Security is Not Convenient
How little things can make a big difference in keeping your data secure
Have you ever found yourself frustrated because of additional levels of security that have been implemented? Perhaps these thoughts have crossed your mind at some point—maybe even within the last week:
“Why do I have to get a text message with a code just to log in to a site that I visit every day?”
“Does multi-factor authentication really make that big of a difference?”
“Why does my spam filter block legitimate messages?”
We want convenience. Our lives are built around it. You can order a coffee from your phone and have it ready when you pull into the parking lot. Thousands of movies are readily available on our TV with a simple click of a button. Bills are automatically drafted out of your account without you having to do a thing.
When it comes to cybersecurity—especially when dealing with computers and technology systems within an organization—it is easy to get frustrated because true security is not convenient.
The bad news is that nearly every organization—and especially nonprofits—are going to be hacked at some point. It is not a matter of if you’ll be hacked, but when, and how impactful the incident will be. Threat actors take advantage of nonprofit organizations due to their lack of cybersecurity posture that most for-profit businesses possess. While a standard IT service contract includes support, protection software, and patch management, there are additional threats that baseline items can’t protect against. Nonprofits require comprehensive solutions that promote security for their crucial data. With a multi-layered approach, the risk of data loss and theft can be exponentially reduced.
Don’t believe us? Here are a few disturbing quotes and associated links:
“Nonprofits can be particularly attractive targets for fraudsters.” https://boardandfraud.com/2020/05/01/a-violation-of-trust-fraud-risk-in-nonprofit-organizations/
“In 2016, the Association of Certified Fraud Examiners published research indicating that, of the organizations they studied which fell victim to fraud, more than 10% of them were nonprofit organizations and 18.7% were governmental agencies. They posted average losses of $100,000 and $109,000 per incident, respectively.” https://www.nonprofitpro.com/post/why-nonprofits-are-more-vulnerable-to-fraud-than-for-profit-businesses/
“…a 2018 study that was drawn from a data set of more than 6 million users…found that nonprofit organizations have the highest percentage of “phish-prone” employees…” https://www.drizgroup.com/driz_group_blog/why-nonprofits-are-easy-targets-for-phishing-attacks
The good news is that security measures have been proven to work in keeping your data safe. While some IT managed services companies ignore this reality, bury their heads in the sand, and are woefully unprepared for detecting such incidents at all and dealing with the fallout afterward, Connect Cause is different. First, we provide services exclusively to nonprofit organizations, making our team uniquely qualified for understanding your mission and mitigating your risk. We have hired experts in cybersecurity and information security to architect solutions for those most vulnerable and susceptible to cyberattacks.
Not ready to hire outside help to mitigate the risks? Here are some other ways you can help keep your information secure.
Use strong and unique passwords for each account
While not always convenient to have to remember a bunch of different passwords, more and more people are seeing how picking a strong and unique password is an important step in keeping your account secure. Even with the strongest password, you still run a risk of hackers being able to get into your account. Enter multi-factor authentication.
Multi-factor authentication
Yes, this adds an extra step in your ability to log in, but it also adds an extra layer of security to your account by forcing you to prove your identity with something other than just a password. Sometimes there is an app that gives you a code, sometimes they will text you a one-time password. When it is set up correctly, multi-factor authentication significantly decreases the success rate of a cyberattack.
Spam filters—and handling them correctly
One of the common issues our Connect Cause technicians hear about is dealing with spam filters, specifically when a legitimate email gets flagged and caught by the filter—known as a false positive. Many people’s first reaction when that happens is to “allow-list” the domain so that it doesn’t happen again. While it seems like an easy and harmless fix, it can be detrimental to the security of your network because it opens your filter up to spoofing or phishing emails and other attacks. Instead, we suggest that you just go in and “release” the email into your inbox and check the settings on your spam filter to see why it may have been flagged. Common reasons include garbage character sets, adult phrases, bad headers, and weighted scores assigned by the filter.
The other side of this is a false negative, or when an email makes it through the filter that shouldn’t. Much like the false positives, users’ first reactions are generally to “block-list” the entire domain. One thing to remember is that making a decision like that changes the settings for the entire organization, so just because one user doesn’t want to get emails from Walmart.com or Amazon.com, adding them to the list of blocked domains will do so for the entire organization. Instead, creating a personal rule in Outlook may make more sense.
If you are a Connect Cause client, our qualified technicians can work with you to remedy the issue while maintaining the integrity of the security systems you have in place.
If you aren’t a Connect Cause client, here are a few key services that we offer:
- Security Awareness Training. Partnering with a capable IT team provides essential protection, but it’s important to prepare staff members for phishing schemes and other threats. Compared to those without a security training program, organizations can expect up to a 90% reduction in incidents by implementing formal Security Awareness Training.
- Advanced Email Threat Protection. Most email service providers lack sufficient security features. Due to evolving threats, phishing is becoming more prevalent and dangerous. With our advanced filtering services, you can eliminate corrupt emails before they even hit your inbox.
- Password Management and Darkweb Monitoring. Many of us are guilty of using the same weak password across multiple platforms and/or collecting them via spreadsheet for future reference. Pervasive data breaches put you and your constituents at high risk of hackers and identity thieves. With our password management and monitoring services, we provide preventative protection from password-related breaches.
- Cloud Backup Service. If you’re attacked with ransomware, all your files can be locked and eradicated. If a computer crashes with your vital data, cloud services such as Office 365 and GSuite will remove your data from their servers after a short time. By utilizing a comprehensive and encrypted backup solution, your data will remain secure and available for recovery.
Do you still have questions, or worry that your nonprofit organization is at risk? Schedule your complimentary tech assessment today to find out where and if you’re organization is vulnerable.
—www.ConnectCause.com—