Keeping current with what’s happening in the world of cybersecurity can be a daunting task for many. Here are some things you should be aware of now to help keep your ministry safe.
What’s New?
Microsoft recently launched its Security Program for Nonprofits, a set of security offerings, built to complement Microsoft’s security suite, to provide proactive monitoring and notification, assess organizational and infrastructure risk, and streamline security training for IT professionals and end-users.
Justin Spelhuag, Vice President of Tech for Social Impact of Microsoft Philanthropies, writes, “We’ve seen an incredible number of crises arise and persist over the past year – ranging from the global to the deeply personal. Nonprofit organizations have been a lifeline to some of our most vulnerable communities, engaging with complex needs and working to make a difference.”
He goes on to say, “But nonprofits themselves are increasingly at risk due to a worldwide rise in cybercrime. While this impacts all sectors and organizations, nonprofits are often perceived as vulnerable because they may not have adequate resources to safeguard the data they need to operate – impacting everyone from donors to program participants to volunteers.”
Microsoft’s objective is to support 10,000 organizations in the first year, with a three-year goal of providing these services to 50,000 organizations worldwide.
Here are the services qualifying organizations can leverage as part of this new program:
- AccountGuard for Nonprofits: The AccountGuard program notifies organizations when their Microsoft 365 organizational accounts, or the Outlook and Hotmail personal accounts of staff and board members are targeted or compromised by sophisticated nation-state actors. Microsoft is offering AccountGuard to all eligible nonprofits at no additional cost. Eligible organizations can learn more and get started by claiming the offering in their nonprofit hub.
- Free security assessments: Microsoft is offering free security assessments to nonprofit organizations to help them better understand the vulnerabilities in their existing endpoints, identity access, infrastructure, network and data with the objective of supporting and prioritizing an immediate action and remediation plan to better protect their environment from any imminent risk with support from Microsoft’s partner ecosystem. To sign up for an assessment sign up here.
- Free training pathways for IT administrators and end-users: Microsoft has cultivated training pathways to streamline the top recommended trainings for nonprofits, regardless of role. Employees from any background now can learn the latest strategies to protect themselves from online scams and attacks, and work from home more securely. IT administrators have access to the Security Skilling Hub and Microsoft 365 Administrator’s Security Toolkit, all available through the Security Program for Nonprofits page.
What’s Not New (But Still Relevant)?
Cybersecurity awareness training for staff and volunteers is still the number one defense against a cybersecurity attack because social engineering, a threat that involves human interaction (like clicking a link or opening an attachment) to obtain or compromise information, is still the top tactic used by cyber criminals in cybersecurity attacks.
Cybercriminals may not be targeting your organization specifically, but they are targeting the donor data and information you store and process. It is unlikely, that a cybercriminal is proactively targeting your church or nonprofit, but the automated tool they use to roam the internet, seeking who it may devour, is no respecter of person…or organization. While you may not be a target, you could become a victim if your staff and volunteers are not properly trained.
Reciprocity can greatly reduce the financial investment churches and other nonprofit organizations invest in cybersecurity training.
The great thing is there is immense opportunity for reciprocity when it comes to cybersecurity awareness training. For instance, if the part-time youth director at your church receives cybersecurity awareness training from their employer, it would be less likely the church would need to pay for training for the youth director again. The youth director could simply provide proof of training and cybersecurity awareness training credit could be granted.
For More Information:
- Read Strengthening Cyber Defenses for Nonprofits by Justin Spelhaug
- Learn more at Microsoft’s Security Program for Nonprofits page
- Security Awareness Program Development at Ministry Cyber Professionals
Johnathan Barnes serves as Chief Ministry Cyber Professional (MCP). He is a cybersecurity subject matter expert and holds the following cybersecurity certifications: Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), Certified Information Security Manager, and Certified Information Systems Security Professional (CISSP). Johnathan is the Executive Director of Virtual Ministry Assistants, a consultant with Ministry Architects, and adjunct cybersecurity instructor for Augusta Tech Cyber Institute located at the Georgia Cyber Center.