As recent headlines illustrate, cybersecurity should be a top priority for all organizations. Many nonprofit leaders believe that they have adequate cybersecurity in place, but might not know the specifics. Given the high stakes, it’s vital to ensure that your organization has sufficient protection.
According to Lisa Traina, a partner at Traina & Associates, a CapinCrouse company, tThe four steps below go beyond the basic cybersecurity practices you should follow to help you further strengthen your organization’s cybersecurity defenses.
1. Create and implement a plan for zero-day vulnerabilities: Zero-day vulnerabilities are security holes without an update or patch available at the time of discovery. According to the Trustwave Global Security Report, vulnerabilities exist for an average of 100 days before being made public. That gives hackers an average of 100 days to exploit them.
2. Create and implement an incident response plan: It’s no longer a question of if a cyber breach will occur, but rather when. While it’s crucial to invest in preventative security measures, it’s also critical to plan for how your organization will react and respond to a breach.
3. Undergo routine Information Systems (IS) assessments: Effective risk mitigation can only occur after you have a list of issues to target. All organizations should undergo a periodic independent IS security assessment including vulnerability testing and information security controls testing, which helps to determine whether the appropriate controls are in place and operating effectively.
4. Develop a formal vendor review process: With the growing reliance on vendors, it’s crucial to recognize the significant cybersecurity risk they can represent. Major data breaches at Goodwill, Target, Home Depot, and Lowe’s all started with vendor security issues.
Vendors focus on providing services, not security, so it’s important for your organization to have a formal process for evaluating all vendors that provide critical functions or have access to critical data. This should include any third parties that host your data and any vendors with regular access to it.
You should perform an annual review for all current vendors and review all new vendors before you sign a contract.
As we celebrate our 36th year, NPT remains dedicated to supplying breaking news, in-depth reporting, and special issue coverage to help nonprofit executives run their organizations more effectively.