We have many foundations as clients. One of the hardest kinds of information to get is what other foundations are doing. If you take the time to ask foundation IT managers about what you need to know, they usually will tell you. The kind of convenient industry breakouts that exist for other industries (e.g. manufacturing, education), however, don’t exist for foundations.

Often, when Foundation IT managers do make public presentations, the topics vary and aren’t enough. This is why the current TAG series, “Cybersecurity Essentials for Philanthropy,” is so good. This year, it is presenting 13 presentations, webinars, briefings, checklists and white papers, created by foundation IT managers and a few consultants. They cover what the managers agreed are the most important topics in cybersecurity today. You can find the whole list at https://www.tagtech.org/page/cybersecurity.

Although some of the webinars have already taken place, recordings are available to TAG members. You can also get the slides.

Five Takeaways

Here are a few of the insights I gained by listening to the webinars and looking at the slides:

• Cybersecurity incidents have affected foundations. A 2018 TAG survey revealed that 21 percent had experienced cybersecurity incidents in the previous two years.
• When an incident does occur, it changes a foundation’s IT agenda. Two foundations in the “Security Awareness Training & Policies at Mid-Size Organizations” webinar presented timelines of IT activity, before and after security incidents. Before the incidents, activity was mostly about improving services and applications. After the incidents, most of the major IT activity was about security. A word to the wise…
• Security training, usually combined with phishing testing, has been very successful. If you haven’t started training your users yet, you are missing out.
• Multi-Factor Authentication (MFA) also has had good results. A particularly important part of “Why Multi-Factor Authentication (MFA) Matters” is how the foundations address getting leadership buy-in and doing effective change management. So often these are the factors that make or break implementations.
• One insight was how effective backup and migration to the cloud can be frustrated by all the old files foundations stored. The time has come for document retention policies and carrying them out.

Moments of Truth

Finally, the best thing about the series is that it is not a sales pitch, but news from the people responsible for security at their organizations. Congratulations to TAG for organizing such a good series.