Speakers
Synopsis
In today’s interconnected digital landscape, the importance of protecting information security cannot be overstated, especially for non-for profits (NFP) and small to medium enterprises (SME). These entities often handle sensitive data, such as donor information, financial records and business secrets, making them prime targets for cyber threats.
As a security consultant, the focus of my clientele are often NFP's and SME's, looking for options on how to start their information security protection journey in a world where there are so many competing options out there. It can be overwhelming knowing where to start.
Despite facing challenges such as limited personnel resources, technical expertise, and budget constraints, these organisations can take practical steps to greatly improve their cybersecurity. This presentation zeroes in on the essential requirements for charities and small businesses looking to establish robust information security practices from the ground up. The focus is on laying down simple, foundational steps that organisations can easily implement as they begin their journey into cybersecurity.
These steps set the stage for future growth and enhancement, ensuring that as resources become available, their cybersecurity efforts can evolve and strengthen accordingly. The presented cybersecurity roadmap has been designed specifically for businesses with limited resources, low budget, little expertise or technical knowledge, but with a desire to embark on their information security journey.
Session Overview:
This presentation will first take the audience through examples of incidents which have impacted charities and SME’s, highlighting that smaller organisations are not immune from cyber incidents, but rather have more vulnerabilities which can be exploited. NFP’s and SME’s collect data, and often rely on third party systems to handle this data and keep the business operational. Without tools and policies detailing the proper management of this data, NFP’s and SME’s risk inviting cyber incidents and data breaches, potentially crippling the organisation.
From this background, the presentation will dive into the governance verses technical tools debate on what should be prioritised, finding that a coordinated approach will be the most effective outcome.
Learning from this, the presentation will explore a 6-step process for organisations to begin their cybersecurity journey. The key takeaways from this roadmap will include:
- The need for security awareness and training
- Reaching out for expert assistance, such as MSSP’s
- Role-Based Access Controls
- Device management, such as through EDR solutions
- The importance of backups
- Designing an Incident Response Plan and other ISMS documents.
Therefore, the general flow of the presentation will be:
- Background context – what is information security and what are NFP threat landscape trends?
- Why are NFP’s and SME’s particularly vulnerable? Consider limited resources and personnel, a lack of technical experience, and competing advice regarding technology verses governance.
- What is the solution? A detailed approach to the 6-step cybersecurity roadmap, which has been designed to address the aforementioned vulnerabilities.
