Just like in the physical world, there are people in the digital world that want to steal and destroy things, with no thought for the damage it might do.  A layered protection approach is required.

If your charity is the least protected, it will be the one that’s targeted. Below are the layers to consider. Expanded detail can be found here IT Security.

Humans!

Most hacks come via the easiest method.  That is the humans.  Unfortunately, people are the biggest threat to your IT security.  They are also the hardest element to protect against, because education takes time.  Education should begin as soon as possible, there are software tools for User Awareness training that should be considered.

Perimeter

Most security risks come from the internet, where most potential attackers operate.  Where the internet meets your own network is called the Perimeter.

Your perimeter needs to be protected.  Use a Firewall device that acts as a “bouncer” of sorts, stopping things from outside of your network coming to the inside of your network.  

Network

Inside of your firewall, is your internal network.  Everything inside needs to be protected.  You should only allow access to devices that you know and trust, such as PCs and Laptops that you have purchased and configured by your IT team or that they’ve checked are OK before use.

Endpoints

Your PCs, Laptops, Tablets and Mobiles are known as the Endpoints which need at minimum Antivirus, Patch Management & Encryption.  Bad habits or a lack of training cause problems otherwise.

Applications

Your Endpoints have software applications (e.g. Microsoft Word & Excel and Sage or Dimensions).  At minimum protect them by installing software security updates ASAP. 

Data

What do you need to do to protect your data?  With data, it always starts with authentication & encryption.  Your data should be stored so that it’s not easy to access it, without authenticating and decrypting it. 

External review

Get someone to check your homework after implementation.  If you have an internal IT department, ask an external party to review what has been implemented.  If you have an outsourced partner such as ESP, ask another IT company to review their work. 

The Cloud

Cloud based applications and services that you utilise also need protection. Some security services have been added to most cloud services, but others require further configuration. At MINIMUM you need to implement Multi-Factor Authentication on every cloud service.  

Summary

Balance risk versus reward, implement the security features you can afford.  Some large organisations have been hacked even with almost unlimited budgets. BUT we should do what we can afford and prioritise where necessary and with expert support.

Can ESP help?

We have security events open to anyone, where you can find out more about how you should secure your systems. We are due to run our next event online in September lookout on our events page for more information. If you would like to discuss security with us and book in o discuss your free cyber security assessment use the link below, it would be great to chat with you!