Technology and its use have over the years evolved into an almost inevitable tool in the work we do. We have witnessed maximum effectiveness and efficiency in accomplishing tasks in our daily work routines and schedules which has led to high reduction of production time and cost.
However, as promising as technology might be for human life and organisation’s wellbeing, there are some potential risks and vulnerabilities that civil society organisations need to be aware of and manage through the adoption of right preventive mechanisms and strategies.
Most funding of civil society organisations in Africa comes from donors. It is therefore important to maintain trust in the management of these grants. Indeed, trust that can be jeopardised if sensitive information is compromised, stolen or lost. This may affect donations, which in turn would hurt the cause supported, fundraising efforts and image of the organisation. There is a need to nurture donor relationship, including ensuring that all information is strongly protected and secure, to establish a level of trust and credibility for organisations.
To ensure that a high level of trust is maintained and continuity of operations go uninterrupted, civil society organisations must keep safe from cyber-attacks and breaches.
Below, there are some best practices civil society organisations can adopt to minimise cyber threats and prevent cyber-attacks:
1. Securing your hardware
With so much attention given to acquiring the newest and most sophisticated types of cyber security software, safeguarding the security of the organisation’s hardware is often overlooked. It is important to note that the loss or theft of devices is a real threat to an organisation.
Begin your cyber-attack prevention strategy with the basics, i.e., safeguard your devices from theft, protect all devices with a strong password, do not share your passwords with anyone and commit it to memory instead of writing it down in an easily accessible place. Below, there are some password management tips that are worth considering:
· Use stronger password conventions: Combination of alphabets, symbols, and letters.
· Avoid sharing passwords with anyone, especially in emails and other messaging applications.
· Avoid using the same password for more than one account.
· Enable multi-factor authentication (MFA) on all accounts and hardware.
· Avoid saving your password in your browser at all costs. In place of this you can use a password management tool to manage all your passwords. Some examples include: LastPass, KeePass, 1Password, etc.
2. Data encryption and backup
An effective cybercrime protection strategy must consist of two elements: preventing physical access to sensitive data and rendering that data useless if it falls into the wrong hands. In simple terms, encryption is the process of using an application to conceal data by converting into a code that makes it inaccessible to unauthorised users.
Be sure to encrypt all sensitive data, including customer information, employee information and all business data. Also, periodic backups to both cloud and local storages (pen drives, external hard drives, file servers, etc.) that are totally isolated from any network is highly encouraged.
Some file encryption applications organisations can consider using include the following: BitLocker for Windows and Encrypto for Mac.
3. Use robust anti-malware and firewall software
Certain types of malware can work quietly in the background and only be detected by an anti-virus programme when it is too late to save your files. Effective anti-malware tools can catch and isolate software viruses when they strike, preventing these viruses from entering your database and causing damage to your files.
4. Use virtual private network (VPN)
A virtual private network gives you online privacy and anonymity by creating a private network from a public internet connection. VPN masks your internet protocol (IP) address, so your online actions are virtually untraceable.
In a VPN, the computers at each end of the tunnel encrypt the data at one end and decrypt it at the other.
In conclusion, taking care of your organisation's digital security is a never-ending task. It requires a lot of effort and commitment to be able to stay safe and secure. Civil society organisations need to raise awareness and involve everyone in the process to build an effective response and improve their safety and credibility in the digital world.
If you're interested in taking care of your digital safety and security, you can now register for our free, online self-paced course!