What’s the most important asset you have?
What’s the most important asset your church or NFP owns/holds?
What is the most valuable information that your church or NFP has access to?
The recent high profile cyber security breach by one of our largest comms companies has highlighted yet again the vulnerability we all have to cyber activity.
“Well”, many people say, “we’re too small for us to be a target of hacking”.
Wrong! Such attitudes are an illusion.
Most people are content to maintain their list of passwords and PIN numbers and carry on regardless. Most organisations require employees and volunteers to use passwords and some use MFA’s – what are your protocols for these processes.
A friend has just told me of his experience.
He received a “flash” notice from his bank of a possible “bad or false” transaction on their accounts.
So, he also contacted his ISP and software support.
After a few hours on the phone to these agencies my friend found out that there was a pending transaction on their savings account to transfer a large amount to an account in another country.
Important background in this story:
- the amount was large for his family, but tiny for a large organisation
- the transaction was scheduled and had not yet happened, so the breach would not be obvious to him until much later
- a pending transaction is not obvious to most users, who generally deal with what has already happened (most households are cash accounting not accrual)
My friend was able to void the pending transaction, clear the balance of the target account to another account and type of account (cheque). This would stop and close the breach.
The family are so thankful for the recovery and learned their lesson to implement more effective controls.
There are the lessons for all of us and the organisations that we belong to.
The first essential lesson is that cyber attack/breach/hack can happen to anyone – there is no discrimination: small, individual, family church, non-profit, business any size.
The second point is that even though we maybe small we can be the gateway to other people or organisations in our “network” of connections.
The third point is that these incidents occur by/through stealth – we are all unaware and vulnerable.
This all means that we need to be alert and be prepared.
In our next blog we will cover some of the details to help you do what is required and reasonable to be alert and be prepared. We will cover:
What assets do we have – physical and digital?
What is required for protection?
How much security is enough?
What should we do now?
What measures should we have in place ongoing?