Implement 4 Basic Security Measures - Susanne Petersson
-
Upload
susanne-petersson-lssgb -
Category
Government & Nonprofit
-
view
78 -
download
0
Transcript of Implement 4 Basic Security Measures - Susanne Petersson
Susanne PeterssonBoard Secretary, Chicago Art Deco SocietyBoard Secretary, Chicago Art Deco SocietyBoard Secretary, Chicago Art Deco SocietyBoard Secretary, Chicago Art Deco Society
What is a Cyber Security Threat?
An unauthorized An unauthorized An unauthorized An unauthorized
attempt to access attempt to access attempt to access attempt to access
electronic data and electronic data and electronic data and electronic data and
communicationscommunicationscommunicationscommunications
Susanne Petersson 3
What is the Potential Harm?
� Access to private onAccess to private onAccess to private onAccess to private on----line activityline activityline activityline activity
� Usage of credit/debit accountsUsage of credit/debit accountsUsage of credit/debit accountsUsage of credit/debit accounts
� Reduction of nonReduction of nonReduction of nonReduction of non----profit fundsprofit fundsprofit fundsprofit funds
� Data hijack for ransomData hijack for ransomData hijack for ransomData hijack for ransom
Susanne Petersson 4
Which Organizations are being Targeted?
Businesses of all Businesses of all Businesses of all Businesses of all
sizes have been sizes have been sizes have been sizes have been
attackedattackedattackedattacked
Susanne Petersson 5
Successful attempts against well-known
companies make world headlines
And yet ..
Susanne Petersson 6
Any Organization Any Organization Any Organization Any Organization –––– Yours,Yours,Yours,Yours,
or one with which You do Businessor one with which You do Businessor one with which You do Businessor one with which You do Business
could be hackedcould be hackedcould be hackedcould be hacked
Susanne Petersson 7
Your Non-Profit Identity
� The email address provided by your The email address provided by your The email address provided by your The email address provided by your
organization is your identityorganization is your identityorganization is your identityorganization is your identity
Susanne Petersson 14
Your Non-Profit Identity
� Use your emailUse your emailUse your emailUse your email
� Perform organizationPerform organizationPerform organizationPerform organization----
related activitiesrelated activitiesrelated activitiesrelated activities
� Act as representative Act as representative Act as representative Act as representative
for your organizationfor your organizationfor your organizationfor your organization
Susanne Petersson 15
Setup Non-Profit Email
Susanne Petersson 16
Many onMany onMany onMany on----line line line line providers providers providers providers
offer offer offer offer lowlowlowlow----cost email cost email cost email cost email
with your nonwith your nonwith your nonwith your non----profit’s profit’s profit’s profit’s
domain domain domain domain address:address:address:address:
[email protected]@[email protected]@nonprofit.org
Setup Non-Profit Email
� There are no excuses There are no excuses There are no excuses There are no excuses ––––
� Separate your nonSeparate your nonSeparate your nonSeparate your non----profit profit profit profit
from other activitiesfrom other activitiesfrom other activitiesfrom other activities
Susanne Petersson 17
Setup Non-Profit Email
� There are no excuses There are no excuses There are no excuses There are no excuses –––– only benefits!only benefits!only benefits!only benefits!
� Add an extra touch of Add an extra touch of Add an extra touch of Add an extra touch of
professionalism to your professionalism to your professionalism to your professionalism to your
communicationscommunicationscommunicationscommunications
Susanne Petersson 18
Secure Passwords
� Create secure passwordsCreate secure passwordsCreate secure passwordsCreate secure passwords
� Different from your other Different from your other Different from your other Different from your other
onononon----line email or business line email or business line email or business line email or business
accountsaccountsaccountsaccounts
� Change passwords oftenChange passwords oftenChange passwords oftenChange passwords often
Susanne Petersson 19
Secure Passwords
� Use secure passwords forUse secure passwords forUse secure passwords forUse secure passwords for
� Your nonYour nonYour nonYour non----profit email profit email profit email profit email
addressaddressaddressaddress
� Sites accessed using nonSites accessed using nonSites accessed using nonSites accessed using non----
profit email accountprofit email accountprofit email accountprofit email account
Susanne Petersson 20
Email Activity
� Follow protocolFollow protocolFollow protocolFollow protocol
� Setup strong rules to Setup strong rules to Setup strong rules to Setup strong rules to
block unwanted mailblock unwanted mailblock unwanted mailblock unwanted mail
� Open only trusted Open only trusted Open only trusted Open only trusted
attachments attachments attachments attachments
Susanne Petersson 21
Trust Your Anti-Virus Software
If an email or If an email or If an email or If an email or
sender looks sender looks sender looks sender looks
suspicious, it suspicious, it suspicious, it suspicious, it
probably is probably is probably is probably is ––––
Susanne Petersson 22
Beware of suspicious Email
A.A.A.A. Close the email messageClose the email messageClose the email messageClose the email message
B.B.B.B. Mark as “SPAM”Mark as “SPAM”Mark as “SPAM”Mark as “SPAM”
C.C.C.C. Empty your SPAM folderEmpty your SPAM folderEmpty your SPAM folderEmpty your SPAM folder
Susanne Petersson 23
Load & Activate Anti-Virus Software
� Every device used for Every device used for Every device used for Every device used for
boardboardboardboard----related activityrelated activityrelated activityrelated activity
� All All All All board members, board members, board members, board members,
and associates who and associates who and associates who and associates who
act on their behalfact on their behalfact on their behalfact on their behalf
Susanne Petersson 25
Trust Your Anti-Virus Software
Something Something Something Something
unusual has unusual has unusual has unusual has
occurred occurred occurred occurred ––––
Susanne Petersson 26
Trust Your Anti-Virus Software
� A severe warning pops A severe warning pops A severe warning pops A severe warning pops
up, orup, orup, orup, or
� An unexpected response An unexpected response An unexpected response An unexpected response
within a trusted site within a trusted site within a trusted site within a trusted site
Susanne Petersson 27
Trust Your Anti-Virus Software
This may be a ploy This may be a ploy This may be a ploy This may be a ploy
to access your to access your to access your to access your
hardware or datahardware or datahardware or datahardware or data!!!!
Susanne Petersson 28
Use Your Trusted Anti-Virus Software
A.A.A.A. Exit where you are signed inExit where you are signed inExit where you are signed inExit where you are signed in
B.B.B.B. LLLLaunch your antiaunch your antiaunch your antiaunch your anti----virusvirusvirusvirus
C.C.C.C. Advise Advise Advise Advise your administratoryour administratoryour administratoryour administrator
Susanne Petersson 29
Secure Documents On-Line
� Provide a secured portal Provide a secured portal Provide a secured portal Provide a secured portal
� Often space is included Often space is included Often space is included Often space is included
by the email providerby the email providerby the email providerby the email provider
� Documents automatically Documents automatically Documents automatically Documents automatically
backedbackedbackedbacked----up in the ‘cloud’up in the ‘cloud’up in the ‘cloud’up in the ‘cloud’
Susanne Petersson 31
Documents readily Available
� Access the secured portal Access the secured portal Access the secured portal Access the secured portal
� AAAAvailable whenever and vailable whenever and vailable whenever and vailable whenever and
wherever neededwherever neededwherever neededwherever needed
� You have less to carry to You have less to carry to You have less to carry to You have less to carry to
meetingsmeetingsmeetingsmeetings
Susanne Petersson 32
Structure Document Access
� Setup Setup Setup Setup accessibility by folder accessibility by folder accessibility by folder accessibility by folder
� Determine what papers Determine what papers Determine what papers Determine what papers
and records available to and records available to and records available to and records available to
all board members all board members all board members all board members
Susanne Petersson 33
Structure Document Access
� Organize documents by folderOrganize documents by folderOrganize documents by folderOrganize documents by folder
� Provide ample individual Provide ample individual Provide ample individual Provide ample individual
rights for research and rights for research and rights for research and rights for research and
decisiondecisiondecisiondecision----makingmakingmakingmaking
Susanne Petersson 34
Distribute Your Documentation
� Post updates onPost updates onPost updates onPost updates on----linelinelineline
� Designate the responsible Designate the responsible Designate the responsible Designate the responsible
party party party party –––– by committee, by committee, by committee, by committee,
document typedocument typedocument typedocument type
� Announce the update(s)Announce the update(s)Announce the update(s)Announce the update(s)
Susanne Petersson 35
Appoint a Site Administrator
� Manage processes, troubleshoot Manage processes, troubleshoot Manage processes, troubleshoot Manage processes, troubleshoot
issuesissuesissuesissues� DDDDocument organizationocument organizationocument organizationocument organization
� Board member accessBoard member accessBoard member accessBoard member access
� Software integration and Software integration and Software integration and Software integration and updatesupdatesupdatesupdates
Susanne Petersson 36
3rd Party Suppliers are Integral Partners
� Suppliers are utilized in many areas, Suppliers are utilized in many areas, Suppliers are utilized in many areas, Suppliers are utilized in many areas,
such assuch assuch assuch as� DatabaseDatabaseDatabaseDatabase
� TelephoneTelephoneTelephoneTelephone
� DeliveryDeliveryDeliveryDelivery
� InternetInternetInternetInternetSusanne Petersson 38
Suppliers are their own distinct Businesses
� Many programs you access/run are Many programs you access/run are Many programs you access/run are Many programs you access/run are
controlled by another businesscontrolled by another businesscontrolled by another businesscontrolled by another business
and, possibly…
� A program may, one day, be hackedA program may, one day, be hackedA program may, one day, be hackedA program may, one day, be hacked
Susanne Petersson 39
Be Proactive!
