In this webinar, Community IT Innovators’ CTO and our resident security expert Matt Eshleman covers the basics a security plan should include for nonprofit cybersecurity readiness, giving updates and a synthesis of our recent security webinars.
He touches on:
- Understanding and measuring cybersecurity risks to your mission and reputation
- Talking about ROI for cybersecurity measures, and how to consider costs and potential costs in your budget process, based on industry benchmarks
- Considering cyber insurance and which nonprofits particularly need such insurance; in safeguarding databases for healthcare and children/volunteers, guarding against billing and budgeting scams, and nonprofits who may be targeted for their advocacy work
- Updated security incidence response best practices
- Creating a multi-layered security plan that actively includes your staff and executives
As with all our webinars, this presentation is appropriate for an audience of varied IT and security experience.
As the Chief Technology Officer at Community IT, Matthew Eshleman is responsible for shaping Community IT’s strategy around the technology platforms used by organizations to be secure and productive. With a deep background in network infrastructure he fundamentally understands how technology works and interoperates both in the office and in the cloud.
Matt joined Community IT as an intern in the summer of 2000 and after finishing his dual degrees in Computer Science and Computer Information Systems at Eastern Mennonite University, he rejoined Community IT as a network administrator in January of 2001. Matt has steadily progressed up at Community IT and while working full time received his MBA from the Carey School of Business at Johns Hopkins University.
Matt is a frequent speaker at NTEN events and has presented at the Inside NGO conference, Non-Profit Risk Management Summit and Credit Builders Alliance Symposium. He is also the session designer and trainer for TechSoup’s Digital Security course.
Matt lives in Baltimore MD with his wife, daughter and son. He is a member of the Baltimore Choral Arts Society and on the support committee of the Reservoir Hill House of Peace.
- Nonprofit Cybersecurity Readiness Monthly webinar Series September 2019
- About Community IT Advancing mission through the effective of technology. 100% Employee Owned
- Presenter Matthew Eshleman CTO
- Nonprofit Cybersecurity Readiness
- Agenda Cybersecurity landscape Our approach to cybersecurity Common threats Building a roadmap Engage your leadership
- CYBERSECURITY LANDSCAPE Persistent and ongoing brute force attacks on identities Sophisticated spearphishing Organizations targeted because of the work they do Attacks targeting vendors
- CYBERSECURITY LANDSCAPE New security tools available to combat new threat types. Organization’s starting to ask about where to start in improving their cybersecurity. 68% of Nonprofits don’t have an Incident Response Plan Breach response for a small to medium business is $149,000
- NextGen Tools IDENTITY DATA DEVICES PERIMETER WEB SECURITY AWARENESS SECURITY POLICY OUR APPROACH TO CYBERSECURITY
- Incident An event that compromises the integrity, confidentiality or availability of an information asset.
- Breach An incident that results in the confirmed disclosure— not just potential exposure—of data to an unauthorized party.
- Most Common Threats • Business Email Compromise: scam using traditional confidence scheme techniques combined with email impersonation to extract funds through illicit means • Account Compromise: unauthorized use of a digital identity by someone other than the assigned user • Malware: any type of malicious software, usually reported by the end user as a slow computer or strange pop-ups
- Year over Year Comparison • Volume of reported spam increased • Account compromises holds steady, even among increasing MFA adoption • Business Email Compromise has spiked • Actual virus infection rate is low • Ransomware in sample is low
- Analysis of Our Data and Sector • Spearphishing / Business Email Compromise is increasing • Supply chain attacks up dramatically • Vendor -> Client • Org -> Org • Security Awareness Training adoption is increasing
- NextGen Tools IDENTI TY DATA DEVICES PERIMETER WEB SECURITY AWARENESS SECURITY POLICY ORGANIZATION OWNED Organization Owned Partner Delivered Partner Delivered
- Cybersecurity Readiness People •Passwords •MFA Process •Policy •Security Awareness Training Technology •Antivirus •Backup •Email Protection •Etc..
- Getting Started with Cybersecurity IT Policy Security Awareness Training OS and Third Party Updates Antivirus Backups MultiFactor Auth Business Email Compromise Protection
- Growing Organization BIOS / Driver Updates Web Filtering BYOD Control Device Encryption Endpoint Detection and Response Risk Assessment
- Mature/Compliant Organization Cyberliablity Insurance Security Assessment SOC / SIEM Vulnerability Scanning Penetration Testing
- NIST Risk Assessment Tool
- Engage your Leadership Requires leadership to say yes Poor cybersecurity is an organizational liability All organizations are vulnerable
- Engage your Leadership Schedule • Schedule time for security • Monthly reporting • Quarterly planning Know • Know your audience • Narrative • Metrics and numbers Leverage • Leverage existing compliance requirements • PCI • HIPAA • GDPR
- Resources • https://www.sans.org/security-resources/policies/ • https://www.microsoft.com/en-us/nonprofits/security-privacy-compliance • https://www.communityit.com/wp-content/uploads/2019/04/Community-IT-Cybersecurity-Playbook-2019.pdf •
NIST Assessment Tool • Email email@example.com for free access
- Next Steps Schedule time with leadership Get access to survey Tool Review existing controls
- Next Month TechSoup Digital Security 201 –new live event on Oct. 17! Community IT “10 Free Cybersecurity Tools and 3 Worth Paying For” – October 16th
- firstname.lastname@example.org © 2018 Community IT Innovators, Inc. All Rights Reserved. www.communityit.com THANK YOU!