You may be interested in the completely revised 2021 Cybersecurity Readiness for Nonprofits Playbook available for download here.
View Video
Listen to Podcast
Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on Apple, Spotify, Google, Stitcher, Pandora, and more. Or ask your smart speaker.
In this webinar, Community IT Innovators’ CTO and our resident security expert Matt Eshleman covers the basics a security plan should include for nonprofit cybersecurity readiness, giving updates and a synthesis of our recent security webinars.
He touches on:
Understanding and measuring cybersecurity risks to your mission and reputation
Talking about ROI for cybersecurity measures, and how to consider costs and potential costs in your budget process, based on industry benchmarks
Considering cyber insurance and which nonprofits particularly need such insurance; in safeguarding databases for healthcare and children/volunteers, guarding against billing and budgeting scams, and nonprofits who may be targeted for their advocacy work
Updated security incidence response best practices
Creating a multi-layered security plan that actively includes your staff and executives
As with all our webinars, this presentation is appropriate for an audience of varied IT and security experience.
Presenter
As the Chief Technology Officer at Community IT, Matthew Eshleman is responsible for shaping Community IT’s strategy around the technology platforms used by organizations to be secure and productive. With a deep background in network infrastructure he fundamentally understands how technology works and interoperates both in the office and in the cloud.
Matt joined Community IT as an intern in the summer of 2000 and after finishing his dual degrees in Computer Science and Computer Information Systems at Eastern Mennonite University, he rejoined Community IT as a network administrator in January of 2001. Matt has steadily progressed up at Community IT and while working full time received his MBA from the Carey School of Business at Johns Hopkins University.
Matt is a frequent speaker at NTEN events and has presented at the Inside NGO conference, Non-Profit Risk Management Summit and Credit Builders Alliance Symposium. He is also the session designer and trainer for TechSoup’s Digital Security course.
Matt lives in Baltimore MD with his wife, daughter and son. He is a member of the Baltimore Choral Arts Society and on the support committee of the Reservoir Hill House of Peace.
Slides:
Nonprofit Cybersecurity Readiness Monthly webinar Series September 2019
About Community IT Advancing mission through the effective of technology. 100% Employee Owned
Presenter Matthew Eshleman CTO
Nonprofit Cybersecurity Readiness
Agenda Cybersecurity landscape Our approach to cybersecurity Common threats Building a roadmap Engage your leadership
CYBERSECURITY LANDSCAPE Persistent and ongoing brute force attacks on identities Sophisticated spearphishing Organizations targeted because of the work they do Attacks targeting vendors
CYBERSECURITY LANDSCAPE New security tools available to combat new threat types. Organization’s starting to ask about where to start in improving their cybersecurity. 68% of Nonprofits don’t have an Incident Response Plan Breach response for a small to medium business is $149,000
NextGen Tools IDENTITY DATA DEVICES PERIMETER WEB SECURITY AWARENESS SECURITY POLICY OUR APPROACH TO CYBERSECURITY
Incident An event that compromises the integrity, confidentiality or availability of an information asset.
Breach An incident that results in the confirmed disclosure— not just potential exposure—of data to an unauthorized party.
Most Common Threats • Business Email Compromise: scam using traditional confidence scheme techniques combined with email impersonation to extract funds through illicit means • Account Compromise: unauthorized use of a digital identity by someone other than the assigned user • Malware: any type of malicious software, usually reported by the end user as a slow computer or strange pop-ups
Year over Year Comparison • Volume of reported spam increased • Account compromises holds steady, even among increasing MFA adoption • Business Email Compromise has spiked • Actual virus infection rate is low • Ransomware in sample is low
Analysis of Our Data and Sector • Spearphishing / Business Email Compromise is increasing • Supply chain attacks up dramatically • Vendor -> Client • Org -> Org • Security Awareness Training adoption is increasing
NextGen Tools IDENTI TY DATA DEVICES PERIMETER WEB SECURITY AWARENESS SECURITY POLICY ORGANIZATION OWNED Organization Owned Partner Delivered Partner Delivered
Cybersecurity Readiness People •Passwords •MFA Process •Policy •Security Awareness Training Technology •Antivirus •Backup •Email Protection •Etc..
Getting Started with Cybersecurity IT Policy Security Awareness Training OS and Third Party Updates Antivirus Backups MultiFactor Auth Business Email Compromise Protection
Growing Organization BIOS / Driver Updates Web Filtering BYOD Control Device Encryption Endpoint Detection and Response Risk Assessment