Do Your part toDo Your part toDo Your part toDo Your part to
Secure Your data Secure Your data Secure Your data Secure Your data
and processesand processesand processesand processes
Susanne Petersson 40
Focusing on Your Data …
� Provide access capabilities based on Provide access capabilities based on Provide access capabilities based on Provide access capabilities based on
board member needboard member needboard member needboard member need
� AdministrationAdministrationAdministrationAdministration
� UpdatingUpdatingUpdatingUpdating
� ReadReadReadRead----onlyonlyonlyonly
� Reports Reports Reports Reports
Susanne Petersson 41
Setup a valued Database
� Designate an Administrator Designate an Administrator Designate an Administrator Designate an Administrator totototo
� Assign user access by Assign user access by Assign user access by Assign user access by
role/needrole/needrole/needrole/need
� Review software updatesReview software updatesReview software updatesReview software updates
� Address user queriesAddress user queriesAddress user queriesAddress user queries
� Monitor activityMonitor activityMonitor activityMonitor activity
Susanne Petersson 42
Protect Your Database
� Establish board member rightsEstablish board member rightsEstablish board member rightsEstablish board member rights
� Some require the ability Some require the ability Some require the ability Some require the ability
to add or edit data to add or edit data to add or edit data to add or edit data
� Others simply need readOthers simply need readOthers simply need readOthers simply need read----
only capabilitiesonly capabilitiesonly capabilitiesonly capabilities
Susanne Petersson 43
Limit Database Access
� Board members who require the Board members who require the Board members who require the Board members who require the
occasional report have 2 options:occasional report have 2 options:occasional report have 2 options:occasional report have 2 options:
1.1.1.1. Manual process: a user with Manual process: a user with Manual process: a user with Manual process: a user with
access run, then send/postaccess run, then send/postaccess run, then send/postaccess run, then send/post
Susanne Petersson 44
Limit Database Access
� Board members who require the Board members who require the Board members who require the Board members who require the
occasional report have 2 options:occasional report have 2 options:occasional report have 2 options:occasional report have 2 options:
2.2.2.2. AutoAutoAutoAuto----process: generate and process: generate and process: generate and process: generate and
send/post to an accessible send/post to an accessible send/post to an accessible send/post to an accessible
location location location location
Susanne Petersson 45
Limit Access by Others
� Properly Log Properly Log Properly Log Properly Log IIIIn and Log Out of every n and Log Out of every n and Log Out of every n and Log Out of every
applicationapplicationapplicationapplication
� Follow protocol established Follow protocol established Follow protocol established Follow protocol established
by each programby each programby each programby each program
� Only ‘Only ‘Only ‘Only ‘XXXX----outoutoutout' as outlined in ' as outlined in ' as outlined in ' as outlined in
this documentthis documentthis documentthis document
Susanne Petersson 46
Log out
Trust Your Experience & Processes
If the software If the software If the software If the software
program behaves program behaves program behaves program behaves
suspiciously, it may suspiciously, it may suspiciously, it may suspiciously, it may
be a threat be a threat be a threat be a threat ––––
Susanne Petersson 47
Database provides an unexpected Response
A.A.A.A. Close ‘Close ‘Close ‘Close ‘XXXX----outoutoutout’ of the software’ of the software’ of the software’ of the software
B.B.B.B. Launch your antiLaunch your antiLaunch your antiLaunch your anti----virusvirusvirusvirus
C.C.C.C. Advise your administratorAdvise your administratorAdvise your administratorAdvise your administrator
Susanne Petersson 48
Proactively Document
Log access Log access Log access Log access
control of each control of each control of each control of each
board memberboard memberboard memberboard member
Susanne Petersson 50
Proactively Document
Outline process Outline process Outline process Outline process
steps by board steps by board steps by board steps by board
member member member member
Susanne Petersson 51
Proactively Document
Distribute to board Distribute to board Distribute to board Distribute to board
Periodically review Periodically review Periodically review Periodically review
the processesthe processesthe processesthe processes
Susanne Petersson 52
Will following these ideas stop Threats?
No, nothing can STOP No, nothing can STOP No, nothing can STOP No, nothing can STOP
unauthorized unauthorized unauthorized unauthorized
accessaccessaccessaccess
Susanne Petersson 54
Good News for Your Non-Profit!
Following these ideas Following these ideas Following these ideas Following these ideas
can reduce the can reduce the can reduce the can reduce the
likelihood of likelihood of likelihood of likelihood of
successful attemptssuccessful attemptssuccessful attemptssuccessful attempts
Susanne Petersson 56
Feel free to Like, Save, Share this topic
As board secretary of a small non-profit, I
follow these measures to secure
documentation and processes. Following
these steps also ensures accessibility to
relevant details for thoughtful and informed
decision-making.
Read more on Twitter @SusannePresents
Remain current by following discussions at
#cybersecurity, #cyber, #risk, and #IoT
Prepared by Susanne PeterssonBoard Secretary, Chicago Art Deco SocietyBoard Secretary, Chicago Art Deco SocietyBoard Secretary, Chicago Art Deco SocietyBoard Secretary, Chicago Art Deco Society