Cibersegurança da ONG / OSC: As Dez Melhores Práticas

Since NGOs / CSOs typically have insufficient budgets for information security and use outdated technologies, they are easy targets, and attacks tend to have a massive impact on their mission, according to the Forbes Technology Council and Devex Partnership.

More specifically, NGOs / CSOs are especially vulnerable to viruses and other malicious software, email phishing, encryption or data theft of employees or clients for ransom with the threat of exposure (including breaches from third-party vendors), natural disasters, and attacks from hacktivists or state-sponsored actors. Additionally, NGOs / CSOs may not realize they are subject to civil or criminal penalties—along with reputational damage—for unauthorized disclosures of information. What can NGOs / CSOs do to address these concerns? Based on recommendations from the Forbes Council and Devex Partnerships, we suggest that NGOs / CSOs follow these ten best practices:

1. Implement multi-factor authentication, which blocks 99.9% of all attack attempts.
2. Use updated collaboration and email systems, apply critical security patches promptly.
3. Assess high risks at the board level so that appropriate resources are allocated.
4. Stay updated on recommendations to NGOs / CSOs for increased protection.
5. Build a security culture within the NGO / CSO.
6. Share data on attacks with Information Sharing and Analysis Centers (ISACs) to help protect the independent sector (following similar practices in the financial and healthcare sectors).
7. Encourage website visitors to follow recommended privacy and security practices.
8. Train staff on best security practices and monitor login activity for unusual patterns.
9. Keep firewall software (open-source or commercial) updated.
10. Encrypt sensitive information, such as donor information, credit card numbers, and web traffic (using an HTTPS site or purchasing a certificate from an authority).

Ideally, NGOs / CSOs would receive unrestricted indirect funding for investments in cybersecurity. However, as NGOs / CSOs rely on fundraising, protecting their data within their existing budgets should be a priority.