In this blog, Stephen Collinson from Secure Design Communications will give a few tips to help charity leaders to spend the correct amount on your cyber-security.
A narrated version of this blog is available at the bottom of the page.
Having been in cyber-security for as long as it’s been around, you will not be surprised to hear I’ve seen a considerable about of money spent needlessly. Spent usually in panic, after a breach.
Let’s face it: if data protection is broken, it is your head on the block. Making a sound decision is important. Too much can be as costly as too little. It is easy to spend more and more money for ever-diminishing returns.
Here are 25 years of experience in a double espresso. It will help you do the basics well and consistently. Adopting these basic rules will be like steel reinforcement in the concrete of your organisation. Of course, we begin with your people:
Don’t assume the use of common sense or perfection. People act differently when rushed, put under pressure or when facing difficulties outside the professional realm. So, it’s far better to repeat the basics regularly, than spend lots of money in a one-off training.
The cyber-security industry collaborates, always. There is a central information source of malware, virus and blacklisted IP addresses updated in real-time. All the cyber-security manufacturers subscribe to it. Completely new malware is rare, therefore a correctly configured firewall provides a number of vital foundational protections. Which leads us to the next rule.
Buy a next generation firewall service
It needs to be a current model, monitored 24/7 by security specialists and kept 100% up to date. It should protect network access, outbound destinations, email and your wireless network. As a general rule of thumb, if your firewall is over three years old, consider replacing it.
Secure Design Communications offers ACEVO members a free cyber-security health check and report. There is also a 15% discount on the firewall managed service.
Network access: use it, monitor it
That means VPN for remote workers, secure communications to cloud services, control of IoT (Internet of Things) devices, who can access which services on your network. Controlling who is allowed on your network and what they can access is a must. The ability to eject anyone and anything without an invite is vital. Keep in mind that, as a rule, IoT devices have little integral security.
Yes, you can, it is cheap and simple these days to encrypt your sensitive data: medical information, credit cards and other personal identifiers. Encrypt the hard drive of high-value employees.
Explore alternatives to passwords
Passwords are an enormous pain to us personally and a source of human weakness used by hackers to gain access to sensitive data. Try to replace them: there are a number of dual factor authentication solutions.
Security is a specialist area, which changes very quickly
Every organisation should have access to security specialists. You might not need an analyst or chief information security officer full time, but do use cyber-security as a service to fit your needs and budget. Include them in your business strategy meetings.
Shred the paperwork
Disposing of technology is important stuff. Don’t think that wiping or resetting your technology deletes data on the hard drive. It is still there and can be recovered. Dispose of it with a company that certifies destruction. With the added benefit that often, money can be earned from the disposal of laptops, pcs and smart devices. An organisation’s cyber-security needs are wide. We know it is demanding. Often multiple companies are used to fulfil what is actually a single need. Our philosophy is to simplify the whole process.
The time is past when security can be included as an afterthought. It must be secure by design, integral to the service and strategy. That is why Secure Design Communications have best of breed services covering all the items in this blog, with pay per month partnership agreements. You can set an appointment to speak to me directly!
Image by rawpixel.com