Download - IT Security for Nonprofits 101
An Introduction
IT Security for Nonprofits 101
Ove
rvie
w o
f Se
ssio
n1. Introductions2. The Security Landscape3. 7 Easy Steps to Be More Secure4. Resource Sharing5. Q/A
Questions Sprinkled Throughout
Intr
od
uct
ion
s1. Name2. Organization3. Mission4. Approx. Number of Staff5. Why are you here?
• Get some idea of what security is about• It’s something I need to know about• Other reason?
User Oriented Levels of Security
Web
Cloud
Network (WAN)
Network (LAN)
Workstation + Mobile
Bal
anci
ng
Ne
ed
sSecurity is all about Balance
The Iron Triangle• Cost• Time• Quality
Main Factors for Most Groups
• Limited Budget + Lack of Awareness• Forget to sharpen the saw• No good sources for information
What has your experience been with balancing needs?
Question
Ove
rvie
wSeven Steps to a More Secure Organization
1. Keep All Software Updated2. Get Enterprise Antivirus3. Cultivate Aware Users4. Balance Privacy, Security, and Productivity5. Know Your Compliance Needs6. Establish a Strong Password Policy7. Stay Informed
1. K
ee
p S
oft
war
e U
pd
ate
dWorkstation Software Updates
• OS (Windows, Mac OS X)• Microsoft Office• Adobe (Acrobat, Flash, Air)• Browsers (Chrome, Firefox, IE)• Email Client (Outlook, Thunderbird)• Anti-Virus/Anti-Malware/Anti-Spyware• iTunes and Device Firmware• Remote Access/VPN
1. K
ee
p S
oft
war
e U
pd
ate
dServer Software Updates
• BIOS• Device Drivers (Especially RAID)• Windows Server• Exchange Server (Email)• SQL Server (Database)• Endpoint Protection (such as Symantec)• Backup Software (such as BackupExec)• Proprietary Systems
How does your team handle updates?
Question
2. G
et E
nte
rpri
se A
nti
viru
sTechsoup – Symantec Endpoint Protection
• $5/system• Server-based Management Option• Integrates with BackupExec• Anti-virus• Anti-malware• Anti-spyware• Firewall (Software)• Protect ALL Systems (Incl. Volunteer, etc)
What is your anti-virus experience? Product story?
Question
3. C
ult
ivat
e A
war
e U
sers
Everyone is responsible for security!
• Know your software• Read prompts, don’t just click Ok• Installation Approval Process• Dangers of USB Drives, Mobiles, iPods, etc• Explain why, not just how and what• Recruit your tech savvy users to help• Encourage them to speak up!
How does your organization cultivate an aware team?
Question
4. P
riva
cy, S
ecu
rity
, Pro
du
ctiv
ity Balance is the key to Security
• Be Real - If it ain’t used, it don’t work!• Be Honest – Tell users what to expect• Privacy – Tell users what you monitor• Balance Risk Prevention vs Recovery• Address Complaints with solutions
What are your privacy concerns (org and individual)?
Question
5. C
om
plia
nce
Know Your Compliance Needs
• PCI (Payment Processing)• HIPAA (Medical Information)• SAS70• SSAE16• Funder/Grant Requirements
6. S
tro
ng
Pas
swo
rd P
olic
ySecure Passwords:• At least 8 characters• At least one each of:
• Uppercase Letter• Lowercase Letter• Number• Symbol (!@#$%^&*())
Example: P@ssw0rdsSuck!
6. S
tro
ng
Pas
swo
rd P
olic
yUse a password database for ease• KeePass (Free and Open Source)• SplashID (Syncs between devices)
Use browsers to store passwords• Set master password• Only on your system (which is password
protected)
Protect your systems and devices
Question
What tips can you share for password success?
7. S
tay
Info
rme
dTop Resources for Security Information
• NTEN• US CERT• Symantec• Techrepublic• Techsoup Security Forum*• http://501cybersecurity.com/*• EDUCAUSE*
* Thanks to Robert Weiner for these resources
Question
What resources do you recommend?
Qu
est
ion
s, A
nsw
ers
, Dis
cuss
ion
Questions?
Sean Watson