The Monster of Cybersecurity

October 30, 2018

Today’s blog post is written by Hannah Neff, Payment Processing Transition Manager, PatronManager.

Halloween is the time of year when we celebrate everything spooky and, if your neighborhood is anything like mine, the fake spider webs, skeletons, and creepy clowns have been steadily increasing for weeks in preparation for the big night tomorrow! But it’s not just ghouls (and candy) that we should be thinking about right now — October is also National Cybersecurity Awareness Month.

Cybersecurity is the upbeat buzzword that encompasses everything that can be done to keep criminals out of our digital systems. As technology integrates into every facet of modern life and we create closer digital connections with our customers, we become trusted custodians of all the sensitive data we collect. You know as well as I that in order for your organization to function, let alone compete in this modern environment, you need to collect data on everyone your organization interacts with. But with that digital capability, comes the responsibility of safeguarding your patrons’ data. Not being cyber secure is far too much of a risk.

Oooooh, don’t get caught up in thinking that just because you’re a non-profit or not as big of a fish as the “Target’s” and “Equifax’s” of the world that you’re not attractive to cybercriminals. Smaller organizations and digitally-naive staff can be easy pickings for predators. In fact, according to the National Small Business Association, 44% of small businesses reported being victims of a cyber attack with the average associated cost being $8,699.48. If that statistic doesn’t frighten you, just take a look at this map showing cyber attacks happening in real time. Now that’s scary!

It may not have the thrill of braving a haunted house, nor the reward of a costumed kid pleading “Trick or Treat?”, but if you don’t have an up-to-date cybersecurity policy, the trick will be on you. As we reach the end of October and start swapping out those Halloween decorations for the holiday season, set aside some time to make sure your organization is protected against cyber threats. Here are five things you can do now (and throughout the year) to protect your organization’s data:

1. Review: What sensitive data do you have? Where is it?

First thing’s first — complete an audit of all the sensitive data you collect; personal, business, and classified information. Examples include bank account numbers, customer’s personal details, login credentials, credit card details, staff contact information, and corporate information.

Cybersecurity does not mean you have to impound all data like it’s in Fort Knox. What’s sensitive? Personally Identifiable Information, PII. What’s not? Love’s Beethoven, cat’s name is Fluffy.

Once you know what sensitive data is in your possession, figure out exactly where and how it is being stored. Do you centrally locate and protect sensitive data? Or, are users keeping various spreadsheets across different systems? How can you bring all that data together and make sure only those who need the information have access to it?

2. Invest in and implement strong technology solutions.

Now you know what you’ve got, let’s do some things to keep it safe!

Build big walls: Purchase and regularly update virus and malware protection. Go to the professionals! You wouldn’t expect IT consultants be able to perform a Shakespeare soliloquy at The Globe Theatre — neither can you be the experts in cybersecurity software. Remember that you can utilize secure cloud-based systems (like PatronManager) and file servers (like box.com), so staff can access data outside of the office without having to duplicate files on hard drives.

Devalue the data: Encrypt sensitive files. Utilize point-to-point encryption (P2PE) for all credit card transactions and ensure you are compliant with the PCI Data Security standards. (If your PatronManager system isn’t operating on the Bluefin Payment Processor reach out to us to switch to P2PE now!)

Keep up to date: Regularly update your operating system, apps, and web browsers, on all devices, to make sure you have the latest protection. Have a secure, automated system to back-up your data without even having to think about it.

Your superpowers here are secure data collation, user authorization, (strong) password protection, encryption and automation — use them wisely!

3. Educate yourself.

The digital world is an interconnected place — just like the real world — where your organization being cyber secure means the wider digital community has a better chance of staying cyber secure as well. And because of that, there is a lot of information and free resources out there — utilize them (after verifying them of course).

Additionally, with October being National Cybersecurity Awareness Month, there has been a big push of new materials over the past few weeks. Take the opportunity to sign up for the Department of Homeland Security’s Stop.Think.Connect national campaign for non-profit organizations and follow its blog for the latest information. Download the Stop.Think.Connect. Toolkit with tips, fact sheets, and shareable resources! Order a copy of the Federal Trade Commission’s “Start with Security: A Guide for Business” and make use of its free resources as well. We all learn things in our own way — if the first stop isn’t the right format for you, don’t get overwhelmed, try the next resource.

4. Educate your staff.

What good is it having state-of-the-art locks if the front door keeps being left open? You have now turned yourself into a rock-star of cybersecurity awareness, how can you convert everyone into vigilant data-protectors?

Start off on the right foot by inducting all new employees with a dedicated cybersecurity training session.

Keep the lessons easy on everyone — be the Mary Poppins of cybersecurity and make each spoonful of information sweet. Easily digestible nuggets of smart cybersecurity practices presented over a gradual timeline will be more effective than massive binders of technical policy dumped at each workstation. Make cybersecurity a regular agenda item at staff meetings and only present one concept each time.

Curate a staff cybersecurity refresher program annually (Hey, October sounds like a pretty good month for that!) and incentivize participation with simple rewards (i.e., office lunch, random gift card drawing, free tickets… Halloween candy anyone?!). Here at PatronManager, we’ve been becoming Cybersecurity Hero’s this month, participating in Wombat Security’s FREE resources for Cybersecurity Awareness Month.

5. Know that no system can be perfect

Crooks don’t play by the rules, and you can’t expect everyone to act perfectly all the time. Think in advance about what you need to do in the case of a data breach to minimize it. Have a defined, positive reporting system in place so staff will confidently know who to report possible data security breaches to without embarrassment. Be prepared with your incident response procedure and know where to report cybercrime.

Maintaining a comprehensive cybersecurity policy at your organization can prepare you for and protect against digital threats. If you don’t have one already, check out the FCC’s Small Biz Cyber Planner (or if you’re a PatronManager client, check out our template in the PatronManager Help Tab)!

Just as customers expect you to provide safe physical environments, they also have the right to expect you to take due diligence in securing their data. The financial cost and “loss-of-trust” risk to your organization is too great to let your cybersecurity standards slip. You can be sure the scammers and hackers out there aren’t going to stop developing innovative ways to break in.

So make it a priority now to make sure your organization’s cybersecurity is up to date. And once your data is secure from the monsters lurking out there, kick back and relax with that tub of Halloween candy and enjoy the scammers getting a taste of their own medicine!

The Monster of Cybersecurity

Suggested Blog Posts