Cybersecurity 101: Know What You’re Up Against & How Not to Become a Victim

Cyberattacks exist and they’re on the rise. And no, we’re not talking about Facebook trolls or online bullies. Cyberattacks threaten an organization’s network by hacking into their system or database and committing malicious acts such as identity theft, malware, phishing, spoofing, spamming, spyware—you name it!

According to the Cyberthreat Defense Report, 3/4 of respondents were affected by cyberattacks—up from 2/3 just two years earlier. This is a clear warning sign that all of your employees need to practice safe cybersecurity habits to protect your organization’s important information, assets, and reputation.

Unfortunately, some staff members may wrongly assume that your organization is not a target. They may not be doing their part to safeguard the organization. How can you convince them to step up their security mindset and what specific steps can they take to fend off cyberattacks?

The State of Cybersecurity 2016 RSA Conference CSX ISACA

Help your staff understand the cybersecurity threat.

Last year, ISACA and RSA asked 841 people with organization-wide cybersecurity responsibilities how well their systems were protected—some of their findings may surprise you. 74% said they believed their organization is likely to experience a cyberattack—yet only 43% said they were comfortable with their cybersecurity team’s ability to detect and respond to such incidents.

From member/donor data to financial information, your association or nonprofit is charged with securing plenty of sensitive data—data that hackers want or would love to disrupt. Organizations must make cybersecurity a priority and ensure staff is educated to prevent a looming crisis. Wright Hotels provides a cautionary tale.

The hotel developer faced a cybersecurity nightmare when its owner’s email was breached. Hackers gained access to the president’s email and studied how he communicated with employees. They even accessed his calendar to impersonate him when he’d be least suspicious. They used the information they found to transfer a total of $1 million from the organization’s bank account over several weeks before being detected.

2016 Cyberthreat Defense Report Cyber Edge Group

Help staff know what to do to prevent cyberattacks.

The size and budget of your organization are irrelevant: you may be a target for hackers.

Never assume that you or your organization is safe from cyberattacks. Hackers target a wide range of organizations—often targeting smaller organizations because they have fewer cybersecurity resources.

Beware of suspicious or unusual emails and verify all links before you click.

Be careful when opening links, particularly in unexpected emails or any coming from an unknown address. Be particularly suspicious if an email suggests you need to act quickly. How can you verify a link is what it purports to be? Simply hover over it (don't click!) to reveal the true URL.

Set your email to read plain text only.

Did you know hackers can hide malware inside the pixels of an image? Setting your email to read plain text only means you can choose to view images only when you want to—and only from trusted accounts.

Use secure passwords.

Use complicated passwords to better protect your accounts, avoiding obvious personal information like your birthday, city, last name, family members’ names, or even your beloved pet’s name—such information is too easily discoverable in, among other places, your social profiles. For added security and complexity, include any and all types of permitted characters: upper- and lowercase letters, numbers, punctuation, spaces, and symbols.

Don’t take your social media posts for granted.

Posting excessive personal information could make it easier for hackers to impersonate you. Review your privacy settings regularly on sites such as Facebook and Instagram. Take heed of privacy policy change notifications and act accordingly to keep your posts and personal information private.

When you leave your work area, don’t leave your devices unlocked.

If you’re stepping away from your computer, tablet, phone, or any other device that might have data on it—for any amount of time, no matter how short—lock it (or take it with you) so no one else can use it while you’re away. Don’t share your login information with coworkers and don’t leave portable devices out in public (or your car) to be stolen and possibly hacked.

Be cautious with what you are downloading.

Be aware of the websites you are downloading content from, especially if they are not well known. Downloaded files could contain viruses or malware that, when downloaded, infect your system and gain access to your information—or worse, spread into your organization’s network.

Limited awareness among employees is one of the biggest challenges of cybersecurity. Embrace a culture of security to educate yourself and your staff in safe cybersecurity habits. Most attacks are a result of human error and the first 24 to 48 hours are critical. Taking the time before an incident occurs to ensure your online habits follow cybersecurity guidelines is the most important step you can take in preventing a cyberattack.

How can you assess your vulnerability? Review our infographic, Is Your Association Protected from Cyberattacks?, to see where you can beef up your cybersecurity posture.

Check It Out