Why Cybersecurity Matters for Your Organization
The need for cybersecurity is no longer an option. With research showing six cyber attacks occuring every four minutes, it’s a concern for organizations of all sizes. Choosing partner companies and vendors who understand your risks and have made steps to protect your data with proper cybersecurity is vital.
Cybersecurity Risks Nonprofits (and Businesses) Need to Know About
There are two broad categories of cyber threats every organization needs to be aware of:
- Cyber attacks include hacking, phishing, malware, spam and denial of service, and are an attempt (by an individual, or group) to obtain unauthorized access to a computer, network or system with the intent to cause damage.
- Cyber crime is any illegal activity using computers or the internet for criminal purposes. It includes identity theft, credit card fraud, bank fraud, and more.
Although there are a range of activities nonprofits should watch out for, here are a few types of attacks and threats in particular:
Data Theft
Data theft (also referred to as a data breach or leak) is the act of stealing digital information stored on computers, servers, or other electronic devices to gain confidential information or compromise privacy. Malicious actors typically want to sell the information or use it for identity theft. A few causes of data theft are through social engineering, weak passwords, and system vulnerabilities, compromised downloads or publicly available information.
What you can do now:
- Use secure passwords, updating them and security questions regularly.
- Avoid using the same passwords across multiple accounts.
- Set up multi factor authentication.
- Limit social sharing and be cautious when sharing personal information.
Ransomware
Ransomware uses software rather than a direct breach to employ encryption and hold a victim’s information at ransom. Hackers create a hostage situation and usually ask for money in order to release the data. Ransomware attacks are on the rise (some due to cryptocurrency usage), costing businesses and government organizations significant expense and damage.
What you can do now:
- Keep your data backed up — on the cloud and external hard drives.
- Practice safe surfing when browsing the internet, processing email and texts, and downloading applications.
- Only use secure networks for WI-FI, and consider installing a VPN.
Forced Downtime
Forced downtime occurs when a cyber attack of any kind causes a halt in operations. When your website hosting, for example, is thrown offline, it can result in missed donations, scheduling challenges for staff and volunteers, and make it difficult to access the information your organization needs every day.
What you can do now:
- Use a secure CRM to protect donor data.
- Keep your technology and website up-to-date and secure.
- Document and implement basic security measures.
- Keep all team members informed of your policies, ensuring they know what to do in case of forced downtime.
10 Key Questions to Ask Vendors About How They Protect Your Data
When data security is a concern, choosing the right marketing agency or other vendors that have the proper measures in place to give you peace of mind is not easy. Whether you have an IT team dedicated to protecting digital properties and personal data or not, here are 10 questions you can ask companies you’re working with to understand their level of protection.
- What policies and procedures do you have in place to protect your company and client data? Do you hold compliance certifications?
- How do you store and transfer data safely?
- How do you manage remote access to our data?
- Will any third parties have access to our data?
- How often do you scan for vulnerabilities?
- How do you notify clients of known security vulnerabilities?
- How often is your system updated?
- Do you have data security/cyber liability insurance?
- Do you follow secure data destruction processes for confidential data and IT equipment/media?
- Do you have a disaster recovery or business continuity plan in place? How is data recovered in case of loss?
The Value of a Marketing Agency with SOC 2 Compliance
Fervor is ahead of the curve. With our new SOC 2 compliance status, we’re able to assure our current and potential clients that we have high-level processes & tools in place to protect their data. For our clients, it means so much more. Most notably, peace of mind. Our clients can be confident that the work we produce for them and how we produce and share it is private and secure. By promoting vulnerability awareness across our team and theirs, they can trust their data is protected.
In practical terms, SOC 2 compliance assures our clients that:
- Fervor has high-level cybersecurity protocols in place to protect client data.
- Our protocols were successfully audited by a certified risk management service provider.
- Our teams are trained on these security protocols so we can work together to protect our clients.
- We adhere to these high standards for all of our clients.
Learn more about Fervor’s holistic cybersecurity policies. And if you have a project requiring a higher level or security or SOC 2 compliance, reach out to us! We’d love to see how we can help.
Sources: