Cyberattacks against small and midsize organizations have increased from 11 percent to 15 percent in 2020, according to an Avast survey. Nonprofits are no exception to this alarming trend, which results in lost productivity, damaged reputations, and serious financial implications. Whether you’re a one-person IT team or a nontechnical concerned stakeholder, this webinar will help you
- Protect your organization from common malware attacks
- Set up a strong cybersecurity strategy for your organization
- Identify solutions to help minimize cyberattack risks
5. Cyberattacks on the Rise: Is
Your Nonprofit Prepared?
Presented By Tom Davis & Paul Fenwick
Avast Business
6. Avast Business
• A division of Avast, one of the world’s largest
security companies in the world
• The most advanced and geographically
dispersed threat intelligence network
• Largest antivirus developer for Windows
systems (source: Statista)
• Smarter data, deeper, inspection, and faster
detection without slowing down devices
• More than 740,000 businesses protected
• World-class partner program
6
8. Protecting your charity from Malware
Malware infections can cause material harm to your systems. This might include disruption of
business services, unauthorised export of sensitive information or loss of access to critical data (eg
caused by ransomware)
These can be delivered through Email as an attachment, which will execute when opened. Or it could
be within email content or embedded links, that targets known individuals (known as spear phishing)
with access to sensitive information or roles with elevated privileges. Users can be infected as they
browse websites where malicious content with look to compromise the web browser to gain further
access to the device.
Antivirus software prevents this by scanning as these files or web pages are accessed, spotting
known signatures, which they receive regular updates on. This is very effective as it knows what to
look for but as cybercriminals and malware have evolved, we need more protection.
Current AntiVirus or Endpoint Protection software has much more advanced malware detection
methods which evaluate an object based on its intended actions before it allowed to execute. An
object’s attempt to perform actions that are clearly abnormal or unauthorized would indicate the object
is malicious, or at least suspicious.
9. Keep all your IT equipment and software up to date
For all your IT equipment (tablets, smartphones, laptops and PCs), make sure that the software and
device(s) operating system are always kept up to date with the latest versions from software
developers, hardware suppliers and vendors. Applying these updates (a process known as patching)
is one of the most important things you can do to improve security.
These updates or patches address vulnerabilities in the software which can effect the security of the
software and device. If this is not carried out, then we can have huge consequences such as those
seen in the 2017 with WannaCry.
It is also worth remembering that it is not just the Operating System that needs updating, all software
should be considered. Adobe Acrobat Reader, Google Chrome, Mozilla Firefox, Teamviewer and
many more have all recently released critical updates to address known vulnerabilities.
To ensure all these updates are done and can be reported on, it is easier to use a Patch Management
system, particularly when you consider the amount of devices you have and updates for each. To give
you an idea, there were 12174 security updates released in 2019.
10. Prevent successful Phishing Attacks
Phishing is a fraudulent attempt to obtain sensitive data by disguising oneself as a trustworthy entity.
Users are lured by communications purporting to be from trusted parties such as banks,
colleagues/executives, online payment processors, Telecoms companies, HMRC etc. This is often
done through email with a link to a fake website to then gather personal information to use for
financial gain.
These targeted attacks, can be at specific companies or individuals, known as Spear Phishing. They
harvest information through sources such as social media to craft these more relatable attacks,
understanding their intended target, pushing them for urgent action, through false legal threat or
overdue invoice etc. Hoping to scare or panic the target into releasing funds or financial data.
A useful tool is a DNS based security solution. Using a trusted central website indexing service (DNS)
that checks web content prior to allowing access, blocking any suspicious destination. This option
can also protect against access of inappropriate or illegal content or images.