If you work in philanthropy and are not already a member, you’re still probably familiar with the Technology Affinity Group (TAG). Their mission is to promote the power of technology in philanthropy. In 2019, TAG put a singular focus on cybersecurity, addressing the growing risk of security breaches in the philanthropic world. To that end, TAG launched an educational program earlier in the year called CyberSecurity Essentials for Philanthropy. The curriculum has featured a series of webinars and workshops. It has also produced white papers written by IT leaders throughout the social sector.
One such white paper was written by John Mohr, CIO of the MacArthur Foundation and CGNET’s own Dan Callahan, VP of Global Services. Cybersecurity Essentials for Philanthropy: A 360˚ View of Security, provides a map of sorts to help you navigate internet threats and guide your organization to safer ground. The authors “provide pragmatic strategies and real-world tactics based on our everyday experience as IT leaders”.
Get the Big Picture
By a “360˚ View”, Mohr and Callahan take a modern approach to securing your data, stressing vigilance in all directions. They help you define your “attack surface” (all parts of your network that could be used to gain access to private information). Next, they walk you through penetration testing on your network so you can figure out your security baseline. From that baseline you can then prioritize: Which areas of vulnerability are of critical importance and need immediate attention?
Guard Your Assets
Now, it’s time to take the steps to shore up your protection:
- Secure the perimeter with a firewall and Cloud Access Security Broker
- Protect computer assets by staying up-to-date with software patches and using encryption tools
- Protect users’ login information by establishing a strict password policy and using password managers
- Limit administrator access, as this tends to be most hackers’ primary target
- Protect your organization’s website and apps with a web app firewall and by running regular vulnerability (penetration) testing to flesh out any weak spots
- Protect the valuable content itself: Encryption of email messages and hard drives; implementation of Information Rights Management (IRM) and Data Loss Prevention (DLP).
It Takes a Village
After taking you step-by-step through the processes above, Mohr and Callahan sum it all up by addressing the importance of getting *everyone* invested in the cybersecurity mindset and process. It can’t be stressed enough that keeping an organization’s data safe falls on everyone’s shoulders. The number one method of gaining access to company data is through compromised credentials. Therefore, both the CEO and the summer intern need to be educated on their part in thwarting outside attacks.
So take a bit of time and read this whitepaper. It’s a short 17 pages, and is chock-full of practical information and instruction. Because as they say in the cybersecurity business, there are two kinds of organizations out there: Those who’ve been hacked and those who will be hacked. Preparation is the key to preventing a successful hack OR surviving one with minimal damage.