In 2022 cyberattacks around the world increased by 38%, and this number continues to rise. Today it’s critical for not-for-profits (NFP) to take preventative action and prioritise cyber security practices that safeguard their daily operations, reputation, and data. For the latter, this includes protecting the sensitive information of donors and the very people their services support.
Our team has put together five essential tips NFPs can implement to build their cyber security and strengthen their defences online.
5 Cyber Security Practices NFPs Should Implement
1. Beware of phishing emails
Phishing emails are a common threat sent by cyber criminals impersonating a trusted individual or organisation. These fraudulent emails prompt users to click on malicious attachments or links that allow hackers to steal login credentials, credit card details, or other personal information. Successful attacks may result in financial loss, data theft, or identity theft.
A variation of this attack is spear phishing, which involves cyber criminals conducting research and collecting information about their target, allowing them to personalise emails to appear more legitimate. In 2022, there were over 4.7 million phishing attacks.
The following points can help to identify the email is fraudulent:
- It includes urgent requests to provide or confirm sensitive information, such as passwords or credit card details.
- The email address isn’t from a verified domain.
- There is poor spelling or grammar, or the company’s branding is inconsistent with previous emails you’ve received.
- There are suspicious links or attachments. To check links, hover over them to preview the destination address. If you’re unsure about the email, never click on links as they can direct you to malicious websites, or download attachments as they may contain malware.
If you’re still unsure, the safest course of action is to contact the company or individual directly.
2. Use secure passwords
When cyber criminals use a variety of tools to carry out password attacks, creating secure passwords is critical to strengthen your defences against these attempts. A concerning 51% of people reuse passwords for their work and personal accounts, which leaves these accounts vulnerable in the face of attacks including credential stuffing, which exploits password reuse. Weak or stolen passwords also make 81% of security breaches possible, so ensuring employees are following secure password best practices is critical.
A secure password should:
- Have 12 or more characters
- Use uppercase and lowercase letters
- Include numbers and symbols
- Not include your name or personal information, such as your birthday or year of birth
- Be unique – never reuse passwords
Alongside creating secure passwords, multi-factor authentication should be implemented – we discuss this more below.
3. Use Multi-factor Authentication wherever possible
Only 39% of NFPs in Australia have implemented multi-factor authentication (MFA). Why is it an essential practice to heighten your defences online? MFA requires more than a password to log in to your accounts, providing an additional layer of security that needs login attempts to be verified. This can be completed through an authentication app, a code sent via email or text message, or through biometrics. MFA is a powerful precaution that stops unauthorised access, and can help to keep accounts secure even in the case of a data breach.
4. Implement cyber awareness training for your team
Without the right information, staff are unable to recognise risks and leave NFPs significantly more vulnerable against cyber threats. In fact, an overwhelming 90% of cybersecurity issues are made possible by human error. Cyber awareness training keeps employees up to date with best practices and empowers them with the knowledge to identify and avoid threats, including phishing emails.
5. Ensure your systems, software, and hardware are up to date
Whilst regularly installing updates may seem like a chore, it’s an essential practice to heighten and maintain stronger cyber security. Alongside improving functionality, these updates address and fix security vulnerabilities that can otherwise be targeted and exploited by cyber criminals. To streamline this process, ensure automatic updates are turned on.
How Impact ICT Can Help
Ready to build the cyber resilience of your NFP? Don’t tackle cyber security alone, let our team of specialists identify and resolve vulnerabilities before building your online defences with fully managed cyber security services. This includes an integrated, holistic approach that harnesses custom-built security and threat management capabilities. We can help with:
- Cyber security – As well as identifying and resolving risks, we implement robust antivirus endpoint protection, anti-malware monitoring, cloud-based anti-spam tools, and our MDR (Managed Detection and Response) security system.
- Backup and recovery
- Essential 8 compliance
- Ransomware removal
- User awareness training