You have a lot of data! How can you keep your member and client information secure? What legal rules does you nonprofit need to follow when it comes to data hosting? What tools and apps won't get your in trouble?
We have four experts who will answer all your questions.
* Alejandra Brown: Introduction to privacy and overview of privacy and data residency rules that apply to BC nonprofits.
* Mack Hardy: Five practical things you can do to secure your online self. Policies, 2FA, password managers, and more.
* Damien Norris: A suite of curated tools that organizations can use to locally/securely replace the US owned cloud services in their lives.
* Kris Constable: IDVPN: a VPN for complying with justistional regulations.
4. ● What are the threats to
organizational assets?
● Who might unauthorized
stakeholders be?
● What are mitigation
strategies?
● Physical security
sufficient? 4
Threat Model
5. ● Everyone in the org needs to
share the security mindset
● Ensure on-boarding includes
security training
● Make an accessible security
policy
● Review and reassess
regularly as a team
5
Security Mindset and Training
7. ● Keep passwords secret
● Password quality
● Use a password keeper
● Use 2FA for key access
7
Passwords and 2FA
8. ● Make passwords longer
12-20+ characters
● Make passwords unique
● Don’t need to be able to
remember them
● Don’t email or store in
plain text
8
Password Quality
M@k3
B3tt3R
P@$$w0rd$
9. ● Team management of
credentials
● Access control
management by Vault
● Checks for duplicate and
weak passwords
● Generates strong
passwords
9
Password Keepers
10. ● Protect important
accounts with 2FA
● Shared access possible w
Google Authenticator
● Might feel like a hassle,
but so is losing your
domain or email provider
10
2FA - Two Factor Authentication
16. ● Monitor for know viruses
and malware with an
antivirus
● Use one across the
organization
16
Anti-Virus
17. ● Pi-Hole - DNS level ad
blocking
● Privacy Badger - EFF.org
ad blocker
17
Ad blocking and Trackers
18. ● Be wary of browser
extensions, app installs
● Be careful of what data is
disclosed to app providers
● Double check URLs in
email
● Use HTTPS urls
18
Preventing Phishing
19. ● Keep operating system
updates current
● Update Firmware on routers
● Update website codebase
regularly, budget for help
with this
● Monitor security disclosures
for platforms you use
19
Limit Zero-day exploits
21. ● Backup computers
● Keep offsite backups
● Automate backup process
● Test recovery from
backups
21
Backups
22. ● Clean up cloud storage, use
less services
● Delete old email accounts,
email with credentials, or
personally identifiable data
● CRM - keep active records,
archive older records
22
Clean your closet
23. ● Data Liability
- think about what data you
are storing, and why
- where is it stored?
- whats your disclosure risk?
- who is liable in the event of
breach
- what is the impact on your
constituents
- delegate some risk
● Consider insurance options
23
Liability and Insurance
24. ● Add a proxy / cache like
CloudFlare or Varnish
● Harden CMS login
● Add Captcha on forms
● Audit admin accounts
● Test your backups
24
Secure your Website