Pages

Wednesday, September 26, 2012

19 Ideas To Prevent Cyber Attacks

Remember the good old days when the biggest security concern for businesses was someone stealing from the petty cash box? With most organizations relying heavily on the Internet, another concern has popped up: Cyber Attacks.

Online crime can have disastrous results for individuals and nonprofits. All it takes is one security flaw in your system, and valuable (and often confidential) data could go missing. There are no ways to completely immunize yourself from cyber attacks, but there are ways to make sure you are as safe as possible.

During a recent Risk Management and Finance Summit for Nonprofits sponsored by the Nonprofit Risk Management Center, George E. Constantine III of Venable LLP in Washington, D.C., discussed the danger of cyber attacks, and he offered a look at protective measures:

  • Dual Controls: Have at least two persons in charge of certain accounts, cash collection and cash payment systems.
  • Internal Internet Use Policy: Make it good, follow it closely and include telecommuting.
  • Have a privacy policy.
  • Use Payment Card Industry (PCI) standards for data security.
  • Software: Keep all software, especially security and financial, up to date.
  • Hardware: What is allowed to connect to your system?
  • Conduct employee training regularly.
  • Know what to protect.
  • Control access privileges, change passwords, use best available authentication.
  • Free protections.
  • Identify responsible manager in case of breach.
  • Assess risks and vulnerabilities; establish a response plan.
  • Train employees to identify and report.
  • If problems occur, think of insurance, statutory obligations and public and client/member relations.
  • Note that almost all states have data breach notification laws.
  • Comply with laws of states of affected individuals, not just where the organization is located. Statutes will dictate content, method and deadlines.
  • Generally, the burden is on the "owner or licensor" of data.
  • Do background checks.
  • Support whistleblowers.

No comments: