As news of data breaches reach new heights, there are times we, as small non-profits, hold a false sense of security. Although hacking large corporations make headlines, that does not mean we are immune.
Start your new year by reviewing the steps you have implemented and documented to secure your organization's reputation and funding beginning with us, the board of directors.
"This presentation outlines 4 basic areas of focus to mitigate potential threats. mitigate potential threats:
• Using your organization's email account
• Employing anti-virus software
• Securing accessible board documentation
• Providing a relevant database"
2. What is a Cyber Security
Threat?
Susanne Petersson 2
3. What is a Cyber Security
Threat?
An unauthorized
attempt to access
electronic data and
communications
Susanne Petersson 3
4. What is the Potential
Harm?
Access to private on-line activity
Usage of credit/debit accounts
Reduction of non-profit
funds
Data hijack for ransomSusanne Petersson 4
14. Your Non-Profit Identity
The email address provided by
your organization is your identity
Act as representative
for your organization
Susanne Petersson 14
15. Your Non-Profit Identity
Use your email
Perform organization-
related activities
Avoid forwarding to a
personal address
Susanne Petersson 15
16. Setup Non-Profit Email
Susanne Petersson 16
Many on-line providers
offer low-cost email
with your non-profit’s
domain address:
myname@nonprofit.org
17. Setup Non-Profit Email
There are no excuses –
Separate your non-profit
from other activities
Susanne Petersson 17
18. Setup Non-Profit Email
There are no excuses – only
benefits!
Add an extra touch of
professionalism to your
communications
Susanne Petersson 18
19. Secure Passwords
Create secure passwords
Different from your
other on-line email or
business accounts
Change passwords
often
Susanne Petersson 19
20. Secure Passwords
Use secure passwords for
Your non-profit email
address
Sites accessed using
non-profit email
account
Susanne Petersson 20
26. Load & Activate
Anti-Virus Software
Every device used
for board-related
activity
All board members,
and associates who
act on their behalfSusanne Petersson 26
32. Secure Documents
On-Line
Provide a secured portal
Often space is included
by the email provider
Documents automatically
backed-up in the ‘cloud’
Susanne Petersson 32
33. Documents readily
Available
Access the secured portal
Available whenever and
wherever needed
You have less to carry to
meetings
Susanne Petersson 33
34. Structure Document
Access
Setup accessibility by folder
Determine what papers
and records available to
all board members
Susanne Petersson 34
35. Structure Document
Access
Organize documents by folder
Provide ample individual
rights for research and
decision-making
Susanne Petersson 35
36. Distribute Your
Documentation
Post updates on-line
Designate a responsible
party – by committee,
document type
Announce the update(s)
Susanne Petersson 36
37. Appoint a Site
Administrator
Manage processes, troubleshoot
issues
Document organization
Board member access
Software integration and
updates
Susanne Petersson 37
39. 3rd Party Suppliers are
Integral Partners
Suppliers are utilized in many
areas, such as
Database
Telephone
Delivery
Internet
Susanne Petersson 39
40. Suppliers are their own
distinct Businesses
Many programs you
use are controlled
by another business
and, possibly…
... a program may, one day, be
hacked!Susanne Petersson 40
42. Focusing on Your Data …
Provide access capabilities based
on board member need
Administration
Updating
Read-only
Reports
Susanne Petersson 42
43. Setup a valued Database
Designate an Administrator to
Assign user access by
role/need
Review software updates
Address user queries
Monitor activity
Susanne Petersson 43
44. Protect Your Database
Establish board member rights
Some require the ability
to add or edit data
Others simply need read-
only capabilities
Susanne Petersson 44
45. Limit Database Access
Board members who require the
occasional report have 2 options:
1. Manual process: a user
with access runs, then
sends/posts
Susanne Petersson 45
46. Limit Database Access
Board members who require the
occasional report have 2 options:
2. Auto-process: generates
and sends/posts to an
accessible location
Susanne Petersson 46
47. Limit Access by Others
Properly Log In and Log Out of
every application
Follow established
protocol by program
Only ‘X- out‘ as outlined
in this document
Susanne Petersson 47
Log out
48. Trust Your
Experience & Processes
If the software
program behaves
suspiciously, it
may be a threat –
Susanne Petersson 48
49. Database provides an
unexpected Response
A. Close ‘X- out’ of the software
B. Launch your anti-virus
C. Advise your administrator
Susanne Petersson 49
59. Thank You !
As board secretary of a small non-profit, I
follow these measures to secure
documentation and processes. Following
these steps also ensures accessibility to
relevant details for thoughtful and informed
decision-making.
60. Read more on Twitter @SusannePresents
Remain current by following discussions at
#cybersecurity, #cyber, #risk, and #IoT
Susanne Petersson
Board Secretary, Chicago Art Deco Society