On 23/03/22, Bremmar and Microsoft Tech for Social Impact (TSI) collaborated on a webinar about Security for Not-for-Profit leaders.
During an information-packed presentation, NFPs from around Australia received practical steps on how to increase the security of their organisation by leveraging existing Microsoft 365 licensing.
Brenton Harris, Bremmar’s Managing Director and key presenter, ran attendees through the Essential 8 mitigation strategies recommended by the Australian Cyber Security Centre (ACSC) and explained key Microsoft 365 Business Premium products that cater for the baseline security recommended by the ACSC.
The content was easy to follow and non-technical, leaving attendees with lots to consider when implementing or improving their organisation’s security efforts. Here are the key takeaways of the event.
- Clarity on the security situation that NFPs are faced with at the moment.
- Tangible steps you can take to protect your organisation in line with Government Essential 8 framework
- How to leverage Microsoft 365 (and discounted NFP licensing) to deliver on the essential 8 framework
- Learn about a zero cost Security Assessment / Roadmap from Bremmar in collaboration with Microsoft TSI
The threat landscape for not-for-profits
The impact of security breaches for NFPs can be extremely severe as many non-profits collect and store data of vulnerable customers which are protected by law as confidential. When there is a data breach, that poses a risk for the individuals whose data was disclosed and for the nonprofit that will now potentially be subject to liability for the breach.
Key data breach impacts to NFPs:
- Reputation and trust
- Resources spent on crisis management
- Information breach
- Information loss
- Business interruption
- Costs to recover
- Legal costs
- Fines and penalties (if applied)
Main NFP security statistics
The Digital Technology in the Not-for-Profit Sector report, released in November 2021 by InfoExchange, which interviewed of 650 NFPs in AU / NZ highlights:
- 50% of NFPs haven’t MFA implemented
- 50% of NFPs don’t have effective organisational info security plans
At the same time, the Microsoft Digital Defence Report, released in 2021, also states:
- 70% no vulnerability assessment to understand risk exposure
- NFPs are the second most cyber targeted industry
- NFPs are a prime target, with access to sensitive data
Considering the importance of security for NFPs, the numbers above are alarming.
What are the highest security priorities for your organisation?
Attendees were asked the question and shared their experiences:
The Essential 8 mitigation strategies recommended by the Australian Cyber Security Centre (ACSC)
What do they mean?
- App Control: Restricting what apps can be opened by users.
- Patching Apps: Making sure apps are up to date and any known security holes are patched.
- Macros: Limiting impact that could be caused by a malicious macro.
- App Hardening: Selecting the optimal web browser for your organisation and ensuring only secure versions of apps can be run (i.e., PDF readers and email clients).
- Patch OS: Having a supported OS with the latest updates.
- MFA: Don’t be only reliant on passwords. Add an extra step of identification when logging in – particularly when using a different device/location.
- Restrict Admin Privileges: Avoid providing more access to users than needed.
- Daily Backups: If all else fails, make sure you can at least get critical data and operating settings back.
How can Microsoft 365 help with the Essential 8 baseline security?
Microsoft 365 has become a strong, comprehensive, and viable security option for NFPs, especially since Microsoft Defender for Endpoint and Microsoft Defender for O365 were added to the stack at no extra cost.
Not-for-profits can now cover all their basic security requirements through an integrated platform that is constantly updated and delivers centralised reporting.
Microsoft 365 provides a single pane of glass for security, and it is a cost-effective solution for NFPs as it makes some third-party tools, such as antivirus, redundant.
Where to go from here?
Bremmar, in collaboration with Microsoft TSI, is currently offering a free security assessment and roadmap for Not-for-Profits to help you quantify how Microsoft 365 can help your organisation save costs and improve digital security.
This offer uses a tool that is usually valued at $1400 dollars, and it provides a snapshot of your current security, reviews your environment for vulnerabilities, and finds gaps to address those vulnerabilities. The findings are presented in a workshop with Bremmar where, together, we’ll help you define your 3 security priority initiatives.