Tips from infosec experts to prevent data breaches, ransomware, etc.
Cyber Attacks The targeting of charities is increasing at an alarming rate as cyber criminals exploit huge datasets that have been registered by many nonprofits.
Charities often store sensitive information about individuals. They sometimes contain financial information about their supporters and employees.
However, due to time, money or technical know-how constraints, it is not always easy to prevent a cyber attack on a charity.
But no matter how small a charity, you can help protect your digital assets for free thanks to some free resources available online.
But in order to understand what Charity Needs are, you must first understand why the sector is being attacked disproportionately.
Charity event
The biggest security problem charities face is the constant threat of data breaches.
Announced by OxfaM Australia earlier this year A data breach occurred after a malicious third party gained unauthorized access to a charity database.
Oxfam has not yet identified the number of people who may be affected, but the information that has been leaked includes name, address, date of birth, email, phone number, gender, and possibly previous donations. Announced that records are included.
Read about the latest safety news about charities
Even the most security-conscious organizations can still fall victim to data breaches due to the risk of third party failure.
The ransomware attack, which attracted attention in 2020 with the funding database service Blackbaud, affected several charities and nonprofits that used the platform to gather information about their supporters.
Blackbaud added that the attacker “deleted a copy of a subset of the data from a self-hosted (private cloud) environment” and paid a ransom to delete those records. I am very upset about information security professionals ..
The company said there was no evidence that the data was used for criminal purposes, but it nonetheless affected supporters of several charities around the world including: NHS cancer treatment provider Christie And Children’s Minnesota, a pediatric medical facility in the United States.
Charities often have a wealth of sensitive user data
‘Sad Reality’
David Cummins is EMEA Vice President of Tenable, a US-based cybersecurity company that works with many major charities, including global relief organizations.
“The sad reality is that cyber criminals are likely to target the third sector like any other sector,” said Cummins. Daily wig..
Report from England The Department for Digital, Culture, Media and Sports found that 26% of charities in 2020 experienced cyber break-ins or attacks.
“According to Tenable’s own analysis of cyber breaches in 2020, known vulnerabilities remain a popular method for attackers.
“This is the reason for the advice we offer to our clients, including many charities. Organization: With a good understanding of the basics, most cyber threats can be blocked. “
Continue reading Charities and IT service providers are most easily defrauded by phishing attacks – Investigation
Cummins cited User Awareness, Malware, pointing out that the “most effective method” is to establish basic cyber hygiene practices that all employees can follow, but using the system as the primary defense against detection and cyber criminals. to back up.
“This requires companies to get a complete picture of their infrastructure, identify the assets and systems that are critical to their functionality, and decide which to use. Vulnerability It exists in these core areas that are being actively exploited and is updating these systems to fix these bugs first, ”added Cummins.
“At the same time, we have to focus on protecting accounts (employees, service providers, temporary workers, system accounts, etc.) as well as access and authorizations between systems.”
Invest in training
The Cyber Helpline is a UK-based, volunteer-run charity providing advice to citizens on security issues ranging from phishing attacks to cyberstalking.
The director said to help charities provide the best advice and protect themselves from attack. Daily wig Investing in an e-learning platform to offer the latest service training. We also hold regular discussions with cybersecurity experts and provide real-world examples of what a security incident looks like.
Mark Belgrove, Head of Cyber Consulting at Exponential-e and Founder and Director of the Cyber Helpline, said: Daily wig It is imperative that volunteers receive the necessary training to respond to incidents.
He says, “In other words, make sure you understand the technical nuances of the digital threat landscape. When they have this knowledge, we can provide the highest level of support to the victims we work with. Will be. “
Belgrove said: “In this way, volunteers provide a comprehensive overview of the latest developments in the threat landscape when a threat landscape arises.”
Oxfam Australia was the victim of a data breach earlier this year
Do not miss Human rights organizations are campaigning to eradicate Android apps that destroy privacy
In recent years, government security agencies around the world have released free resources to charities and small businesses, including practical advice on how to prevent and respond to cyberattacks.
The UK’s National Cyber Security Center (NCSC) Small Charity Guide and also offers free online advice to the public sector on its website.
In Australia, the Governmentance Toolkit includes: A guide to what to look for and assessment tools.
For US-based charities, US-CERT has an extensive guide A website that offers safety tips for non-tech-savvy users.
Tips for improving the security system of charities
Daily wig We contacted infosec experts with experience in the charity field for advice that nonprofits need to protect their data.
Javvad Malik, KnowBe4 Security Awareness Defender, said: That includes investing in security awareness so people can make better risk decisions, even the most discerning. Tool Not always available.
“The second tip is to manage your credentials. This can include multi-factor implementations. Manage authentication, privileged access or provide employees with password managers.
“The third tip is to keep track of important patches, especially for publicly accessible systems.”
Brian Higgins, Charity Trustee and Comparitech Security Specialist, said: This ensures the topic is discussed regularly at an advanced level, decision making and resource allocation.
“Implement a regular and risk-friendly data backup protocol. Ransomware is one of the most popular criminal methods these days. Communication network Become a victim.
“Train all employees in safety awareness. It is not a good thing to make sure the manager understands. Phishing If the cleaning staff doesn’t know how dangerous it is to insert the USB stick on the floor! “
relationship Cyber security remains a big issue for nonprofits
Niamh Muldoon, Head of Global Data Protection at OneLogin, understands the risks charities face by tracking their assets, who has access to them and how they are monitored. Said it was important.
To help protect charities from attack and abuse, Muldoon has provided a list of the following best practices:
“Know what you have, know where it is, what it’s worth, and decide how to protect it,” she said.
Maybe you like it too “We encourage all small charities to take action.”
Source link Charity Cyber Security: How to protect non-profit organizations from cyber attacks
source https://collegeeducationnewsllc.com/charity-cyber-%e2%80%8b%e2%80%8bsecurity-how-to-protect-nonprofits-from-cyber-%e2%80%8b%e2%80%8battacks/
No comments:
Post a Comment