Opinion: How can NFP’s protect their organisations from cyberattacks?
Share
The past year has shown that organisations in the not-for-profit sector are just as vulnerable to cyberattacks as any other organisation is. In celebration of Safer Internet Day, here are five common online safety mistakes to avoid to keep your organisation safe.
- Not using Multi-Factor Authentication (MFA) wherever it’s available
Using MFA is the most significant step individuals and organisations can take to protect themselves and their organisations from compromise and cyberattacks. MFA blocks 99.9% of unauthorized login attempts/account compromise attacks (Microsoft, 2019). Despite this, Infoxchange’s 2022 Digital Technology in the Not-For-Profit Sector report (‘the tech report’) found that more than 1 in 3 not-for-profit organisations are yet to implement MFA.
- Poor password management
Too many internet users use poor passphrases or are reusing passphrases across multiple sites. Many do this out of fear of forgetting a multitude of passwords. A good solution for this is to use a password manager such as Dashlane (available to registered NFPs from Infoxchange’s Connecting Up at a discounted rate.)
- Not being sceptical about scams
A level of scepticism about potential scams through all e-mail, SMS messages and unsolicited phone calls is wise. If they appear to be from a reputable organisation or they ask you to click on a link or provide personal information always think twice. Other ways to check the authenticity are to check the legitimacy of the email address or to check in with your organisation/IT manager about the contact.
Related: Infoxchange and Connecting Up merge to serve more communities
- Not keeping computers, smartphones, tablets and apps up to date
Most people ignore the pop-ups letting them know that apps and devices are not up to date. These updates often include new defence mechanisms against new or emerging bugs or glitches. The updates are often driven by companies who have found a vulnerability and want to protect their customers. Instead of ignoring the update notification, ensure automatic updates are turned on and allow them to update.
- Not using reputable antivirus/anti-malware protection on computers
This is most relevant to organisations, but if users are spending a lot of time online or have extensive personal information to protect, consider investing in this software. Windows 10/11 has Windows Defender built in, and BitDefender available from Connecting Up can also provide protection against phishing and other malicious web links.
Safer Internet Day is celebrating its 20th year in 2023 with a theme of ‘Connect. Reflect. Protect.’
Related: Infoxchange welcomes new Chair of the Board
David Spriggs is CEO of Infoxchange; an organisation that makes and manages technology for social justice. He is passionate about creating a more digitally inclusive society and the role technology can play in improving the efficiency and effectiveness of the not-for-profit sector. David is also chair of the Australian Digital Inclusion Alliance and a board member of Specialisterne Australia.