Happy Friday my friend,
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with various Federal agencies has created a comprehensive guide for organizations that handle sensitive data, such as medical and financial records, but operate on tight budgets.
This guide is specifically designed for civil society organizations (CSOs), including NGOs, advocacy groups, and charitable, professional, and faith-based organizations. But, your company can benefit from it too!
CSOs and their staff face a high risk of being targeted by malicious cyber actors but often lack the necessary defense capabilities, internal IT support, and essential cyber hygiene practices to adequately protect themselves. That being said, you can affordably follow some of their recommendations to improve your cyber posture.
The guide, Mitigating Cyber Threats with Limited Resources: Guidance__for Civil Society is marked TLP:CLEAR, so feel free to read and distribute.
The Takeaway
The guide has some really sound advice. I read and summarized their recommendations to keeping your company safe without breaking the bank:
1) Regular Updates. Keep software and operating systems up-to-date.
2) MFA and Strong Passwords. Implement phishing-resistant multi-factor authentication and use strong passwords.
3) Account Management. Regularly audit and disable unused accounts and apply the principle of least privilege.
4) Vendor Selection. Choose vendors that follow secure-by-design practices.
5) Incident Response. Develop and exercise incident response and recovery plans.
6) Cybersecurity Training. Educate on phishing, email security and password management.
7) Limit Public Exposure. Be cautious with information shared online and encourage spread the word among your contacts.
8) Verify Contacts. Confirm identities to avoid social engineering, especially when there's money involved.
9) Use Encryption. Protect communications with encryption, for example using a VPN on public wifi and sending sensitive documents using email encryption or secure links from a 3rd party service such as Google Drive, Dropbox or OneDrive.
10) App Management. Use trusted app stores, vet apps, and restrict permissions. Make sure the apps you download don't have access to parts of your phone it doesn't need such as microphone, camera, calendar and contacts.
These recommendations could significantly enhance your organization's cybersecurity posture, effectively reducing the risks posed by state-sponsored actors and other threats.
Have questions? Feel free to reach out, we can help.
Stay safe out there. -A
New Friday Funnies
What's it called when an Egyptian scams you?
A pyramid scheme.