(Special thanks to Cyber Security Chicago for providing a complimentary pass and Rotem Katsir of Votiro for her time and insight. Please be sure to check out our first installment on Kevin Mitnick here.)
Chicago-area nonprofits, social enterprise, and other mission-driven businesses have a special stake in cybersecurity. After all, mission-driven organizations deal with sensitive donor and financial information. However, many organizations may lack resources to ensure complete security. So why is it especially important for smaller organizations to make sure that their data and digital information is secure.
“Hackers don’t care,” Rotem Katsir of Votiro told me. Hackers don’t discriminate when it comes to targets. If they are looking for financial information, nonprofits and other mission-driven organizations are especially vulnerable given their lack of resources, including proper security information.
Ms. Katsir works for Votiro, a company founded by security experts that develops and licenses unique security software solutions that help protect organizations from external cyber attacks. Most of Votiro’s work focuses on “taking the human factor out”. Their core technology sanitizes files by breaking down the content of each file to its basic components and reconstructing a clean and safe new file. This can prevent any malicious attack from coming into an organization.
One key issue for nonprofits and mission-driven businesses is their lack of a complex security team, making these organizations easier to attack. In the past year, 95% of all hacker efforts came from spear phishing and 98% came from malicious malware/ransomware attacks. Most businesses have the resources and strategies for handling offline attacks, but how can nonprofits and other mission-driven businesses protect themselves?
As Rotem Katsir explains, smaller organizations can protect themselves by behaving like other organizations and taking a “back to basics” approach. Despite lacking resources, there are smaller strategies that nonprofits, mission-driven, and other small businesses can implement to keep their data secure and avoid attacks:
- Practice greater awareness when opening e-mails (especially with attachments).
- Use free web-based tools like VirusTotal to investigate any links before clicking on them.
- Make sure your organization is using the latest software (Equifax’s breach, for example, occurred because they didn’t install the latest patch.)
- Check all credentials when receiving a questionable e-mail;
- Develop a security policy, even if it means relying on one person who knows your organization’s system
- With cloud-based vendors, ask about security processes (like 2-factor authentication) and how the provider will be handling your information.
One of the highlights of my conversation with Rotem Kasir was learning about General Data Protection Regulation, an initiative of the European Union to ensure consistency of data protection across borders. With the emergence of a more interconnected, global economy, it becomes imperative that data protection standards are equal across all borders. Although many businesses and organizations can adopt higher-end systems, organizations of all sizes (including nonprofits and other mission-driven businesses) can take a “back to basics” approach.
Data security and protection rules are changing, and many organizations are struggling to adapt. For nonprofits, social enterprise, and other mission-driven businesses, the first step is not adopting a system…but rethinking how they operate. Caution is the best first step towards making sure their systems – and data – are safe and secure.
For many nonprofits and other mission-driven organizations, concepts like “big data, “cloud computing” and “artificial intelligence” seem daunting…but what are their real-world implications? And why should nonprofits, social enterprise, and other like-minded organizations care? Tomorrow’s Cyber Security Chicago profile will give you the answer. And it might surprise you.
Questions? Comments? Please leave them below or join the conversation via our Facebook page. (Please note that all comments are moderated). If you wish to contact me privately, information can be found via this blog’s About page.)
And as always, thanks for reading!