10 Cybersecurity Tips For St. Louis Nonprofits

10 Cybersecurity Tips

Keeping on top of your tech needs isn’t always easy, especially where cybersecurity is concerned. Major cyber threats are just as likely to target nonprofit organizations as they are healthcare practices or law firms, yet many nonprofits aren’t giving their cybersecurity enough consideration.

Keep these 10 tips in mind to enhance your cybersecurity:

1. Have A Plan.

Consult with your IT company in St. Louis and put a plan in place to make sure that your data is protected both in storage and transit. Hackers are looking to capitalize on your members’ confidential data, and you can’t afford a data breach.

There is a range of flexible and affordable options for this that your St. Louis IT company can implement for you. You shouldn’t be worried as long as they implement enterprise-based cybersecurity solutions and a layered defense that can automatically block and eliminate the latest threats.

You should also develop a Security Policy. This Policy should begin with a simple statement describing the information you collect about your members and donors and what you do with it. It should identify and address the use of any Personally Identifiable Information (PII) and how to keep it private.

2. Have Someone Take The Lead.

Appoint a reliable staff member to liaison with your St. Louis IT company and make sure that your employees and volunteers strictly adhere to your cybersecurity plan.

Along with your IT professionals, this person will be your point-of-contact to make sure you are adhering to IT security-compliance regulations and standards so you can stay in good standing with governments and donors.

3. Anticipate Cybercrime.

It’s essential that you determine exactly what data or security breach regulations could affect you. You need to know how to respond to data loss. All employees and contractors should be educated on how to report any loss or theft of data, and who to report to.

Data loss can expose you to costly state and federal regulations and litigation. You must be able to launch a rapid and coordinated response to a data breach to protect your reputation.

Your plan should include input from all departments that could be affected by a cybersecurity incident. This is a critical component of emergency preparedness and resilience. It should also include instructions for reacting to destructive malware. Additionally, departments should be prepared to isolate their networks to protect them if necessary.

4. Don’t Forget About Disaster Recovery & Business Continuity.

You must have a backup copy of your data if it’s stolen or accidentally deleted.

Develop a policy that specifies…

What data is backed up
How often it’s backed up
Where it’s stored
Who has access to the backups

Backup to both an external drive in your office and a remote, secure, online data center. Set backups to occur automatically. And make sure your backup systems are encrypted.

5. Train Your Staff.

Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don’t, and thus present a serious threat to your security.

So, which is it? Do your employees and volunteers have the knowledge they need to spot cybercrime scams, avoid common pitfalls and keep your data secure?

Security awareness training helps your employees and volunteers know how to recognize and avoid being victimized by phishing emails and scam websites.

They learn how to handle security incidents when they occur. If your employees and volunteers are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.

6. Manage Your Passwords.

Passwords remain a go-to tool for protecting your data, applications, and workstations.

They also remain a common cybersecurity weakness because of the careless way employees go about trying to remember their login information. Weak passwords are easy to compromise, and if that’s all that stands between your data in the cloud and in applications, you could be at serious risk for a catastrophic breach.

Unfortunately, many users often opt for a weak password that’s easy to remember, rather than a strong one they’ll forget.

The good news is that there is a way to get the best of both worlds.

One of the best ways to maintain complex passwords is with a password manager. Password managers are the key to keeping your passwords secure.

A password manager generates, keeps track of and retrieves complex and long passwords for you to protect your vital online information. It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option.

Plus, it provides answers to security questions for you. All of this is done with strong encryption that makes it difficult for hackers to decipher.

The most popular Password Manager available today is likely LastPass. This solution consistently ranks high against its competitors‘ thanks to its free, premium and family versions, a range of features, and pedigree of quality. More than 13.5 million people and 43,000 businesses use LastPass and its range of features:

This manager creates long, randomized passwords that protect against hacking
It will sync your passwords with all of your devices, including your smartphone
This will save you time when shopping online by completing forms with my address and phone number
It also provides two-factor authentication using your mobile device
Storage for unlimited logins
Automatic form completion
Biometrics (finger and thumbprint reading) for access

7. Manage Your Software Updates and Patches

Did you know that one of the most common ways that cybercriminals get into a network is through loopholes in popular software, applications, and programs?

