Recently Andrew and David presented a webinar on IT security within the Charity and Not For Profit space. We covered a lot of topics around policy, and compliance – but some smaller organisations said it was just “too much”.
So, we wanted to take another shot and providing some good guidance for small charities and organisations. This is – by no means – an exhaustive set of things to do, but hopefully provides a good “starting point”.
1. Educate yourself
A great place to start is to make sure that you are “cyber aware”. This means understanding what phishing emails look like, how to recognise them, and what to do if you see one. The Australian Government’s Stay Smart Online program has a number of resources to help you understand the Scams and Programs that are out there. The following training video is a good example of the resources that they make available.
2. Turn on multi-factor authentication
Multi-factor authentication introduces an extra step into your “login” process by requiring you to approve your sign-in using a device that only you control. This helps prevent fraudulent access to your email, documents and systems.
If you are using Office 365 for your email, make sure you have Multi-Factor and Advanced Threat Protection enabled. Multi-Factor Authentication is easy to setup. If you don’t have experience with managing Office 365, it might make sense to get help from a professional. We can do a basic setup for small organisations for under $300.
If you are using Office 365 Standard, or Exchange Online, you may not have access to all the security features Microsoft has. If you are still on one of these legacy plans, you should look to upgrade.
Any registered Not For Profit in Australia is entitled to be part of the Microsoft NFP/Charity donation program, and this includes 10 Free Licenses for Microsoft Business 365 Premium! This software package includes all the latest Office Software, a license for Windows 10 and the most commonly used advanced security features that Microsoft has. Signing up is easy, and Real World can help you get configured and manage your license allocation process for you.
If you use another cloud email provider, like Google or your ISP, you should also turn on multi-factor authentication. If your mail provider doesn’t support MFA. consider migrating your email to one that does. If you need help with this, our team would be delighted to chat to you.
3. Update your computer software
Make sure you are regularly updating your computer software using Automatic Updates, and check to make sure they are running. Make sure you also update your applications, and periodically check to make sure that you have the latest versions of the software you are running.
If you rely on older software that is no longer made, have a look at alternatives that you might be able to switch to in time. This is often a painful process, but old software poses a security risk, and you may find that in future you are not able to run it on newer computers.
If you work with an IT provider, they may have a process to manage and audit this for you, and provide you with a report to help you understand what updates have not been applied.
4. Get a good anti-virus program and keep it up to date
While there are a number of free anti-virus tools, it is a great idea to make sure you have a good anti-virus system installed on your computer. At Real World, we recommend BitDefender (licenses start from $5 per month per computer), but there are a number of other good options.
While Microsoft Windows does include Windows Defender, we don’t recommend using this as your only anti-virus solution unless you have a full time IT department to manage it. We also recommend avoiding some of the “main stream” vendors like Norton, Trend Micro and AVG’s free products. These products often come with a lot of “bloat ware” and don’t offer the level of protection that products like BitDefender does.
5. Make sure you have backups of your data
Make sure you have backups of your important data. You can use Windows Backup or Time Machine to back up your PC or notebook to an external hard drive. It’s important to make sure that you unplug it when you aren’t backing up your computer.
If you are using a Cloud System like Microsoft 365, you should consider backing up the data you store there as well. Products like Veeam Backup for Office 365 offers a free edition you can use yourself to setup your backup solution. If you want someone to take care of the backups for you, and ensure they are stored securely and offsite, Real World offers solutions from $70 per month for up to 10 365 accounts.
(Bonus): As you grow, things change
If your charity or mission agency is going through a growth phase, or is planning to, it’s important to remember that your security requirements will change. What is right for you when you have one, two or three staff/key volunteers is very different to a team of 10 or even 50. Your IT practice needs to evolve as your organisation evolves, and we’d be delighted to help you understand how to get to where you need to be.
If you need help looking at what the future holds, we’re more than happy to take the time to talk with you about what you do, how you use technology, and what the future might look like for you. It’s one of our secret passions!