Key cyber security measures not-for-profits should implement during the coronavirus crisis
There is much uncertainty in the world currently due to the COVID-19 pandemic with changes occurring to the patterns of our daily lives. The cyber threat landscape is ever-changing, and the current times are no exception.
As some organisations are transitioning work practices from regular patterns of operations, here are some key points that your not-for-profit should be looking at to manage cyber risks.
Advise your staff to be vigilant about emails, SMS messages, social media posts or fake news. These could be focused on information about the coronavirus and appear to originate from government authorities, your organisation or colleagues.
They could also look like they come from your IT department with instructions on how to access organisational resources.
These types of messages typically depict a sense of urgency and people are more susceptible in the current climate. Stay Smart Online has seen this happening already and provides some information on how to keep your staff safe.
Organisations around the world are extending the corporate security perimeter with staff now being asked to work remotely.
With no definite timeframe in sight for this current practice, it is paramount that strong passwords are used.
Use multi-factor authentication for your organisational services wherever possible.
Refer to this guidance on creating strong passwords.
To facilitate working remotely, some organisations will require staff to use their own devices which may not have the necessary levels of protection.
Ensuring that web browser software and operating systems are kept up to date with regular updates and patches released by software vendors is important to prevent the exploitation of vulnerabilities.
Securing a home network involves ensuring all default passwords have been changed on routers and other devices connected to the home network.
For those organisations who have Virtual Private Network (VPN) capability, it would be best if this connectivity can be extended to all staff who will need to work remotely.
Based on the type of business information they access, staff should be cautious about other people within their home environment who may access the same devices they use for work purposes. Public wifi networks should not be used by staff when performing critical business processes.
While the main focus at this time is business continuity – ensuring the availability of critical systems and applications for staff to perform their roles – organisations still have compliance obligations.
In particular, for the not-for-profit sector, this translates to upholding data privacy. Reminders to staff on appropriate handling of personal information when they work remotely are important.
The Australian Government has also compiled some guidance on protecting personal information when working remotely.
For more information refer to this useful guide from SANS on how to securely work from home