Despite how advanced modern software is, it is still designed by humans, and the fact is that humans make mistakes. Due to this, much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.

Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.

This is why it’s imperative that you keep your applications and systems up to date.

Unfortunately, most users find updates to be tedious and time-consuming and often opt to just click “Remind Me Later” instead of sitting through an often-inconvenient update process.

Comprehensive and regular patch management is a crucial part of proper IT security. Some of the worst data breaches are based on “zero-day exploits”, which are based on exploits found by hackers but not by the developers, leading to severe security risks and an immediate need for patching.

8. Conduct Regular IT Inventory Assessments.

Determine how your data is handled and protected. Also, define who has access to your data and under what circumstances. Create a list of the employees, volunteers, donors or contractors who have access to specific data, under what circumstances, and how those access privileges will be managed and tracked. You must know precisely what data you have, where it’s kept, and who has rights to access it.

9. Implement a Mobile Device Management Policy

This type of comprehensive policy dictates how your employees can use their personal devices for work purposes, dictating which security apps should be installed, and what best practices need to be followed.

An effective MDM policy should also instill safe and secure practices for employees that use personal devices for business purposes. Key considerations include:

Decide When And How Mobile Devices Will Be Used.
Integrated into your internal network, these devices can be used to access, store, transmit, and receive business data.

You’ll need to have policies in place to regulate how employees use their devices to interact with sensitive data. Take the time to consider the risks associated with mobile device use, such as the potential for devices containing business data to be lost or stolen, infected with malware, or the potential for accidental disclosure of confidential information through sharing a device with a family member or connecting to an unsecured wireless network.

Consider How Mobile Device Use Can Pose Risks To Your Data.
A risk analysis will help you identify vulnerabilities in your security infrastructure, and help you determine the safeguards, policies, and procedures you’ll need to have in place

Whether the devices in question are personal devices or provided by your St. Louis IT company, you will still need to have a clear idea of how they’re being used to communicate with your internal network and systems

Assessments should be conducted periodically, especially after a new device is granted access, a device is lost or stolen, or a security breach is suspected.

Develop, document, and implement mobile device usage policies and procedures. Policies that are designed for mobile devices will help you manage risks and vulnerabilities specific to these devices
These policies should include processes for identifying all devices being used to access business data, routinely checking that all devices have the correct security and configuration settings in place, whether or not staff can use mobile devices to access internal systems, whether staff can take work devices home with them, and how you will go about deactivating or revoking the access of staff members who are no longer employed.

10. Get Your St. Louis IT Company To Do The Following For You…

Protect Your Networks With Firewalls: Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two. A firewall inspects and filters incoming and outgoing data in the following ways:

1. With Packet Filtering that filters incoming and outgoing data and accepts or rejects it depending on your predefined rules.
2. Via an Application Gateway that applies security to applications like Telnet (a software program that can access remote computers and terminals over the Internet, or a TCP/IP computer network) and File Transfer Protocol Servers.
3. By using a Circuit-Level Gateway when a connection such as a Transmission Control Protocol is made, and small pieces called packets are transported.
4. With Proxy Servers: Proxy servers mask your true network address and capture every message that enters or leaves your network.
5. Using Stateful Inspection or Dynamic Packet Filtering to compare a packet’s critical data parts. These are compared to a trusted information database to decide if the information is authorized.
Monitor For Intruders: Use measures like Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), and anti-virus software to help you detect IT security events in their early stages. This provides 24/7 detection and response to security threats.
Secure Remote Access With A VPN: One of the most proven techniques to make sure your data is safe is to use a virtual private network (VPN), which will give you back control over how you’re identified online. A VPN creates a secure tunnel for your data to transit the Internet, using a network of private servers.
When you use a VPN, your data is encrypted, or hidden, as it moves from your device to the VPN and then continues onto the Internet through what’s called an exit node. A VPN creates the appearance that your data is coming from the VPN server, not from your device.

That makes it harder for an attacker to identify you as the source of the data – no matter whether you’re on your mobile device’s data connection, or using an unsecured retail Wi-Fi network while you’re in line for coffee. Even if attackers can intercept your data, the encryption means the attackers can’t understand your data or use it to their advantage.

When you put your data out to the VPN server, it exits back out to the public internet. If the site you’re visiting has HTTPS to keep the connection safe, you are still secure.