Susanne PeterssonBoard Secretary, Chicago Art Deco SocietyBoard Secretary, Chicago Art Deco SocietyBoard Secretary, Chicago Art Deco SocietyBoard Secretary, Chicago Art Deco Society

What is a Cyber Security Threat?

Susanne Petersson 2

What is a Cyber Security Threat?

An unauthorized An unauthorized An unauthorized An unauthorized

attempt to access attempt to access attempt to access attempt to access

electronic data and electronic data and electronic data and electronic data and

communicationscommunicationscommunicationscommunications

Susanne Petersson 3

What is the Potential Harm?

� Access to private onAccess to private onAccess to private onAccess to private on----line activityline activityline activityline activity

� Usage of credit/debit accountsUsage of credit/debit accountsUsage of credit/debit accountsUsage of credit/debit accounts

� Reduction of nonReduction of nonReduction of nonReduction of non----profit fundsprofit fundsprofit fundsprofit funds

� Data hijack for ransomData hijack for ransomData hijack for ransomData hijack for ransom

Susanne Petersson 4

Which Organizations are being Targeted?

Businesses of all Businesses of all Businesses of all Businesses of all

sizes have been sizes have been sizes have been sizes have been

attackedattackedattackedattacked

Susanne Petersson 5

Successful attempts against well-known

companies make world headlines

And yet ..

Susanne Petersson 6

Any Organization Any Organization Any Organization Any Organization –––– Yours,Yours,Yours,Yours,

or one with which You do Businessor one with which You do Businessor one with which You do Businessor one with which You do Business

could be hackedcould be hackedcould be hackedcould be hacked

Susanne Petersson 7

Should my Non-profit be Concerned?

Susanne Petersson 8

Should my Non-profit be Concerned?

Susanne Petersson 9

Susanne Petersson 10

Discover how to increase cyber-

security at Your

Non-Profit

Susanne Petersson 11

1. Organization Email

2. Anti-Virus Software

3. Board Documentation

4. Database Management

Organization Email

Your Non-Profit Identity

� The email address provided by your The email address provided by your The email address provided by your The email address provided by your

organization is your identityorganization is your identityorganization is your identityorganization is your identity

Susanne Petersson 14

Your Non-Profit Identity

� Use your emailUse your emailUse your emailUse your email

� Perform organizationPerform organizationPerform organizationPerform organization----

related activitiesrelated activitiesrelated activitiesrelated activities

� Act as representative Act as representative Act as representative Act as representative

for your organizationfor your organizationfor your organizationfor your organization

Susanne Petersson 15

Setup Non-Profit Email

Susanne Petersson 16

Many onMany onMany onMany on----line line line line providers providers providers providers

offer offer offer offer lowlowlowlow----cost email cost email cost email cost email

with your nonwith your nonwith your nonwith your non----profit’s profit’s profit’s profit’s

domain domain domain domain address:address:address:address:

myname@nonprofit.orgmyname@nonprofit.orgmyname@nonprofit.orgmyname@nonprofit.org

Setup Non-Profit Email

� There are no excuses There are no excuses There are no excuses There are no excuses ––––

� Separate your nonSeparate your nonSeparate your nonSeparate your non----profit profit profit profit

from other activitiesfrom other activitiesfrom other activitiesfrom other activities

Susanne Petersson 17

Setup Non-Profit Email

� There are no excuses There are no excuses There are no excuses There are no excuses –––– only benefits!only benefits!only benefits!only benefits!

� Add an extra touch of Add an extra touch of Add an extra touch of Add an extra touch of

professionalism to your professionalism to your professionalism to your professionalism to your

communicationscommunicationscommunicationscommunications

Susanne Petersson 18

Secure Passwords

� Create secure passwordsCreate secure passwordsCreate secure passwordsCreate secure passwords

� Different from your other Different from your other Different from your other Different from your other

onononon----line email or business line email or business line email or business line email or business

accountsaccountsaccountsaccounts

� Change passwords oftenChange passwords oftenChange passwords oftenChange passwords often

Susanne Petersson 19

Secure Passwords

� Use secure passwords forUse secure passwords forUse secure passwords forUse secure passwords for

� Your nonYour nonYour nonYour non----profit email profit email profit email profit email

addressaddressaddressaddress

� Sites accessed using nonSites accessed using nonSites accessed using nonSites accessed using non----

profit email accountprofit email accountprofit email accountprofit email account

Susanne Petersson 20

Email Activity

� Follow protocolFollow protocolFollow protocolFollow protocol

� Setup strong rules to Setup strong rules to Setup strong rules to Setup strong rules to

block unwanted mailblock unwanted mailblock unwanted mailblock unwanted mail

� Open only trusted Open only trusted Open only trusted Open only trusted

attachments attachments attachments attachments

Susanne Petersson 21

Trust Your Anti-Virus Software

If an email or If an email or If an email or If an email or

sender looks sender looks sender looks sender looks

suspicious, it suspicious, it suspicious, it suspicious, it

probably is probably is probably is probably is ––––

Susanne Petersson 22

Beware of suspicious Email

A.A.A.A. Close the email messageClose the email messageClose the email messageClose the email message

