To download: https://www.slideshare.net/CITImarketing/nonprofit-cybersecurity-readiness-community-it-innovators-webinar

In this webinar, Community IT Innovators’ CTO and our resident security expert Matt Eshleman covers the basics a security plan should include for nonprofit cybersecurity readiness, giving updates and a synthesis of our recent security webinars.

He touches on:

As with all our webinars, this presentation is appropriate for an audience of varied IT and security experience.

Presenter


As the Chief Technology Officer at Community IT, Matthew Eshleman is responsible for shaping Community IT’s strategy around the technology platforms used by organizations to be secure and productive. With a deep background in network infrastructure he fundamentally understands how technology works and interoperates both in the office and in the cloud.

Matt joined Community IT as an intern in the summer of 2000 and after finishing his dual degrees in Computer Science and Computer Information Systems at Eastern Mennonite University, he rejoined Community IT as a network administrator in January of 2001. Matt has steadily progressed up at Community IT and while working full time received his MBA from the Carey School of Business at Johns Hopkins University.

Matt is a frequent speaker at NTEN events and has presented at the Inside NGO conference, Non-Profit Risk Management Summit and Credit Builders Alliance Symposium. He is also the session designer and trainer for TechSoup’s Digital Security course.

Matt lives in Baltimore MD with his wife, daughter and son. He is a member of the Baltimore Choral Arts Society and on the support committee of the Reservoir Hill House of Peace.

Slides:


  1. Nonprofit Cybersecurity Readiness Monthly webinar Series September 2019
  2. About Community IT Advancing mission through the effective of technology. 100% Employee Owned
  3. Presenter Matthew Eshleman CTO
  4. Nonprofit Cybersecurity Readiness
  5. Agenda Cybersecurity landscape Our approach to cybersecurity Common threats Building a roadmap Engage your leadership
  6. CYBERSECURITY LANDSCAPE Persistent and ongoing brute force attacks on identities Sophisticated spearphishing Organizations targeted because of the work they do Attacks targeting vendors
  7. CYBERSECURITY LANDSCAPE New security tools available to combat new threat types. Organization’s starting to ask about where to start in improving their cybersecurity. 68% of Nonprofits don’t have an Incident Response Plan Breach response for a small to medium business is $149,000
  8. NextGen Tools IDENTITY DATA DEVICES PERIMETER WEB SECURITY AWARENESS SECURITY POLICY OUR APPROACH TO CYBERSECURITY
  9. Incident An event that compromises the integrity, confidentiality or availability of an information asset.
  10. Breach An incident that results in the confirmed disclosure— not just potential exposure—of data to an unauthorized party.
  11. Most Common Threats • Business Email Compromise: scam using traditional confidence scheme techniques combined with email impersonation to extract funds through illicit means • Account Compromise: unauthorized use of a digital identity by someone other than the assigned user • Malware: any type of malicious software, usually reported by the end user as a slow computer or strange pop-ups
  12. Year over Year Comparison • Volume of reported spam increased • Account compromises holds steady, even among increasing MFA adoption • Business Email Compromise has spiked • Actual virus infection rate is low • Ransomware in sample is low
  13. Analysis of Our Data and Sector • Spearphishing / Business Email Compromise is increasing • Supply chain attacks up dramatically • Vendor -> Client • Org -> Org • Security Awareness Training adoption is increasing
  14. NextGen Tools IDENTI TY DATA DEVICES PERIMETER WEB SECURITY AWARENESS SECURITY POLICY ORGANIZATION OWNED Organization Owned Partner Delivered Partner Delivered
  15. Cybersecurity Readiness People •Passwords •MFA Process •Policy •Security Awareness Training Technology •Antivirus •Backup •Email Protection •Etc..
  16. Getting Started with Cybersecurity IT Policy Security Awareness Training OS and Third Party Updates Antivirus Backups MultiFactor Auth Business Email Compromise Protection
  17. Growing Organization BIOS / Driver Updates Web Filtering BYOD Control Device Encryption Endpoint Detection and Response Risk Assessment
  18. Mature/Compliant Organization Cyberliablity Insurance Security Assessment SOC / SIEM Vulnerability Scanning Penetration Testing
  19. NIST Risk Assessment Tool
  20. Engage your Leadership Requires leadership to say yes Poor cybersecurity is an organizational liability All organizations are vulnerable
  21. Engage your Leadership Schedule • Schedule time for security • Monthly reporting • Quarterly planning Know • Know your audience • Narrative • Metrics and numbers Leverage • Leverage existing compliance requirements • PCI • HIPAA • GDPR
  22. Resources • https://www.sans.org/security-resources/policies/https://www.microsoft.com/en-us/nonprofits/security-privacy-compliancehttps://www.communityit.com/wp-content/uploads/2019/04/Community-IT-Cybersecurity-Playbook-2019.pdf
    https://www.communityit.com/wp-content/uploads/2019/03/NonprofitCybersecurityIncidentReport.pdf
    NIST Assessment Tool • Email meshleman@communityit.com for free access
  23. Next Steps Schedule time with leadership Get access to survey Tool Review existing controls
  24. Next Month TechSoup Digital Security 201 –new live event on Oct. 17! Community IT “10 Free Cybersecurity Tools and 3 Worth Paying For” – October 16th
  25. cybersecurity@communityit.com © 2018 Community IT Innovators, Inc. All Rights Reserved. www.communityit.com THANK YOU!