We look at cyber security software that charities can use immediately
Your charity faces the threat of a cyber attack every minute of every day. It’s a sobering thought, but the good news is that there is plenty of highly-effective security software out there to protect your organisation from hackers and cyber criminals.
Your charity should make use of the best products available, but it’s important to understand that the best security software for one charity may not be the best for another. Cost may be an important factor for one charity, ease of use for another, implementation for yet another.
With that in mind, here are the security software categories that every charity needs to consider, along with some examples of top products in each category that may be suitable for your charity’s particular requirements.
Your charity should be running an endpoint security product on all desktop and laptop computers used by staff members in the office or working from home, to provide protection against viruses, ransomware, and other malware.
Most endpoint security products also provide extra security features such as intrusion detection, an enhanced firewall, encryption, password management, and blacklisting of websites which are known to be malicious.
Many endpoint security software vendors offer free versions of products that offer good basic protection. But the paid-for versions offer a higher level of protection, as well as features such as centralised management that are useful for larger organisations.
Endpoint security products to consider include:
Passwords are one of the main ways that charity staff ‘authenticate’ themselves, meaning prove that they are who say they are and that they have a right to access a particular application or online service when they log in.
To make password authentication as secure as possible, staff need to use a different password for each application or service. Staff should also choose passwords which are at least thirteen characters long and difficult to guess. Ideally they should be a random string of upper and lower case letters, numbers, and special characters such as ‘!’ or ‘&’.
Since remembering a number of such passwords is practically impossible, your charity should ensure staff are using a password manager that stores passwords securely in encrypted form and enters them automatically.
Since password managers are not fooled by fake websites set up by cyber criminals, these security tools also offer a degree of protection against phishing attacks.
Products to consider include:
Password security can be beefed up significantly by using two factor authentication (2FA). This involves supplying something else in addition to a password when signing in to an account. This something may be a code generated by an authenticator app running on a mobile phone or sent to the phone by SMS, or some form of biometric such as a fingerprint or face scan, often captured by a mobile phone’s camera or other sensors.
The most common form of 2FA is an SMS code, but an authenticator app is more secure.
Authenticator apps to consider include:
Many successful cyber attacks occur because organisations fail to update their software to fix security issues which are discovered and exploited by cyber criminals. So ensuring that software is updated as quickly as possible after an update is release should be a priority for every charity.
Since it is hard to keep track of the updates, charities should use a software updater product which inventories every application installed on a particular computer and either alerts the user when any updates are released, or updates the software automatically.
Software updaters to consider include:
Confidential data is at risk whenever a USB drive is used to move it from one computer to another – perhaps when a staff member moves data from their office computer to their home computer so that they can work remotely.
To ensure that this data is kept secure even if the USB drive is lost or stolen while in transit, it’s a good idea to use a secure USB drive which automatically encrypts the data so that it can only be viewed after a password is supplied.
Encrypted USB drives to consider include:
Laptop computers can also get lost or stolen while travelling between home and charity offices, and both laptop and desktop machines can be stolen from either place. So it’s also a good idea to encrypt any data on their storage drives to keep it out of the hands of cyber criminals. There are a number of ways to encrypt data, including:
Whenever a charity staff member is using a public Wi-Fi connection, such as when they are at a coffee shop or airport, they should use a VPN connection. This encrypts and data as it travels over the public Wi-Fi connection to ensure that it cannot be eavesdropped on by a hacker.
VPN services to consider include:
Staff members working remotely should also use a remote access VPN when connecting to their charity office computer systems. This usually involves a VPN program (the most commonly used is Cisco AnyConnect) that is designed to connect to a hardware device at your charity’s office.
This could be a standalone VPN appliance or, more commonly, the charity’s main network router or security appliance.