Anyone handling sensitive information in this day and age needs to to have a solid security setup and a plan for when something goes wrong. This webinar aims to get you looking at your security with fresh eyes and give you an outline of an action plan.
5. WhatWe’ll Cover Today
• Imperfect Security
• Assessing Your Risk
• Common Risky Practices
• What Do You Do if You Experience a Data Breach?
• Establishing Policies for Your Organization
6. Poll Question
On a scale of 1-5, how concerned are you with
your data security?
11. Neither Will Your Nonprofit Status
Survey link:
Data thieves are
usually pros—they
don’t care who their
target is. If they can
steal valuable
information, they will.
12. Small Nonprofits Are Attractive Targets
• Fewer
resources
• Limited IT
security
• Not likely to
notice an attack
until much later
13. What Are Your Risks?
And what should
you do about
them?
Photo Credit: Women of Color in Tech Chat
15. It’s a Process
To understand the
risks and your
comfort with them,
you need to carry
out a thorough
assessment of
your data.
16. Inventory Your Data
Make a list on
sticky notes and
group them by
where the data is
stored (e.g., case
management
system).
17. Classify Your Information
• Confidentiality: Data
that can’t be
exposed.
• Integrity: Data you
can’t lose.
• Availability: Data you
can’t lose access to
for any period of time.
If you have data that’s not very high in any of these categories,
then it’s likely not essential to your organization.
18. Consider the Risks
Think through:
• What could happen to
your data?
• How likely is it to happen?
• How bad would it be if
something happened?
Photo Credit: Women of Color in Tech Chat
19. Into the Chat: What Risks Worry You?
Are there specific risks that keep you up at night?
22. You Can’t Control Access
• A personal device may
have additional users.
• Terminated employees
are likely to still have
organizational
information after
leaving.
25. What Can You Do?
• Provide virus and
malware software.
• Establish software
licensing policies.
• Provide devices for
work, if possible.
• Mobile Device
Management exists,
but is expensive.
26. 2. Lack of Password Management
Are a lot of people using weak passwords?
27. Bad Habits
• Sharing passwords.
• Reusing Passwords
• Not changing default passwords.
• Writing passwords on post-it notes.
• Trying to keep it too simple.
30. What Can You Do?
• Implement password
management
software such as
OneLogin.
• Dual-factor
authentication.
• Establish password
creation policies.
• Provide training.
31. 3. Consumer-Grade Cloud Storage
Is there a difference between Dropbox and Dropbox for business?
32. Hard to Control Access to Data
• Convenience
• Cost Savings
• Staff preference
34. What Can You Do?
• Use business-grade
Cloud storage and
set controls that limit
access to your data.
• Add-on services
such as BetterCloud
can also give you
deeper audit and
policy controls.
35. 4. Poor Backup Infrastructure
What if your office experiences a disaster?
36. Data Needs to Be in a Safe Place
If you have to
store it physically,
take your backup
off site.
The Cloud is a
great option for
backup.
37. Think Beyond Backup
It’s just one of many business continuity challenges. What will
you do if the data is unavailable for a period of time or you
experience a data breach?
38. What Can You Do?
• Regularly
schedule backups.
• Create incident
response,
business
continuity, and
disaster recovery
plans—and test
them!
39. 5. Poor Software Management
Is the software your team is using safe?
40. DIY Downloads Don’t Happen
It’s inconvenient, so
people are likely to skip
downloading patches
and updates.
41. Out of Date Software
Hackers keep up to date on
security holes and are always
looking for opportunities to
exploit them.
45. What if Someone Walks in the Door?
Would it be easy
to access or steal
computers?
46. What Can You Do?
• Take basic office
security measures.
• Lock computers to
desks.
• Institute a check
out policy for
shared devices and
keep them locked
away.
57. What Will Prevent a Breach?
Think of all the ways a breach
might occur. Write rules that
govern activities such as how
to create and handle
passwords or how files can be
stored and shared.
58. How Will You Respond if a Breach Occurs?
Map out a response
plan that includes
steps and roles for
data recovery,
business continuity,
and communications.
59. BYOD?
Write clear usage
guidelines for things
such as what security
software needs to be
installed and whether
your organization
provides IT support.
60. Policy Making Is Iterative
You’ll need to review
your rules and update
them periodically to
make sure they’re
addressing your
needs.
61. Policy Examples
Go to http://bit.ly/SecurityPolicyExamples to find examples and
templates that you can use as your starting point.
62. Additional Resources
Idealware and RoundTable technology have many resources
that can help you better secure your technology and data.
• What Nonprofits Need to Know About Security: A Practical
Guide to Managing Risk (Idealware)
• Incident Report Form (RoundTable)
• Backup, Data Recovery, and Business Continuity Primer
(RoundTable)
• Information Identification and Classification Template
(RoundTable)