it security for nonprofits 101

24
An Introduction IT Security for Nonprofits 101

Upload: seanericwatson

Post on 04-Jul-2015

190 views

Category:

Technology


0 download

DESCRIPTION

An introduction to IT security for Nonprofit organizations

TRANSCRIPT

Page 1: IT Security for Nonprofits 101

An Introduction

IT Security for Nonprofits 101

Page 2: IT Security for Nonprofits 101

Ove

rvie

w o

f Se

ssio

n1. Introductions2. The Security Landscape3. 7 Easy Steps to Be More Secure4. Resource Sharing5. Q/A

Questions Sprinkled Throughout

Page 3: IT Security for Nonprofits 101

Intr

od

uct

ion

s1. Name2. Organization3. Mission4. Approx. Number of Staff5. Why are you here?

• Get some idea of what security is about• It’s something I need to know about• Other reason?

Page 4: IT Security for Nonprofits 101

User Oriented Levels of Security

Web

Cloud

Network (WAN)

Network (LAN)

Workstation + Mobile

Page 5: IT Security for Nonprofits 101

Bal

anci

ng

Ne

ed

sSecurity is all about Balance

The Iron Triangle• Cost• Time• Quality

Main Factors for Most Groups

• Limited Budget + Lack of Awareness• Forget to sharpen the saw• No good sources for information

Page 6: IT Security for Nonprofits 101

What has your experience been with balancing needs?

Question

Page 7: IT Security for Nonprofits 101

Ove

rvie

wSeven Steps to a More Secure Organization

1. Keep All Software Updated2. Get Enterprise Antivirus3. Cultivate Aware Users4. Balance Privacy, Security, and Productivity5. Know Your Compliance Needs6. Establish a Strong Password Policy7. Stay Informed

Page 8: IT Security for Nonprofits 101

1. K

ee

p S

oft

war

e U

pd

ate

dWorkstation Software Updates

• OS (Windows, Mac OS X)• Microsoft Office• Adobe (Acrobat, Flash, Air)• Browsers (Chrome, Firefox, IE)• Email Client (Outlook, Thunderbird)• Anti-Virus/Anti-Malware/Anti-Spyware• iTunes and Device Firmware• Remote Access/VPN

Page 9: IT Security for Nonprofits 101

1. K

ee

p S

oft

war

e U

pd

ate

dServer Software Updates

• BIOS• Device Drivers (Especially RAID)• Windows Server• Exchange Server (Email)• SQL Server (Database)• Endpoint Protection (such as Symantec)• Backup Software (such as BackupExec)• Proprietary Systems

Page 10: IT Security for Nonprofits 101

How does your team handle updates?

Question

Page 11: IT Security for Nonprofits 101

2. G

et E

nte

rpri

se A

nti

viru

sTechsoup – Symantec Endpoint Protection

• $5/system• Server-based Management Option• Integrates with BackupExec• Anti-virus• Anti-malware• Anti-spyware• Firewall (Software)• Protect ALL Systems (Incl. Volunteer, etc)

Page 12: IT Security for Nonprofits 101

What is your anti-virus experience? Product story?

Question

Page 13: IT Security for Nonprofits 101

3. C

ult

ivat

e A

war

e U

sers

Everyone is responsible for security!

• Know your software• Read prompts, don’t just click Ok• Installation Approval Process• Dangers of USB Drives, Mobiles, iPods, etc• Explain why, not just how and what• Recruit your tech savvy users to help• Encourage them to speak up!

Page 14: IT Security for Nonprofits 101

How does your organization cultivate an aware team?

Question

Page 15: IT Security for Nonprofits 101

4. P

riva

cy, S

ecu

rity

, Pro

du

ctiv

ity Balance is the key to Security

• Be Real - If it ain’t used, it don’t work!• Be Honest – Tell users what to expect• Privacy – Tell users what you monitor• Balance Risk Prevention vs Recovery• Address Complaints with solutions

Page 16: IT Security for Nonprofits 101

What are your privacy concerns (org and individual)?

Question

Page 17: IT Security for Nonprofits 101

5. C

om

plia

nce

Know Your Compliance Needs

• PCI (Payment Processing)• HIPAA (Medical Information)• SAS70• SSAE16• Funder/Grant Requirements

Page 18: IT Security for Nonprofits 101

6. S

tro

ng

Pas

swo

rd P

olic

ySecure Passwords:• At least 8 characters• At least one each of:

• Uppercase Letter• Lowercase Letter• Number• Symbol (!@#$%^&*())

Example: P@ssw0rdsSuck!

Page 19: IT Security for Nonprofits 101

6. S

tro

ng

Pas

swo

rd P

olic

yUse a password database for ease• KeePass (Free and Open Source)• SplashID (Syncs between devices)

Use browsers to store passwords• Set master password• Only on your system (which is password

protected)

Protect your systems and devices

Page 20: IT Security for Nonprofits 101

Question

What tips can you share for password success?

Page 21: IT Security for Nonprofits 101

7. S

tay

Info

rme

dTop Resources for Security Information

• NTEN• US CERT• Symantec• Techrepublic• Techsoup Security Forum*• http://501cybersecurity.com/*• EDUCAUSE*

* Thanks to Robert Weiner for these resources

Page 22: IT Security for Nonprofits 101

Question

What resources do you recommend?

Page 23: IT Security for Nonprofits 101

Qu

est

ion

s, A

nsw

ers

, Dis

cuss

ion

Questions?

Page 24: IT Security for Nonprofits 101

Sean Watson

[email protected]