Are your staff or volunteers your organisation’s biggest security risk?

by | Mar 7, 2022 | Not for Profits

Despite the best technology defenses (next-gen firewalls and antivirus, advanced threat protection, mail washing,  web filtering, regular patching) infections and security events can still occur due to what is often the biggest risk – your people

People-risk is harder in not-for-profits because typically their people aren’t just staff – most not-for-profits also rely on hard working volunteers.

Those volunteers come in all shapes and sizes, with various levels of awareness and knowledge.  They often use their own home-IT for their volunteer work, and that can be as varied as the people themselves.  

How can you make sure all the people in your organisation are able to best defend themselves?

Social Engineering Protection

Whilst attacks that use “social engineering” have been around for a long time, they are now common-place and every business will be targeted.

It is no longer realistic to say “it won’t happen to me”. 

Attacks such as “Spear phishing” uses spoofed emails purporting to be from the CEO to convince a finance person to transfer money to an unintended recipient. They often know a lot about your company (e.g. who your key staff are, and if they are out of the country) and can be very convincing. As they are plain text, they cannot be blocked by technology.

Another common attack involves harvesting information and then sending very realistic invoices to your customers with a different bank account number.

Mitigating Risks

Regularly training of staff and volunteers on good security practices, and updating them on the latest security threats, can help mitigate the danger of security risks impacting your business. We have done this training for other clients via short presentations, e-Learning tools or via internal marketing campaigns using posters and email newsletters.

The other big thing that was a “nice to have” and is now a “must have” is two factor authentication for cloud services. This means that your people need to authenticate using a username and password, and then also approve the login using a mobile device. This is the best way to prevent hackers around the world from gaining access to your user accounts.

A Kinetics FlightPlan is the structured process to easily help you find the answers to these questions, and more.

For more information, contact us today.

If you aren’t sure who in your organisation is best to answer these questions, it is probably time you tried a contract part-time IT Manager, to help you manage ALL your valuable IT.

Check out our structured, programmatic “IT Manager as a Service” approach to help you.

Your First Name (required)
Your Last Name (required)
Your Email (required)
Telephone (required)
Your Message