CSO Cybersecurity: Ten Best Practices
Since CSOs typically have insufficient budgets for information security and use older technologies, they are easy targets for attacks, and attacks tend to have outsized impact on their mission, according to the Forbes Tehnology Council and Devex Partnerships.
More specifically, CSOs are especially vulnerable to viruses and other malicious software, email phishing, encryption or theft of employee or customer data for ransom with the threat of releasing it (including breaches of third-party vendors), natural disasters and attacks by hacktivists or state-sponsored actors. Also, CSOs may not realize they can be subject to civil or criminal penalties—as well as reputational damage—for unauthorized information disclosures. What can CSOs do to address these concerns? Based on recommendations by the Forbes Council and Devex Partnerships, we suggest CSOs follow these ten best practices:
1) Deploy multifactor authentication, which blocks 99.9% of all attack attempts
2) Use up-to-date collaboration and email systems, apply critical security patches quickly
3) Evaluate elevated risks at the board level so that appropriate resources are allocated
4) Stay current on advice to CSOs for further protection
5) Build a culture of security in the CSO
6) Share data about the attacks with Information Sharing and Analysis Centers (ISACs) to help protect the independent sector (following on the financial and health care sectors)
7) Encourage website visitors to follow privacy and security best practices
8) Train employees on security best practices and monitor login activity for unusual patterns
9) Keep your firewall software (open-source or commercial) updated
10) Encrypt sensitive information such as donor info, credit card numbers, as well as web traffic (by using an HTTPS website or purchasing a certificate from an authority)
Ideally, CSOs would receive unrestricted, overhead funding for cybersecurity investments. However, since CSOs trely on trust to fundraise, protecting their data within their existing budgets should be a priority.