Easy steps to prevent a cyber security breach

It’s a simple fact that hackers target organisations of all shapes and sizes, and charities are becoming increasingly aware of the risk of a cyber security breach.

 

So we listed some easy steps that you can take to prevent your charity becoming victim to cyber crime. You can find more advice, tools, training, and guidance at the Charity Digital Cyber Security Hub. 

 

 

Deal with phishing

 

Phishing emails are malicious emails containing links to fake websites, malware downloads or malware attachments. They account for around 80% of all reported cyber security breaches.

 

The best way to counter phishing is through education and charities of all sizes should provide training both to staff and volunteers to help them spot phishing emails. In particular, training should teach them to recognise malicious links and attachments and to refrain from clicking on them.

 

Larger charities can provide continuous phishing awareness training to all your staff using a product like Cofense PhishMe. It is also possible to reduce the number of phishing emails that staff receive by using an email security gateway which filters out malicious emails and malware before it is delivered to their inboxes.

 

 

Use endpoint security software

 

All your charity computers should be protected with endpoint security software such as BitDefender GravityZone or Norton Small Business which provides anti-virus and anti-ransomware capabilities.

 

Endpoint security software also provides other security features such as the blocking of malicious websites to help prevent users from visiting sites that are known to contain malicious links.

 

Medium and larger charities can also use a security gateway appliance (sometimes known as a unified threat management or UTM device) that filters all internet traffic arriving at a charity for malware and other threats. A security gateway appliance also includes the functions of an email security gateway (see above).

 

 

Secure Wi-Fi access points

 

Ensure that your Wi-Fi networks are secured using encryption and can only be accessed using a password which is difficult to guess.

 

Since the password and other internet security features can be disabled by anyone who has access to your charity’s main internet access router, it’s also important to ensure that the administrator’s password is changed from the default password.

 

 

Turn on firewalls 

 

Almost all computer operating systems such as Windows 10 and MacOS include a software firewall to help keep hackers out.

 

A firewall works like a nightclub bouncer, checking all internet traffic before it is allowed into the computer and denying access to anything it does not recognise or like the look of.

 

Usually the firewall is turned on by default, but they can be disabled by malicious software or accidentally by the user. So it is important to check the firewall regularly and turn it on if it has been disabled.

 

Larger charities can use a security router, such as Cisco’s C881-K9 integrated services router, to enable your charity to benefit from a firewall where your charity’s network connects to the internet as well as security features such as an intrusion prevention system and VPN connection capabilities.

 

 

Use a password manager 

 

Passwords play a key role in keeping your charity secure by letting staff access information, accounts, and services running in the cloud, while denying hackers access. But passwords are only effective if they are strong – meaning long and difficult to guess.

 

In practice that means that passwords should be at least 13 characters long and made up of upper and lower case characters and special characters such as ! or &.

 

Since strong passwords are difficult to remember, and because staff should use a different password for each account, the only practical way for staff to use strong passwords is to use a password manager program, such as LastPass, Dashlane, or 1Password.

 

Some endpoint security software such as Norton Small Business also include password management.

 

A password manager stores all of a staff members’ passwords in an encrypted form and enters them automatically whenever they are needed. A password manager only works after it is activated by entering a master password – the only password that a password manager user has to remember.