Wondering what cybersecurity steps to take now?
After ensuring three cybersecurity basics are in place, creating and monitoring compliance with your nonprofit data retention policy is a low cost/high value next step.
Listen to Podcast
Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on Apple, Spotify, Google, Stitcher, Pandora, and more. Or ask your smart speaker.
Nonprofit Data Retention Policy and Cybersecurity Basics
Ian Gottesman is CEO of a coalition of 200+ NGOs and 20 major IT companies working together to improve cybersecurity for the nonprofit sector (NGO ISAC). He has decades of experience in executive roles in nonprofit cybersecurity in a variety of organizations.
In these challenging times for the nonprofit sector generally, many nonprofits are taking a harder look at their cybersecurity policies to better protect their organization and staff. Community IT recommends getting to a foundational level of basic cybersecurity, and you can download our free Cybersecurity Readiness for Nonprofits Playbook to learn what that means and how to put those basics in place. As Ian says, it is not as easy as 1-2-3 but it is easier than a lot of problems nonprofits address through their missions.
Three cybersecurity basics to think about: manage your identity, patch your hardware and software, and look out for phishing – train your staff. You will get 80% protection from just doing those three low cost things – why would you want to get 0%?
When your cybersecurity basics are in place, Ian recommends strengthening your nonprofit data retention policy and compliance as your first next step. Again, this is low cost in terms of your budget, but will have costs to your organization in terms of staff time and energy. So let this challenging moment motivate your team to take on a sorting-and-retaining-or-deleting project.
Listen to Ian Gottesman in conversation with Carolyn Woodard on cybersecurity basics and nonprofit data retention policy.
Some Key Takeaways:
- Cybersecurity Basics are not difficult and protect you from 80% of hacks.
- Manage your identity. Accounts must be protected, your staff should be verifying they are who is supposed to be logging in.
- Patch your hardware and software. The easiest way to do this is reboot – log out, restart, and log back in periodically – once a week, every night, at least once a month to force security updates. Your IT provider or internal IT staff should be patching as part of your cybersecurity strategy.
- Look out for phishing – train your staff. More than 90% of attacks start out tricking a user into clicking a link. For more information on anti-phishing training, check out this webinar on Cybersecurity Awareness Training Tips.
- Cybercrimes are crimes.
- Don’t feel that you were responsible for your own victimization. Clicking on links happens. Huge companies fall for scams. Encourage a culture of openness and sharing around cybersecurity best practices and incident response planning.
- Make sure your nonprofit culture embraces a team approach to cybersecurity, and that everyone on your staff knows to tell someone when they see something suspicious or make a mistake, and who to tell.
- Holding cybercriminals accountable in every country should be a bigger goal for our governments and our laws.
- Nonprofit Data Retention Policy is a valuable project now.
- Remind your staff not to put in writing in any device or app something they would not want to be public about your organization
- Creating and monitoring compliance with a nonprofit data retention policy does not require expensive tools but it does require the time and energy of your staff. Avoiding unnecessary reputational risks is worth it.
- Make sure your nonprofit data retention policy covers emails and messaging in addition to documents and files.
Presenters
Ian Gottesman is volunteer board member of a coalition of 200 NGOs and 20 major IT companies working together to improve cybersecurity for the nonprofit sector (NGO ISAC). They host an annual conference, monthly webinars, and online forums; he has enjoyed spearheading their mentoring program and serving as an organizer for their conference. They are a community of nonprofits working together to improve cybersecurity. The “join NGO ISAC” button is at the top of their website and Ian urges nonprofits to participate in this cybersecurity community.
Carolyn Woodard is currently head of Marketing and Outreach at Community IT Innovators. She has served many roles at Community IT, from client to project manager to marketing. With over twenty years of experience in the nonprofit world, including as a nonprofit technology project manager and Director of IT at both large and small organizations, Carolyn knows the frustrations and delights of working with technology professionals, accidental techies, executives, and staff to deliver your organization’s mission and keep your IT infrastructure operating. She has a master’s degree in Nonprofit Management from Johns Hopkins University and received her undergraduate degree in English Literature from Williams College.
She was happy to have this podcast conversation with Ian Gottesman on nonprofit data retention policy and cybersecurity basics.
Ready to get strategic about your IT?
Community IT has been serving nonprofits exclusively for twenty years. We offer Managed IT support services for nonprofits that want to outsource all or part of their IT support and hosted services. For a fixed monthly fee, we provide unlimited remote and on-site help desk support, proactive network management, and ongoing IT planning from a dedicated team of experts in nonprofit-focused IT. And our clients benefit from our IT Business Managers team who will work with you to plan your IT investments and technology roadmap if you don’t have an in-house IT Director.
We constantly research and evaluate new technology to ensure that you get cutting-edge solutions that are tailored to your organization, using standard industry tech tools that don’t lock you into a single vendor or consultant. And we don’t treat any aspect of nonprofit IT as if it is too complicated for you to understand. When you are worried about productivity, change management, and implementation of new technology, you shouldn’t also have to worry about understanding your provider. When matching business processes and nonprofit IT, you want a partner who understands nonprofits.
More on our cybersecurity services and cybersecurity resources here.
We think your IT vendor should be able to explain everything without jargon or lingo. If you can’t understand your IT management strategy to your own satisfaction, keep asking your questions until you find an outsourced IT provider who will partner with you for well-managed IT.
If you’re ready to gain peace of mind about your IT support, let’s talk.
Transcript coming soon!
Photo by Tobias Tullius on Unsplash