To complete the third article in our series about protecting you and your organisation online (with information from NCVO’s KnowHowNonProfit website) we look at some important measures that even the smallest organisation can take.
Charities are as exposed as any organisation to threats to their computer systems, whether the threats are software-based – such as viruses, worms, malware and spyware in downloads or even on websites – or come from direct human intervention through hacking.
Smaller charities, however, may be more exposed than most because they don’t have the investment or skills necessary to bring their IT security up to a level that is among the best. Here are some important measures that organisations should undertake, along with guidance on how enterprise-level security can be made affordable.
1. Check your equipment’s physical security
The security of the property that a charity’s computer system is housed in is a basic check. Is the building or room secured with smoke and burglar alarms? Can people walk in and out without being checked? Are your computers secured to their desks or are all portable items locked away from sight when not in use?
A mobile device (such as a laptop) should never be the sole place where your important data is stored and should always be password protected. Better still is to encrypt the data held on the computer.
When travelling with your mobile device be extra vigilant and don’t take any risks when using it in public places such as cafes or on public transport.
If you need to connect to the internet from a public WiFi hot-spot always check it is a trusted network or via a reputable supplier and be cautious about making financial transactions over these networks.
2. Use strong passwords
After the physical security of your office, passwords are the next most important thing to consider. Use strong passwords with a combination of uppercase and lowercase characters, numbers, and symbols. This will help you defend against hackers who make random and systematic guesses that are based on commonly used words.
Use different passwords for different websites, use password management software (e.g.LastPass) to help you remember them. To thwart unauthorised password recovery that’s based on commonly-known information (your date of birth, the model of your first car, or your pet’s name), consider whether you can use related but nonsense answers, for example the colour of your friend’s car or name of your neighbour’s pet.
Don’t write down your passwords and put them in your drawer or attach to your monitor on a sticky-note!