Is your nonprofit under a cloud of doubt or on cloud nine when it comes to complying with security standards? We all know that protecting your organization’s information is critical to your operation, but how do you actually achieve this?
This article gives you the basics on what you need to know about threats to your nonprofit’s data, and how you can help ensure that it is protected and compliant with security standards when hosted on the Microsoft Cloud. We’ll review two-factor authentication, setting up a data loss prevention policy, and how to make sure that only authorized and compliant devices can access your data.
Who Is Trying to Steal Your Data?
First, let’s talk about what the security risks really are for your nonprofit. Your data can be compromised by two categories of people:
External Hackers: In general, hackers are not trying to target your organization specifically, but rather are trying to find vulnerabilities in any Internet-connected machine to gain access internal systems so they can
- Ransom the data back to you
- Sell the data off to be used for identity theft purposes
- Publish embarrassing data, in those cases where your organization is being targeted specifically
Internal Staff: Often staff members are the source of your organization’s biggest data breaches because their laptops or phones are stolen or they email sensitive data to the wrong person by mistake. In other cases, staff members destroy or alter data to cover up fraudulent activities or steal data to resell it or to extort or embarrass someone.
So how can you ensure that your cloud-based systems will protect your nonprofit’s data, accounts, devices, and infrastructure?
Keeping Your Data Safe in the Microsoft Cloud
Microsoft provides platinum-standard security for its nonprofit cloud users. Sam Chenkin from Tech Impact reviews the key elements of security you need to know and lots of ways Office 365 can help your organization be more secure.
Microsoft hosts governments and major corporations in its cloud. It’s HIPAA compliant (for those who store sensitive medical information) and has audited compliance with Statement on Standards for Attestation Engagements (SSAE) 16 and a dozen other security standards. You can take a look at the Microsoft Trust Center to verify whether your compliance standard is being met.
Your nonprofit’s data in the Microsoft cloud is encrypted in transit and at rest in Microsoft’s datacenters. So you just need to focus on protecting the data saved on your local machines and setting the right permissions for who can send what data outside of your network.
Use Azure AD to Set Up Single Sign-On and Improve Account and Device Security
Let’s take a look at account and device security. Azure Active Directory (AD) is included with M365. It allows you to manage users and groups in your nonprofit. Its features help nonprofits prevent identity theft and keep hackers and other criminals out of their systems.
Azure was developed for Windows domain networks and includes most Windows Server operating systems as a set of processes and services.
A major benefit of Azure is being able to log in to your computer with Azure AD. If you enable this in the M365 management console, your nonprofit staff and volunteers can join their computers to Azure AD. Then they’ll be able to log in to their computers with their M365 username and password. They will also be able to log in to many third-party applications using the same username and password.
Set Up Two-Factor Authentication to Increase Account Security
One easy and important step is to set up two-factor authentication. Two-factor authentication helps to ensure that only authorized users can log in to your organization’s accounts. Two-factor authentication also makes single sign-on even more secure.
Users are granted access only after successfully presenting two different pieces of evidence to confirm their identity. Typically that evidence is in two of the following categories: knowledge (something users know), possession (something they have), and inherence (something they are).
For example, you can set up your computer so that it’s not enough to know your password in order to log in. You also need to prove that you are an authorized user by providing a code from your mobile phone.
Manage Your Devices
With Microsoft’s Enterprise Mobility + Security (EMS) offer, organizations can manage and protect their users, devices, apps, and data. The tools included allow you to
- Simplify management of apps and devices for your employees and volunteers
- Protect your organization’s information across phones, tablets, and PCs
- Identify suspicious activities and advanced threats to your organization in near real time
EMS is incredibly valuable when employees are using multiple devices to access data, where volunteers may be bringing in their own devices, or where field workers need access to certain applications or data when they are out on visits.
Hopefully we’ve helped part the clouds and explained basic security measures you can take today using the Microsoft Cloud for Nonprofits to safeguard your nonprofit.
Start your journey to the cloud today by applying for 10 free M365 Business Premium Seats (available to eligible nonprofits in Southern Africa).
This work is published under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License.