Attending the NonProfit focused Cybersecurity Resilience Roundtable Luncheon hosted by AXELOS/AFP was interesting and informative.
1) An organization cannot be 100% protected.
2) Every organization needs guidelines for prevention and to educate individuals regarding what they can do to improve cybersecurity resilience.
3) When an attack happens it is of utmost importance to maintain public trust. Every organization needs a crisis management plan that includes:
a. Communication plan
b. Containment plan
c. Triage plan
4) Nonprofit leadership groups can work jointly to raise awareness and increase the level of resilience in the nonprofit sector.
"Tone from the Top" - AXELOS members shared that messaging from the top executives is critical in cybersecurity resilience. It is relatively inexpensive, but with a high payoff. Organizations where there is regular communication through all-staff meetings and monthly newsletters have improved cyber protection. Organizations that understand and communicate to their staff why their organization is at risk and specifically what data is the target are less vulnerable than those who do not. User awareness regarding the importance of updating passwords and detecting phishing e-mails is still a crucial factor in protecting any organization.
Recommended Reference Materials for More Information on Cyber Risk Management:
10 Steps https://www.gov.uk/government/publications/cyber-risk-management-a-board-level-responsibility/10-steps-summary
Reslia (cybersecurity best practices) https://www.axelos.com/best-practice-solutions/resilia/what-is-resilia