October is National Cybersecurity Month in the US, but it really deserves to be a year-round effort. The huge shift to working from home has made 2020 an especially tough year for cybersecurity. If it seems like your workplace security requirements keep getting more onerous, it's because they need to be — attacks are getting more prevalent and serious.
Please take a moment to thank the people who help you with your computer and network security. They've done a ton of extra work this year to set up secure remote access, maintain computers remotely, and keep data safe for you and your constituents.
There are endless lists of cybersecurity tips and it can all be rather overwhelming. Here are our top security tips that nonprofits should tackle first:
- Be alert for phishing: Phishing, or social engineering attacks, are a leading cause of data breaches and ransomware attacks. Be alert for anything that might be slightly off with any link, email attachment, text message, web page or phone call. If the nature of the message involves security or finances, call the person and verify the origin of the message with them.
- Set strong passwords: Use a secure password manager (we like KeePassXC) so you can easily create strong passwords that are unique for every service you use. What's strong? Length is the most important characteristic, followed by upper- and lower-case letters, numbers, and symbols.
- Secure your donor database: In addition to setting strong passwords, require two-factor authentication (2FA, sometimes called two-step verification) for all logins to your donor database. This generally means receiving a text message with a one-time numeric code, or a security code generated on an app, that is then use to complete the login process. If your provider doesn't offer 2FA yet, request it. Review and remove access from past staff or board members. Lastly, use group permissions so that each person can only access what they need, rather than all data.
- Install antivirus and firewall on every device: Every device needs it's own little protective shell. Even if a particular device is considered to be less prone to viruses, it's inside your network and able to spread an attack to your work PC. Good antivirus software can also help detect phishing attacks. While Apple's iOS isolates apps from each other on your iPad and iPhone (as long as you don't jailbreak your device), you'll still benefit from an app that blocks phishing websites and alerts you to unsecure Wi-Fi networks.
- Keep your device's software up-to-date: Don't ignore those alerts or postpone software updates, as they're often security-related. Set your phone to auto-update apps, as well. Only install apps and software from trusted sources, such as Google Play and the Apple App Store. Remove apps that you're no longer using.
- Make backups: You might think of backups as being most useful in the case of a hard drive crash, but they also play a vital role in recovering from viruses and ransomware attacks. Backups can get complicated and expensive. An online backup service like Backblaze or iDrive simplifies things, and gets a copy of your data safely away from other hazards, like fires, floods and computer theft.
- Secure your home Wi-Fi network: Your link to the internet is that little black box with blinking lights. But it's also a computer, and often overlooked when it comes to cybersecurity at home. Enable WPA-2 encryption with a strong password; create a guest network for visitors; disable unnecessary protocols, services, and remote access methods; update the router's firmware; and change the default "admin" password. If you don't have IT support, your Internet service provider (ISP) may be able to help.
- Don't forget your website: Your website runs on a computer, too. Make sure your website provider keeps the software up-to-date, makes nightly backups, protects security and privacy with an SSL certificate (https), and provides a secure online donation form. Ecopixel's website services for nonprofits include all of these things, plus great web design and ongoing support for website editors.