As news of data breaches reach new heights, there are times we, as small non-profits, hold a false sense of security. Although hacking large corporations make headlines, that does not mean we are immune. Start your new year by reviewing the steps you have implemented and documented to secure your organization's reputation and funding beginning with us, the board of directors. "This presentation outlines 4 basic areas of focus to mitigate potential threats. mitigate potential threats: • Using your organization's email account • Employing anti-virus software • Securing accessible board documentation • Providing a relevant database"

1. Susanne Petersson
Board Secretary, Chicago Art Deco Society

2. What is a Cyber Security
Threat?
Susanne Petersson 2

3. What is a Cyber Security
Threat?
An unauthorized
attempt to access
electronic data and
communications
Susanne Petersson 3

4. What is the Potential
Harm?
Access to private on-line activity
Usage of credit/debit accounts
Reduction of non-profit
funds
Data hijack for ransomSusanne Petersson 4

5. Which Organizations are
being Targeted?
Businesses of all
sizes have been
attacked
Susanne Petersson 5

6. Successful attempts
against well-known
companies make
world headlines
And yet ..
Susanne Petersson 6

7. Any Organization – Yours,
or one with which You do Business
could be Hacked
Susanne Petersson 7

8. Should my Non-profit be
Concerned?
Susanne Petersson 8

9. Should my Non-profit be
Concerned?
Susanne Petersson 9

10. Susanne Petersson 10

11. Discover how to
increase Cyber-
Security
at Your
Non-Profit
Susanne Petersson 11

12. 1. Organization Email
2. Anti-Virus Software
3. Board Documentation
4. Database
Management

13. Organization Email

14. Your Non-Profit Identity
 The email address provided by
your organization is your identity
 Act as representative
for your organization
Susanne Petersson 14

15. Your Non-Profit Identity
 Use your email
 Perform organization-
related activities
 Avoid forwarding to a
personal address
Susanne Petersson 15

16. Setup Non-Profit Email
Susanne Petersson 16
Many on-line providers
offer low-cost email
with your non-profit’s
domain address:
myname@nonprofit.org

17. Setup Non-Profit Email
 There are no excuses –
 Separate your non-profit
from other activities
Susanne Petersson 17

18. Setup Non-Profit Email
 There are no excuses – only
benefits!
 Add an extra touch of
professionalism to your
communications
Susanne Petersson 18

19. Secure Passwords
 Create secure passwords
 Different from your
other on-line email or
business accounts
 Change passwords
often
Susanne Petersson 19

20. Secure Passwords
 Use secure passwords for
 Your non-profit email
address
 Sites accessed using
non-profit email
account
Susanne Petersson 20

21. Secure Passwords
 Manage secure passwords
Consider a password
management program:
 LastPass.com
 1Password.com
 Dashlane.com
Susanne Petersson 21

22. Email Activity
 Follow protocol
 Setup strong rules to
block unwanted mail
 Open only trusted
attachments
Susanne Petersson 22

23. Trust Your
Anti-Virus Software
If an email or
sender looks
suspicious, it
probably is –
Susanne Petersson 23

24. Beware of suspicious
Email
A. Close the email message
B. Mark as “SPAM”
C. Empty your SPAM folder
Susanne Petersson 24

25. Anti-Virus Software

26. Load & Activate
Anti-Virus Software
 Every device used
for board-related
activity
 All board members,
and associates who
act on their behalfSusanne Petersson 26

27. Trust Your
Anti-Virus Software
Something
unusual has
occurred –
Susanne Petersson 27

28. Trust Your
Anti-Virus Software
A severe warning
appears
Receive an unexpected
response within a
trusted site
Susanne Petersson 28

29. Trust Your
Anti-Virus Software
This may be a
ploy to access
your hardware or
data!
Susanne Petersson 29

30. Use Your Trusted
Anti-Virus Software
A. Exit where you are signed in
B. Launch your anti-virus
C. Advise your administrator
Susanne Petersson 30