B.B.B.B. Mark as “SPAM”Mark as “SPAM”Mark as “SPAM”Mark as “SPAM”

C.C.C.C. Empty your SPAM folderEmpty your SPAM folderEmpty your SPAM folderEmpty your SPAM folder

Susanne Petersson 23

Anti-Virus Software

Load & Activate Anti-Virus Software

� Every device used for Every device used for Every device used for Every device used for

boardboardboardboard----related activityrelated activityrelated activityrelated activity

� All All All All board members, board members, board members, board members,

and associates who and associates who and associates who and associates who

act on their behalfact on their behalfact on their behalfact on their behalf

Susanne Petersson 25

Trust Your Anti-Virus Software

Something Something Something Something

unusual has unusual has unusual has unusual has

occurred occurred occurred occurred ––––

Susanne Petersson 26

Trust Your Anti-Virus Software

� A severe warning pops A severe warning pops A severe warning pops A severe warning pops

up, orup, orup, orup, or

� An unexpected response An unexpected response An unexpected response An unexpected response

within a trusted site within a trusted site within a trusted site within a trusted site

Susanne Petersson 27

Trust Your Anti-Virus Software

This may be a ploy This may be a ploy This may be a ploy This may be a ploy

to access your to access your to access your to access your

hardware or datahardware or datahardware or datahardware or data!!!!

Susanne Petersson 28

Use Your Trusted Anti-Virus Software

A.A.A.A. Exit where you are signed inExit where you are signed inExit where you are signed inExit where you are signed in

B.B.B.B. LLLLaunch your antiaunch your antiaunch your antiaunch your anti----virusvirusvirusvirus

C.C.C.C. Advise Advise Advise Advise your administratoryour administratoryour administratoryour administrator

Susanne Petersson 29

Board Documentation

Secure Documents On-Line

� Provide a secured portal Provide a secured portal Provide a secured portal Provide a secured portal

� Often space is included Often space is included Often space is included Often space is included

by the email providerby the email providerby the email providerby the email provider

� Documents automatically Documents automatically Documents automatically Documents automatically

backedbackedbackedbacked----up in the ‘cloud’up in the ‘cloud’up in the ‘cloud’up in the ‘cloud’

Susanne Petersson 31

Documents readily Available

� Access the secured portal Access the secured portal Access the secured portal Access the secured portal

� AAAAvailable whenever and vailable whenever and vailable whenever and vailable whenever and

wherever neededwherever neededwherever neededwherever needed

� You have less to carry to You have less to carry to You have less to carry to You have less to carry to

meetingsmeetingsmeetingsmeetings

Susanne Petersson 32

Structure Document Access

� Setup Setup Setup Setup accessibility by folder accessibility by folder accessibility by folder accessibility by folder

� Determine what papers Determine what papers Determine what papers Determine what papers

and records available to and records available to and records available to and records available to

all board members all board members all board members all board members

Susanne Petersson 33

Structure Document Access

� Organize documents by folderOrganize documents by folderOrganize documents by folderOrganize documents by folder

� Provide ample individual Provide ample individual Provide ample individual Provide ample individual

rights for research and rights for research and rights for research and rights for research and

decisiondecisiondecisiondecision----makingmakingmakingmaking

Susanne Petersson 34

Distribute Your Documentation

� Post updates onPost updates onPost updates onPost updates on----linelinelineline

� Designate the responsible Designate the responsible Designate the responsible Designate the responsible

party party party party –––– by committee, by committee, by committee, by committee,

document typedocument typedocument typedocument type

� Announce the update(s)Announce the update(s)Announce the update(s)Announce the update(s)

Susanne Petersson 35

Appoint a Site Administrator

� Manage processes, troubleshoot Manage processes, troubleshoot Manage processes, troubleshoot Manage processes, troubleshoot

issuesissuesissuesissues� DDDDocument organizationocument organizationocument organizationocument organization

� Board member accessBoard member accessBoard member accessBoard member access

� Software integration and Software integration and Software integration and Software integration and updatesupdatesupdatesupdates

Susanne Petersson 36

Database Management

3rd Party Suppliers are Integral Partners

� Suppliers are utilized in many areas, Suppliers are utilized in many areas, Suppliers are utilized in many areas, Suppliers are utilized in many areas,

such assuch assuch assuch as� DatabaseDatabaseDatabaseDatabase

� TelephoneTelephoneTelephoneTelephone

� DeliveryDeliveryDeliveryDelivery

� InternetInternetInternetInternetSusanne Petersson 38

Suppliers are their own distinct Businesses

� Many programs you access/run are Many programs you access/run are Many programs you access/run are Many programs you access/run are

controlled by another businesscontrolled by another businesscontrolled by another businesscontrolled by another business

and, possibly…

� A program may, one day, be hackedA program may, one day, be hackedA program may, one day, be hackedA program may, one day, be hacked

Susanne Petersson 39

Be Proactive!

