Wasaga Beach was the victim of a ransomware attack that, between the ransom and upgrading their security, cost the taxpayers around $250,000. After spending all that money, I hope they now have a solid security infrastructure in place and won't be hit again.
Imagine how much cheaper it would've been if they had the proper system in place from the start!
Like shopping for insurance after your car is already in a ditch, waiting until after you’ve had a breach is the worst time to think about security. And I know data security is probably outside of your wheelhouse , but ignoring the problem won’t make it go away. If you haven’t prepared, you might be sitting on a powder keg ready to explode if the right match comes along.
Ask yourself , how would your organization cope if you lost all computer access for a week? What about your emails? What if you lost your entire database permanently? Not everyone can ask the taxpayers to bail them out, and this type of disaster can be just as devastating as any hurricane for an organization.
But where do you begin? Here are some of the basics you want to make sure are in place as a start.
All critical systems are backed-up offsite Any data that would create huge issues if it vanished overnight should be backed-up off site. Any third-party cloud based data (such as CRMs) should also be backed-up. If this is not under your control, ask your vendor specifics about the back-ups that are taken. How are they stored? How often are back-ups made? Back-ups taken once every six months are no good! Take responsibility and make sure your data is properly backed-up.
Ensure cloud-based applications are properly secured With more cloud-based solutions available on the market, it's increasingly important to ensure proper security procedures are followed. Any cloud-based CRM database or email solution should employ two factor authentication or something equally secure for access.
Many system breaches happen when a user account is compromised, not the software itself. Some basic training for your staff about password safety and common email scams can help head off potential problems.
Up-to-date Anti-virus software on EVERY device Every device on your network should have an up-to-date and trusted antivirus software installed, set to auto update. This means paying for a subscription - AVG-Free is not going to cut it here.
Resources are always strained in the non-profit sector, but this is one area you cannot afford to cut corners on. A solid antivirus system will always cost less than a data breach.
This list should give you a jumping off point on the basics, but there is no substitute for expert advice . Setup a consultation with an IT provider you trust and make sure your organization is not the next cautionary tale.
David Saraiva - Partner at Donor Engine, a true all-in-one solution for non-profit organizations focusing on returning hundreds of hours of lost time to non-profit organizations. He can be reached at dave@donorengine.com
Note
Wasaga Beach ransomware attack
