Ransomware is a serious cyber-attack on an organization where systems can be locked, files can be encrypted and even worse, sensitive data can be stolen. As your organization can hold very sensitive personal and financial data, the worst thing that can happen is this data being sold on the dark web, or even published on public websites. This would not only be a serious breach of privacy, but can impose significant reputational risk for your society, and cause substantial financial hardship.
Of course, the cyber-criminal can make these problems all go away for a ransom fee. They promise that they will provide passwords to unlock your systems, provide keys to decrypt data, and ensure the data that they stole will be deleted. Would you trust a cyber-criminal in delivering on what they promise?
We strongly recommend that your society take steps to reduce your risk of exposure and practice good security hygiene:
- Have a good data backup procedure, including daily, weekly and monthly backups. Practice recovery on a regular basis.
- Ensure your server, desktop and mobile device anti-virus/malware, along with operating system updates are always current.
- Have good cybersecurity awareness within your organization.
- Ensure that system privileges are appropriate. Not everyone needs to be an administrator.
- Ensure that administrative passwords are locked away in a safe place and only used if necessary.
- Implement password complexity and multi-factor authentication technology.
- Ensure firewalls do not have any unnecessary access points open. Prioritize safety over convenience.
In this time of increased remote working, ensure remote access technologies that have been put in place are architected and implemented in a very secure way. If you haven’t already, consider a move to Microsoft Office 365 for your email and files. We also recommend the Exchange Online Advanced Threat Protection service for an extra layer of email protection.
Please work with your IT Department or IT Service Provider to ensure you have taken all the steps to reduce your risk as much as possible. We are also available for guidance, consultation and training. At the end of the day, nothing is 100% but doing what you can to protect your organization, clients and employees goes a long way.
If you suspect you have been hit by a ransomware attack, we have created the Cyber Attack Incident Response Guidesheet to guide you. Also, feel free to contact us directly if you need help.
Source: Mike Klein, Chief Information Officer, BC Housing Management Commission. October 14th, 2020
Cyber Attacks on the Rise
.png)
Welcome!
If you are reading this guide, you are about to embark on a process that will help your organization harness the potential of technology to deliver your mission and best serve your community. Proactively planning for technology is about more than replacing old computers (although that might be part of your plan!). This process will help your organization fundamentally shift the way you approach technology investments toward greater mission achievement and community impact. It will identify opportunities for technology to help you control costs, reduce risk, raise funds, and empower staff.
Strategic technology planning – much like any strategic planning process – is a comprehensive look at the current state and the desired future state for your organization. If you just need some new computers, this may not be the right process. But if you are ready to treat technology as a mission-critical investment that can accelerate your organization’s impact, you are in the right place! Your nonprofit has much to gain from appropriately integrating technology into your operations, communications, fundraising, and service delivery. This guide offers step-by-step support to help you lead your organization through technology planning, resulting in a roadmap to smart technology use.
Acknowledgements
This guide has been produced through the generous support of the Rasmuson Foundation, a private foundation that works as a catalyst to promote a better life for Alaskans. Learn more at www.rasmuson.org. It was written and edited by Lindsay Bealko of Toolkit Consulting, who helps mission-minded organizations design creative communications, engaging education, and powerful programs. Learn more at www.toolkitconsulting.com.
Special thanks to Orion Matthews and Jeremiah Dunham of DesignPT for their substantial contributions to and reviews of this guide to make it as useful as possible to nonprofit organizations who are ready to harness the strategic potential of technology. Learn more and request help with your strategic technology plan at www.designpt.com.