Do Your part toDo Your part toDo Your part toDo Your part to

Secure Your data Secure Your data Secure Your data Secure Your data

and processesand processesand processesand processes

Susanne Petersson 40

Focusing on Your Data …

� Provide access capabilities based on Provide access capabilities based on Provide access capabilities based on Provide access capabilities based on

board member needboard member needboard member needboard member need

� AdministrationAdministrationAdministrationAdministration

� UpdatingUpdatingUpdatingUpdating

� ReadReadReadRead----onlyonlyonlyonly

� Reports Reports Reports Reports

Susanne Petersson 41

Setup a valued Database

� Designate an Administrator Designate an Administrator Designate an Administrator Designate an Administrator totototo

� Assign user access by Assign user access by Assign user access by Assign user access by

role/needrole/needrole/needrole/need

� Review software updatesReview software updatesReview software updatesReview software updates

� Address user queriesAddress user queriesAddress user queriesAddress user queries

� Monitor activityMonitor activityMonitor activityMonitor activity

Susanne Petersson 42

Protect Your Database

� Establish board member rightsEstablish board member rightsEstablish board member rightsEstablish board member rights

� Some require the ability Some require the ability Some require the ability Some require the ability

to add or edit data to add or edit data to add or edit data to add or edit data

� Others simply need readOthers simply need readOthers simply need readOthers simply need read----

only capabilitiesonly capabilitiesonly capabilitiesonly capabilities

Susanne Petersson 43

Limit Database Access

� Board members who require the Board members who require the Board members who require the Board members who require the

occasional report have 2 options:occasional report have 2 options:occasional report have 2 options:occasional report have 2 options:

1.1.1.1. Manual process: a user with Manual process: a user with Manual process: a user with Manual process: a user with

access run, then send/postaccess run, then send/postaccess run, then send/postaccess run, then send/post

Susanne Petersson 44

Limit Database Access

� Board members who require the Board members who require the Board members who require the Board members who require the

occasional report have 2 options:occasional report have 2 options:occasional report have 2 options:occasional report have 2 options:

2.2.2.2. AutoAutoAutoAuto----process: generate and process: generate and process: generate and process: generate and

send/post to an accessible send/post to an accessible send/post to an accessible send/post to an accessible

location location location location

Susanne Petersson 45

Limit Access by Others

� Properly Log Properly Log Properly Log Properly Log IIIIn and Log Out of every n and Log Out of every n and Log Out of every n and Log Out of every

applicationapplicationapplicationapplication

� Follow protocol established Follow protocol established Follow protocol established Follow protocol established

by each programby each programby each programby each program

� Only ‘Only ‘Only ‘Only ‘XXXX----outoutoutout' as outlined in ' as outlined in ' as outlined in ' as outlined in

this documentthis documentthis documentthis document

Susanne Petersson 46

Log out

Trust Your Experience & Processes

If the software If the software If the software If the software

program behaves program behaves program behaves program behaves

suspiciously, it may suspiciously, it may suspiciously, it may suspiciously, it may

be a threat be a threat be a threat be a threat ––––

Susanne Petersson 47

Database provides an unexpected Response

A.A.A.A. Close ‘Close ‘Close ‘Close ‘XXXX----outoutoutout’ of the software’ of the software’ of the software’ of the software

B.B.B.B. Launch your antiLaunch your antiLaunch your antiLaunch your anti----virusvirusvirusvirus

C.C.C.C. Advise your administratorAdvise your administratorAdvise your administratorAdvise your administrator

Susanne Petersson 48

Document Your

Expectations

Proactively Document

Log access Log access Log access Log access

control of each control of each control of each control of each

board memberboard memberboard memberboard member

Susanne Petersson 50

Proactively Document

Outline process Outline process Outline process Outline process

steps by board steps by board steps by board steps by board

member member member member

Susanne Petersson 51

Proactively Document

Distribute to board Distribute to board Distribute to board Distribute to board

Periodically review Periodically review Periodically review Periodically review

the processesthe processesthe processesthe processes

Susanne Petersson 52

Will following these ideas stop Threats?

Susanne Petersson 53

Will following these ideas stop Threats?

No, nothing can STOP No, nothing can STOP No, nothing can STOP No, nothing can STOP

unauthorized unauthorized unauthorized unauthorized

accessaccessaccessaccess

Susanne Petersson 54

Good News for Your Non-Profit!

Susanne Petersson 55

Good News for Your Non-Profit!

Following these ideas Following these ideas Following these ideas Following these ideas

can reduce the can reduce the can reduce the can reduce the

likelihood of likelihood of likelihood of likelihood of

successful attemptssuccessful attemptssuccessful attemptssuccessful attempts

Susanne Petersson 56

1. Organization Email

2. Anti-Virus Software

3. Board Documentation

4. Database Management

Feel free to Like, Save, Share this topic

As board secretary of a small non-profit, I

follow these measures to secure

documentation and processes. Following

these steps also ensures accessibility to

relevant details for thoughtful and informed

decision-making.

Read more on Twitter @SusannePresents

Remain current by following discussions at

#cybersecurity, #cyber, #risk, and #IoT

Prepared by Susanne PeterssonBoard Secretary, Chicago Art Deco SocietyBoard Secretary, Chicago Art Deco SocietyBoard Secretary, Chicago Art Deco SocietyBoard Secretary, Chicago Art Deco Society