Security Solution Recommendations for Small Charities
This article contains recommendations of low-cost security solutions and free resources that are available to small charities.
It’s always best to start with functionality already available to you. Look to enable the Windows Firewall feature built into the Windows Operating System (OS) and have this centrally controlled by group policies where possible. Consider installing dedicated firewall hardware to protect the perimeter network and segregate internal networks. SonicWall provide an array of low-cost firewall solutions to consider. Charities may also want to consider Web Application Firewall solutions where you provide applications and/or services over the internet. This protects these services from being attacked and flooded with malicious traffic and they can be procured on a subscription basis in the cloud to help manage costs.
Applying secure configuration to systems is a key aspect of information security. The Center of Internet Security (CIS) provide free vendor-agnostic system hardening standards that can be extracted and used to securely configure a variety of systems (i.e., Windows/Linux servers, workstations, firewalls etc). Pingcastle is a free audit tool that can be downloaded and ran against all domain controllers to identify configuration security weaknesses. Vulnerability scanning is key to not only identifying instances of missing security patches, but also configuration weaknesses. Nessus Tenable is a vulnerability scanning tool that offers a charitable organisation subscription program. This includes one free Nessus subscription; however additional subscriptions must be purchased to qualify. There are alternative solutions with comparably similar costs.
User access permissions should be centrally managed where technically possible. Additionally, single sign-on should be enabled to avoid complexity. LastPass is a well-known, reasonably priced password manager tool that embeds within internet browsers to allow for the safe storage and sharing of credentials and passwords. Look to enable the free BitLocker encryption tool within Windows to encrypt data on hard drives to prevent unauthorised access should devices be lost or stolen.
If you predominantly have a Windows environment, Windows Defender is a great free malware protection tool built into the Operating System. Capabilities are greatly enhanced through the MS Defender 365 licensing model, such as centralised antivirus management and intelligent automated response actions.
Listed below are other useful free cyber security tools:
Haveibeenpwned.com – Have I Been Pwned allows users to search across multiple data breaches to see if your organisation’s email addresses or phone numbers have been compromised.
Virustotal.com – Use this website to analyse suspicious files and URLs to detect types of malware and automatically share them with the security community.
Useful information security partner organisations/groups:
- Microsoft’s Tech for Social Impact Team and non-profit discounting
- Charity Digital Partnership (in Partnership with Techsoup)
- Charity IT Leaders Network
- Charity Security Forum
- US-CERT online threat intelligence community
Prepared by: Iayesha Reid, Information Security and Compliance Manager at the RNIB Date: 20 October 2021