!
Jacob Lutz, CPA
Jacob joined Cerini & Associates in January of 2013 and has been actively providing tax, compliance, and business advisory services to a wide variety of both for-profit and non-profit clients.