Crafting a Nonprofit Cybersecurity Policy
In this webinar we include an outline to create or update a security policy; how to address levels of access, confidentiality, emails, passwords, and 2-step authentication; and policies for securing staff devices whether yours or theirs.
The Community IT Innovators approach to Security includes basic steps you can easily follow. This video covers creating Written & Updated Policies, using Predictive Intelligence, the need for staff Security Training & Awareness, and advice on basic security including strong Passwords, Antivirus, regular Backups, and Patches.
What policies does your organization already have and where to start?
- Acceptable use policy
- Computer equipment
- Web browsing
- Mobile Devices
- Data policy
- Identity and account policy
- HIPAA and other privacy regulations
Community IT Innovators uses the CIA rubric: Confidentiality Integrity Availability
- Sensitive Data with highest restricted access includes Medical Records, Donor Contacts
- Moderate access includes Financial System, HR Records
- Less Sensitive with more access includes Email, Grant Proposals, Program Mgmt
Your Nonprofit Cybersecurity Policy will require executive support. Our advice is to start with the policy goals first, and determine the level of investment to meet policy requirements. We have resources on determining the level of damage a mid-sized nonprofit can expect from a security incident, which can help leadership determine the level of investment needed to secure data and resources.
Remember IT policies are living documents, that do no good at all if staff don’t know them, don’t know who to ask, or don’t understand the reasoning behind security measures that protect your organization. Your Cybersecurity policy should be monitored and staff should have updated training regularly.
As the Chief Technology Officer at Community IT, Matthew Eshleman is responsible for shaping Community IT’s strategy in assessing and recommending technology solutions to clients. With a deep background in network infrastructure technology he fundamentally understands how technology works and interoperates both in the office and in the cloud.
Matt joined Community IT as an intern in the summer of 2000 and after finishing his dual degrees in Computer Science and Computer Information Systems at Eastern Mennonite University he rejoined Community IT as a network administrator in January of 2001. Matt has steadily progressed up at Community IT and while working full time received his MBA from the Carey School of Business at Johns Hopkins University.
Matt is a frequent speaker at NTEN events and has presented at the Inside NGO conference and Non-Profit Risk Management Summit. He lives in Baltimore MD with his wife, daughter and son.