31. Board
Documentation

32. Secure Documents
On-Line
 Provide a secured portal
 Often space is included
by the email provider
 Documents automatically
backed-up in the ‘cloud’
Susanne Petersson 32

33. Documents readily
Available
 Access the secured portal
 Available whenever and
wherever needed
 You have less to carry to
meetings
Susanne Petersson 33

34. Structure Document
Access
 Setup accessibility by folder
 Determine what papers
and records available to
all board members
Susanne Petersson 34

35. Structure Document
Access
 Organize documents by folder
 Provide ample individual
rights for research and
decision-making
Susanne Petersson 35

36. Distribute Your
Documentation
 Post updates on-line
 Designate a responsible
party – by committee,
document type
 Announce the update(s)
Susanne Petersson 36

37. Appoint a Site
Administrator
 Manage processes, troubleshoot
issues
 Document organization
 Board member access
 Software integration and
updates
Susanne Petersson 37

38. Database
Management

39. 3rd Party Suppliers are
Integral Partners
 Suppliers are utilized in many
areas, such as
 Database
 Telephone
 Delivery
 Internet
Susanne Petersson 39

40. Suppliers are their own
distinct Businesses
Many programs you
use are controlled
by another business
and, possibly…
... a program may, one day, be
hacked!Susanne Petersson 40

41. Be Proactive!
Do Your part to
secure Your Data
and Processes
Susanne Petersson 41

42. Focusing on Your Data …
 Provide access capabilities based
on board member need
 Administration
 Updating
 Read-only
 Reports
Susanne Petersson 42

43. Setup a valued Database
 Designate an Administrator to
 Assign user access by
role/need
 Review software updates
 Address user queries
 Monitor activity
Susanne Petersson 43

44. Protect Your Database
 Establish board member rights
 Some require the ability
to add or edit data
 Others simply need read-
only capabilities
Susanne Petersson 44

45. Limit Database Access
 Board members who require the
occasional report have 2 options:
1. Manual process: a user
with access runs, then
sends/posts
Susanne Petersson 45

46. Limit Database Access
 Board members who require the
occasional report have 2 options:
2. Auto-process: generates
and sends/posts to an
accessible location
Susanne Petersson 46

47. Limit Access by Others
 Properly Log In and Log Out of
every application
 Follow established
protocol by program
 Only ‘X- out‘ as outlined
in this document
Susanne Petersson 47
Log out

48. Trust Your
Experience & Processes
If the software
program behaves
suspiciously, it
may be a threat –
Susanne Petersson 48

49. Database provides an
unexpected Response
A. Close ‘X- out’ of the software
B. Launch your anti-virus
C. Advise your administrator
Susanne Petersson 49

50. Document Your
Expectations

51. Proactively Document
Log access
control of each
board member
Susanne Petersson 51

52. Proactively Document
Outline process
steps by board
member
Susanne Petersson 52

53. Proactively Document
Distribute to
board
Periodically review
the processes
Susanne Petersson 53

54. Will following these
ideas stop Threats?
Susanne Petersson 54

55. Will following these
ideas stop Threats?
No, nothing can STOP
unauthorized
access
Susanne Petersson 55

56. Good News for Your
Non-Profit!
Susanne Petersson 56

57. Good News for Your
Non-Profit!
Following these ideas
can reduce the
likelihood of
successful attempts
Susanne Petersson 57

58. 1. Organization Email
2. Anti-Virus Software
3. Board Documentation
4. Database

59. Thank You !
As board secretary of a small non-profit, I
follow these measures to secure
documentation and processes. Following
these steps also ensures accessibility to
relevant details for thoughtful and informed
decision-making.

60. Read more on Twitter @SusannePresents
Remain current by following discussions at
#cybersecurity, #cyber, #risk, and #IoT
Susanne Petersson
Board Secretary, Chicago Art Deco Society