keep up with the demands of it security on a nonprofit budget
TRANSCRIPT
Encompass Group, LLC
Keeping up with the
demands of IT Security on a
nonprofit budget.
www.encompassgroupllc.com
Tyler Village 3615 Superior Avenue, Suite 3103F Cleveland, OH 44114 216.539.0100
Who are we to talk?
2
enCompass is a team of business and
compliance technologists providing Managed IT
Services to regulated organizations, with a
concentration on:
Financial Industry
Healthcare
Nonprofits
3
Brandon ShawManaging Partner, Lead Engineer 18 years industry experience Consulted for many SMB’s,
public school systems, Government branches, Senatorial campaigns and even a Presidential campaign
Just received his Pilot license
Mary Katherine DonnellyBusiness Development Director Background in IT Product
Marketing & Enterprise Sales to Fortune 500 companies
Director of a DC nonprofit, marketing Director for a local nonprofit, and Chair of the Board for local YMCA
Is NOT a pilot
Experience
4
*Source: The Global State of Information Security® Survey 2016
The State of IT Security
5
The State of IT Security
6
5 Points about Mobile and BYOD
1
2
3
4
5
Source: Crowd Research Partners: BYOD and Mobile Security 2016 report
Increased mobility, satisfaction and productivity are the top drivers of BYOD.
Security and employee privacy are the biggest inhibitors of BYOD.
1 in 5 organizations suffered a mobile security breach, primarily driven by Malware and malicious WiFi
BYOD Security threats pose heavy burdens on IT resources and help desk workloads
Despite all this, only 30% of organizations are increasing security budgets for BYOD in the next 12 months
7
Nonprofit Challenge(s)
Boards (Process and Approval)
Regulatory Environment
Government
Healthcare
Protecting the data of both those you
serve and those who donate
Volunteers access to data
8
Nonprofit Other Challenges
9
Where Your IT Security Should Be Today to be Ready for Tomorrow
THREAT SOLUTION
Viruses Centrally Managed AntiVirus
RansomWare User Education/Training, Backups
Unauthorized Network Access Firewalls, Penetration Testing & Vulnerability Scans, IDPS
BYOD Clear Policy, MDM
Disaster Planning Backup and Recovery, onsite and offsite
Internal – accidental or malicious Written policies and procedures, training, device control
Theft/Loss Mobile Device Management, centrally managed encryption
Hackers IDPS, Encryption
Out of Date Software Patch Management
“Rogue” Downloads User access and privileges, non-critical application patches
10
Layered Security
1. Patch your systems
2. Educate your users
3. Backup files
4. Invest in layered security
Firewalls AntiVirus AntiMalware IDPS
Device Control
Security Tools
Email Encryption MDM
11
Firewalls/Antivirus/AntiMalware Malware is a broad term used to describe all
sorts of malicious software including viruses,
spyware, trojans, worms, and more.
Anti-virus prevents and gets rid of viruses by
preventing harmful software from installing and
damaging your computer; protects and detects
when a file has some kind of malicious
behavior and prevent it from executing.
A firewall controls network traffic
acting as a filter between the
internet and your
network servers.
12
IDPS
Intrusion Detection System
Intrusion Prevention System
Capable of stopping first packet of an attack
Analyzes traffic for anomalies
Issues alarms when attack occurs
Sits directly in line of network traffic
VISIBILITY & CONTROL
13
Device Control
Restricts user access to devices by access
rules:
• data storage media
• removable devices
• CD/DVDs
• modems
• external network adapters
• printers
• multi-function peripherals
• USB
Before investing, see if your AV Solution has
Device Control (also called Access Control)
14
Mobile Device Management
15
Email Encryption
There are many different types of
email encryption, but one gaining
popularity due to simplicity and
cost structure is Office 365
Message Encryption:
Fill regulatory requirements
Policy based encryption
First building block in a Data
Loss Prevention strategy
16
Office 365 for NonprofitsMany of the products and tools we discussed are either free or heavily discounted as part of Office 365: https://products.office.com/en-us/nonprofit/office-365-nonprofit-plans-and-pricing#seemore
Rule of thumb: 8-10 people
Chronic problems occur (unable to access
email, network outages, etc.)
Cybersecurity attack
17
When Your Nonprofit Outgrows Homegrown IT
$2500-$4000/mo:
average salary for
dedicated IT staff
$750/mo average for
Managed IT Services in
10 person office*
*Source: TechSoup
18
enCompass Would Like to be Your Partner in IT Security…
ExperienceManaged IT Services and Support in Northeast Ohio and Nationwide for 10+ years, gaining the trust of our client base with every interaction.
ComplianceWe take a comprehensive approach to IT operations so our clients feel confident that IT is under control, risk is managed and regulations are met.
BudgetWe strive to strike just the right balance between the business requirements that drive results and the budget constraints faced by nonprofits.
Exceptional Client ExperienceAt each interaction point:• Ownership• Clear Expectations• Friendly & Personable Service• Bigger Picture Reference
Encompass Group, LLC
Brandon Shaw
www.encompassgroupllc.com
Tyler Village 3615 Superior Avenue, Suite 3103F Cleveland, OH 44114 216.539.0100
Mary K. Donnelly