3 Essential Cyber Security Protections
October 16, 2017 THE NONPROFIT TIMES
One need only read the news on a given day to appreciate the persistent threat cyber attacks pose on nonprofits and society at large. With so many external actors present, it is incumbent on organizations to be proactive in prevention when possible.
- Anthony DeGray, commercial insurance advisor for Meeker Sharkey & Hurley; David Barnett, CEO for Corsis LLC; and Diane D. Reynolds, counsel for McElroy, Deutsch, Mulvaney & Carpenter, LLP discussed the evolving world of digital protection during their session “Digital Art: The Evolving Landscape of Cyber Security” at Risk Summit 2017 in Philadelphia, Pa. During the session, DeGray shared his firm’s cyber-risk checklist, which included:
- Contracts. Have a privacy statement, terms and conditions, and information security policy all prominently displayed on the organization’s website. Important terms and clauses to think about include disclaimers, limitation of liability, and limitation of damages. Have an attorney review written policies;
- Information technology and network. Encrypt all sensitive information and encrypt or limit access to sensitive information via mobile device. Backup data daily and destroy sensitive data when no longer needed. Institute clean desk/clean screen policies of hiding and locking sensitive data when not being used. Have backup plans such as backup sites, a business continuity plan, and a disaster recovery plan. When working with third-party vendors, make sure that their practices are at least as robust as your organization’s and require compensation for loss due to third-party action.
- Content and intellectual property. Conduct infringement checks on third-party material, seek written permission for the use of third-party materials, and properly attribute third-party material on your site. Disclaim, typically in terms and conditions, third party-content with language such as the content does not reflect organizational views. Have legal counsel review content and establish a formal take-down procedure should it be necessary to remove content from the website.