Johan Hammerstrom and experts Johanny Torrico and Steve Longenecker discuss tech tips to support nonprofits going back to the office or continuing to work remotely. We address two main aspects of remote staff, office staff reintegration.
Is your nonprofit working all remote, all back to a physical office, or a hybrid blend?
We touch on technology tips and best practices for several “back to the office” scenarios – we know the nonprofit community is never one-size-fits-all.
Community IT knows our sector already has considerable experience in many remote working/hybrid scenarios. This conversation covers existing and new best practices.
Does your nonprofit have in place the policies and security you need to support your new reality?
Update your written technology policies to incorporate new practices
Budget and plan to support new processes and platforms
Review your cybersecurity stance and (re)train your users on security best practices. Hackers have a lot of time on their hands at the moment, and are adjusting rapidly to new vulnerabilities. We don’t want a preventable security issue to be your next headache.
6. Agenda
Remote Work Best Practices
Cybersecurity Landscape
Good Cybersecurity Practices
Reintegrating work
7. Remote Work Challenges
Management / reporting harder
Remote work opens up security holes
Difficult to access specialized applications
Proactive planning pays off
8. Remote Work Best Practices
Leverage the cloud
De-centralized equipment
Centralized management
Video and chat to stay in touch
10. Video & Chat
Orgs already have
secure tools
available to them
Microsoft Teams
Google Meet
Orgs with significant
Privacy and Security
concerns
Wire
Signal
Jitsi
Using Zoom?
Update your
client
Follow good
meeting security
practices
11. Includes Video
Conferencing
• Google Meet
• https://support.google.com/a/users/answer
/9282720?hl=en
• Microsoft Teams
• https://communityit.com/microsoft-teams-
for-nonprofits/
12. Zoom Video
Conferencing
• Easy to use
• Great for peer to peer collaboration
• Follow best practices for keeping meeting
secure
• https://communityit.com/nonprofit-
cybersecurity-tips-zoom/
• Mixed record on privacy and security
13. CYBERSECURITY LANDSCAPE
Persistent and ongoing
brute force attacks on
identities
Sophisticated spear
phishing
Organizations targeted
because of the work
they do
Attacks targeting
vendors
14. CYBERSECURITY LANDSCAPE
New security tools available
to combat new threat types.
Organizations more
proactive about asking
where to start improving
their cybersecurity.
60% of Nonprofits don’t
know how their org handles
cybersecurity risk.
Breach response for a small
to medium business is
$149,000
15. Security Risks
– Remote
Work
• Opens up more remote access with single factor
authentication
• Remote Desktop Server
• VPN
• Work devices being used by family
• Personal devices used for work
• Increase in targeting phishing
• New apps needed to stay connected
16. Important
Security
Practices
• Update your computers (reboot weekly)
• Make sure your data is backed up
• Enable Multi Factor Authentication
• Use a password manager
• Enroll in Security Awareness Training
• Use organization provided systems
17. Reintegrating
Remote Work -
Data
• Communicate systems of record
• Rein in data sprawl
• Move data from personal to organizational
systems
• Incorporate new systems
• Train the trainer
• Ensure systems meet org policies
18. Reintegrating
Remote Work -
Devices
• Make sure systems up to date with patches
• Make sure systems are clean
• Update / remove controls associated with shared use
• Update / rotate local admin credentials
19. Reintegrating
Remote Work -
Policy
• Revisit Business Continuity Plans
• What worked
• What needs revised
• Revisit IT Policy
• Incorporate new scenarios
• Revise to address changing business landscape
• Update IT Planning
• Accelerate cloud centric computing
• Plan for more mobile workforce
• Invest in tools to manage distributed computers
Access to specialized applications
Fundraising/Donor databases
Accounting software
SL - Getting IT Support can be harder.
Access to specialized applications
Fundraising/Donor databases
Accounting software
SL - Clients in best shape are the ones that have already converted over to the cloud and have settled on the laptop as the standard company-provided device given to users. By choosing company-provided over BYOD, the centralized management is much easier and ownership of data (less data leakage) is clearer.
SL – Meetings used to be a break from screens. In a remote work environment they are not. So one of the unspoken benefits of meetings is taken away. It probably means there should be fewer meetings and the purpose of meetings should be well-defined.
SL – Because there are no built-in breaks from screens, flexible schedules are really beneficial if operational requirements can allow for it.
Define Spear Phishing - the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information. Can be one technique of Business Email Compromise the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
Organizations Targeted – because of lists and donors
SL – Cybersecurity INSURANCE is getting to be more and more of a requirement?
Get Mary to talk about her experience with Security Awareness Training
MFA https://communityit.com/nonprofits-should-require-multi-factor-authentication-mfa-three-reasons/
Our big picture guide is https://communityit.com/nonprofit-cybersecurity/
Look at IT Policy
Identify systems of records
- Example of now using Dropbox, or Slack. How to
What are the requirements?
Support MFA
Have strong data privacy
Able to backup
Ensure data ownership
Ensure auditing / reporting