Protecting Not-For Profits from cyber threats: It takes a village
There’s an old saying that raising a child takes a village. Supporting our not-for-profit sector, which does so much for Australians in need, also takes a village – and more than donations, keeping them running depends on specific expertise across multiple fields, including cybersecurity.
That’s because these organisations are just as much, and perhaps even more, in the crosshairs of unscrupulous hackers and cyber criminals, who know that the defenses of the not-for-profit (NFP) might be more easily breached than those of the well-heeled and well-protected private and public sectors.
While the way in which not-for-profit organisations work and the incentives driving them might be different from those of businesses, their security requirements are anything but. In fact, facing the same threats as everyone else but hobbled by limited resources, the one defining issue for this sector is it’s arguably heightened vulnerability.
This is exacerbated by operational reality. NFPs often depend on the support of donors and routinely run various promotions and fundraising initiatives. They put themselves out there – and there is a lot more out there than kindly donors.
That’s why Centrered applies the same rigour, attention to detail and thorough Essential-8 approach to not-for-profit security as we do to any of our ‘business’ clients.
Scoping the challenge
There’s an old saying that raising a child takes a village. Supporting our not-for-profit sector, which does so much for Australians in need, also takes a village – and more than donations, keeping them running depends on specific expertise across multiple fields, including cybersecurity.
That’s because these organisations are just as much, and perhaps even more, in the crosshairs of unscrupulous hackers and cyber criminals, who know that the defenses of the not-for-profit (NFP) might be more easily breached than those of the well-heeled and well-protected private and public sectors.
While the way in which not-for-profit organisations work and the incentives driving them might be different from those of businesses, their security requirements are anything but. In fact, facing the same threats as everyone else but hobbled by limited resources, the one defining issue for this sector is it’s arguably heightened vulnerability.
This is exacerbated by operational reality. NFPs often depend on the support of donors and routinely run various promotions and fundraising initiatives. They put themselves out there – and there is a lot more out there than kindly donors.
That’s why Centrered applies the same rigour, attention to detail and thorough Essential-8 approach to not-for-profit security as we do to any of our ‘business’ clients.
What we do for ALL our clients
Cybersecurity these days is ‘not negotiable’ much like seatbelt wearing. Accidents happen. Hacks happen. Being prepared for the worst means keeping yourself out of harm’s way.
With cybersecurity prevention is ALWAYS better than cure. The combination of ‘people, process and technology’ is a well-known formula for security, but as indicated by the findings of the State of the Sector report, there are serious deficiencies across all these cybersecurity pillars.
Notably, most of the technology for creating secure processes is incorporated directly into existing popular services like Microsoft 365. Sound security depends on appropriate configurations, along with process reviews particularly around sensitive activities like fundraising and money management.
More on the Essential 8
As mentioned, we use the Australian Signals Directorate’s Essential 8 as a baseline for security for all our clients, including those in the NFP sector. These 8 strategies are designed and delivered with ‘prevention’ in mind, and include:
- Application control
- Patch applications
- Configure Microsoft Office macro settings
- User application hardening
- Restrict administrative privileges
- Patch operating systems
- Multi-factor authentication
- Regular backups.
It’s a configuration challenge; along with user training (an absolutely crucial component in good cybersecurity practice), any organisation can reduce the possibility of falling victim to a cyber-attack.
Centrered values and the NFP
We believe in supporting those who need it most in our ‘village’, aligning with our core value of driving positive change and giving back. Supporting our NFP clients holds a special place in our hearts. It’s more than a business decision, as a reflection of our commitment to making a meaningful impact in our community.
We provide discounted pricing and tailored solutions ensuring NFPs enjoy secure and efficient tools empowering them to fulfill their missions of supporting those in our community who need help.
More case studies
Case Study: DJAS Architecture joins the Microsoft cloud
With a business-critical server approaching end-of-life, Canberra-headquartered DJAS Architecture looked to a growing relationship of trust with its managed services provider Centrered for advice and options for joining the Microsoft cloud.
Case Study: Wisdom Learning
Times change and so do technology requirements. When Canberra-headquartered training solutions provider Wisdom Learning found its IT provider stuck in the past, while it moves to a brighter future, it sought recommendations for a more modern, more strategic partner capable of roadmapping the way forward with modern technology and ways of working.
Case Study: Providence Consulting
Does IT have to be difficult? That was the question Providence Consulting found itself asking after a tortuous engagement with a legacy service provider which also had the gumption to charge like a wounded kangaroo.