Some Basic Computer Security Practices To Keep Your Non-Profit Data and Employees Safe
There are all sorts of danger lurking on the Internet, whether it’s through a bogus email attachment, a link that was accidentally clicked, or a visit to an infected website. There are dangers within the organization as well. These are commonly referred to as “Insider Threats”.
Here are some computer security practices you can implement to protect the data and employees of your non-profit organization.
-
Regularly scan computers for spyware
Spyware or adware hidden in software programs may affect the performance of the organization’s computers and give attackers access to sensitive data.
Make sure you use a legitimate anti-spyware program to scan computers and remove any of these files. Many anti-virus products have incorporated spyware detection.
-
Keep software up to date
Install software patches so that attackers cannot take advantage of known problems or vulnerabilities.
Many operating systems offer automatic updates. If this option is available, you should turn it on.
If updates and patching is too tedious for you and your organization, you can outsource the task to a service provider. You can see details of what patch management covers here.
-
Evaluate software’s settings
The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer.
It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.), and the settings of routers and switches.
Apply the highest level of security available that still gives you the functionality you need.
-
Avoid unused software programs
Do not clutter your computer with unnecessary software programs. If you have programs on your computer that you do not use, consider uninstalling them.
In addition to consuming system resources, these programs may contain vulnerabilities that, if not patched, may allow an attacker to access your computer.
-
Consider creating separate user accounts
If there are multiple users for a particular computer, you may be worried that someone else may accidentally access, modify, and/or delete your files.
Most operating systems (including Windows, Mac OS X, and Linux) give you the option of creating a different user account for each user, and you can set the amount of access and privileges for each account.
You may also choose to have separate accounts for your work and personal purposes. While this approach will not completely isolate each area, it does offer some additional protection.
However, it will not protect your computer against vulnerabilities that give an attacker administrative privileges.
Ideally, you will have separate computers for work and personal use; this will offer a different type of protection.
-
Establish guidelines for computer use
If there are multiple people using your computer, especially children, make sure they understand how to use the computer and internet safely. Setting boundaries and guidelines will help to protect your data.
-
Use passwords and encrypt sensitive files
Passwords and other security features add layers of protection if used appropriately.
By encrypting files, you ensure that unauthorized people can’t view data even if they can physically access it.
Another computer security practice you may also want to consider are options for full disk encryption. This prevents a thief from even starting your laptop without a passphrase or password.
When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
-
Create and follow corporate policies for handling and storing work-related information
If a computer is used for work-related purposes, make sure users follow any corporate policies for handling and storing the information.
These policies were likely established to protect proprietary information and customer data, as well as to protect employees and the organization from liability.
Even if it is not explicitly stated in a corporate policy, it is best practice to avoid allowing other people, including family members, use a computer that contains corporate data.
-
Dispose of sensitive information properly
Simply deleting a file does not completely erase it. To ensure that an attacker cannot access these files, a good computer security practice is to make sure that you adequately erase sensitive files.
-
Follow good security habits
References:
US-CERT – Alert (TA14-295A) Crypto Ransomware – https://www.us-cert.gov/ncas/alerts/TA14-295A
