IT Security for Nonprofits 101

345 views

Published on

An introduction to IT security for Nonprofit organizations

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
345
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

IT Security for Nonprofits 101

  1. 1. An IntroductionIT Security for Nonprofits 101
  2. 2. 1. Introductions 2. The Security Landscape 3. 7 Easy Steps to Be More SecureOverview of Session 4. Resource Sharing 5. Q/A Questions Sprinkled Throughout
  3. 3. 1. Name 2. Organization 3. Mission 4. Approx. Number of Staff 5. Why are you here?Introductions • Get some idea of what security is about • It’s something I need to know about • Other reason?
  4. 4. User Oriented Levels of Security Web Cloud Network (WAN) Network (LAN) Workstation + Mobile
  5. 5. Security is all about Balance The Iron Triangle • Cost • Time • QualityBalancing Needs Main Factors for Most Groups • Limited Budget + Lack of Awareness • Forget to sharpen the saw • No good sources for information
  6. 6. QuestionWhat has your experiencebeen with balancing needs?
  7. 7. Seven Steps to a More Secure Organization 1. Keep All Software Updated 2. Get Enterprise Antivirus 3. Cultivate Aware Users 4. Balance Privacy, Security, and Productivity 5. Know Your Compliance Needs 6. Establish a Strong Password PolicyOverview 7. Stay Informed
  8. 8. 1. Keep Software Updated Workstation Software Updates • OS (Windows, Mac OS X) • Microsoft Office • Adobe (Acrobat, Flash, Air) • Browsers (Chrome, Firefox, IE) • Email Client (Outlook, Thunderbird) • Anti-Virus/Anti-Malware/Anti-Spyware • iTunes and Device Firmware • Remote Access/VPN
  9. 9. 1. Keep Software Updated Server Software Updates • BIOS • Device Drivers (Especially RAID) • Windows Server • Exchange Server (Email) • SQL Server (Database) • Endpoint Protection (such as Symantec) • Backup Software (such as BackupExec) • Proprietary Systems
  10. 10. QuestionHow does your team handleupdates?
  11. 11. 2. Get Enterprise Antivirus Techsoup – Symantec Endpoint Protection • $5/system • Server-based Management Option • Integrates with BackupExec • Anti-virus • Anti-malware • Anti-spyware • Firewall (Software) • Protect ALL Systems (Incl. Volunteer, etc)
  12. 12. QuestionWhat is your anti-virusexperience? Product story?
  13. 13. 3. Cultivate Aware Users Everyone is responsible for security! • Know your software • Read prompts, don’t just click Ok • Installation Approval Process • Dangers of USB Drives, Mobiles, iPods, etc • Explain why, not just how and what • Recruit your tech savvy users to help • Encourage them to speak up!
  14. 14. QuestionHow does your organizationcultivate an aware team?
  15. 15. 4. Privacy, Security, Productivity Balance is the key to Security • Be Real - If it ain’t used, it don’t work! • Be Honest – Tell users what to expect • Privacy – Tell users what you monitor • Balance Risk Prevention vs Recovery • Address Complaints with solutions
  16. 16. QuestionWhat are your privacyconcerns (org and individual)?
  17. 17. Know Your Compliance Needs • PCI (Payment Processing) • HIPAA (Medical Information) • SAS70 • SSAE165. Compliance • Funder/Grant Requirements
  18. 18. Secure Passwords: • At least 8 characters6. Strong Password Policy • At least one each of: • Uppercase Letter • Lowercase Letter • Number • Symbol (!@#$%^&*()) Example: P@ssw0rdsSuck!
  19. 19. Use a password database for ease • KeePass (Free and Open Source)6. Strong Password Policy • SplashID (Syncs between devices) Use browsers to store passwords • Set master password • Only on your system (which is password protected) Protect your systems and devices
  20. 20. QuestionWhat tips can you share forpassword success?
  21. 21. Top Resources for Security Information • NTEN • US CERT • Symantec7. Stay Informed • Techrepublic • Techsoup Security Forum* • http://501cybersecurity.com/* • EDUCAUSE* * Thanks to Robert Weiner for these resources
  22. 22. QuestionWhat resources do yourecommend?
  23. 23. Questions, Answers, Discussion Questions?
  24. 24. Sean Watsonsean@techeffectrocks.org919-373-4234

×