In today’s interconnected world of digital communication and remote work, the risk of your organization falling victim to cyber threats is higher than ever. Your non-profit’s employees are a double-edged sword when it comes to protecting your organization: They are your best and first line of defense against hackers as well as your largest potential vulnerability. To strengthen your defense, they need to be equipped with the knowledge and skills to navigate the digital landscape safely. Here are some practical tips for your IT team to share with employees on exercising caution when interacting with anyone – including help desk staff – to keep themselves and your organization safe from cyber threats.
Be Skeptical of Unsolicited Communications
One of the most common tactics employed by hackers is phishing, where they attempt to trick employees or volunteers into revealing sensitive information. Employees should exercise caution when receiving unsolicited emails, messages, or phone calls, even if they seem to come from a trusted source.
- Tip: Train employees to verify the legitimacy of suspect communications by carefully double-checking the sender’s contact information. Oftentimes, hackers will use Gmail accounts that appear to be personal or organizational accounts that are one letter off. If in doubt, reach out to the supposed sender through a separate, trusted channel to confirm the authenticity of the request.
Verify the Identity of Help Desk Staff
Help desk staff play a crucial role in resolving IT issues at most non-profits, employees need to verify their identity before sharing any sensitive information or allowing them access to their devices. Hackers may pose as help desk personnel to gain unauthorized access to systems or to obtain confidential donor data.
- Tip: Before providing any information or granting access to help desk staff you don’t know, ask for their name, department, and contact details. Cross-verify this information with an official directory or supervisor to ensure legitimacy before giving them access.
Practice Strong Password Management
A weak password is the equivalent of leaving the front door of your digital life wide open for hackers. Encourage employees to adopt strong, unique passwords for each account and update them regularly.
- Tip: We recommend that employees select a unique password phrase that would be challenging for a hacker to guess but easy for them to remember.
Enable Single Sign-On
Single Sign-On (SSO) adds an extra layer of security while reducing the number of passwords staff needs to recall. As the name implies, SSO is an identity management system that allows a single set of login credentials – almost always username and password – to work across multiple platforms. Your employees are probably already using a version of SSO in their personal lives, where Google, Facebook and others allow users to log in to other applications using their social media sign-ons. Another plus is that SSO makes employee turnover much easier to deal with. For example, CTD is able to shut down access to all SSO-supported platforms almost immediately when an employee’s main account is closed.
- Tip: Your should enable SSO for all work platforms that support it.
Educate Employees on Social Engineering Tactics
Hackers often exploit human psychology through social engineering to manipulate your employees into divulging sensitive information. Your IT experts should train employees to be aware of common tactics used in social engineering attacks. There are countless types of social engineering attacks, and they are continually evolving. They range from simple phishing schemes and smishing (which is phishing via SMS text message) to high jacking a company email or pretexting, which is when an employee misuses their role or creates a fake persona. The most infamous example of this is Edward Snowden, who told his coworkers that he was their system administrator and needed their passwords.
- Tip: Be cautious of unexpected requests for information, especially those involving passwords, financial details, or confidential company information. Verify requests through official channels before responding – even if it is seemingly coming from a fellow employee.
Secure Personal Devices
With the prominence of remote work among non-profit employees, personal devices are increasingly used for professional purposes. However, these devices can become entry points for hackers if not adequately secured.
- Tip: You have a comprehensive Bring Your Own Device (BYOD) policy that ensures personal devices have updated antivirus software, firewalls, and the latest security patches. They should also teach your employees not to use public Wi-Fi networks for sensitive work-related tasks and create virtual private networks (VPNs) for added security.
Regularly Update Software
One of the most frequently used entry points of hackers is through outdated software or applications. Your IT experts should be updating these programs regularly to protect your team from attacks.
- Tip: Your IT team should be enabling automatic updates for operating systems, antivirus software, and all applications. This ensures that all your devices are protected with the latest security patches.
Beware of External Devices
USB drives and external devices are easy ways for criminals to introduce malware or viruses to your devices or networks. Teach your employees to exercise caution when connecting external devices, especially if they are from an unknown or untrusted source.
- Tip: Avoid using USB drives or other external devices unless necessary. If required, use devices only from trusted sources, and run them by your internal IT team to check for malware before accessing any files.
Limit Access to Personal Information on social media
This is perhaps the most challenging precaution for non-profits (or any other organization). Social media platforms are a wonderful way to keep connected to family and friends, but they are also a goldmine of personal information for hackers. Teach your employees to be mindful of the amount of personal information they share online, and who they are sharing it with.
- Tip: Craft policies that prohibit sharing sensitive work-related information that could be exploited by hackers for targeted attacks.
Report Suspicious Activity
This precaution circles back to where we began. Your employees are the eyes and ears of your organization’s cybersecurity defense. Their prompt reporting of any suspicious activity can help your IT team identify and mitigate potential threats before they escalate.
- Tip: Train your employees that if they notice anything unusual – such as unexpected system behavior, suspicious emails, or unfamiliar logins – they should report it to your IT department immediately. Time is of the essence in responding to potential security incidents. Create policies that exempt employees from blame if they are reporting a suspicion to encourage their cooperation. For example, don’t berate an employee for a delay in providing you with data if they had a legitimate concern about your request and took time to verify it before acting on it.
As the digital landscape continues to evolve, non-profit employees must remain vigilant and proactive in safeguarding themselves and their organizations from cyber threats. By adopting these practical tips and cultivating a culture of cybersecurity awareness, your IT experts can play a pivotal role in helping employees fortify your digital defenses. In the ever-changing world of cybersecurity, staying informed, cautious, and engaged is the best strategy for creating a secure and resilient work environment. Need help creating your organization’s cybersecurity program? Our expert team can implement enterprise-grade security and encryption and take full advantage of the latest security systems to minimize the risk of – and potential damage caused by – cyberattacks, all while staying within your budget. Reach out to us to learn how.