Nonprofit Resources


Cybersecurity Month: Online Safety at Work

October is National Cybersecurity Awareness Month. Each week, we’ll provide information and tips to help increase your cybersecurity awareness and reduce the cyber risk for you and your organization.


The Department of Homeland Security’s theme this week is “It’s Everyone’s Job to Ensure Online Safety at Work.” It’s vital for every employee with access to your network to understand that they play an important role in keeping your organization safe from cyber threats.

What your employees can do
  • Understand why cybersecurity is important and why they need to:
    • Adhere to your organization’s policies
    • Attend your organization’s cybersecurity training
    • Stay on guard against potential threats
  • Use strong passwords that are not:
    • Shared with others
    • Saved in easily accessible locations
    • Used for multiple accounts
    • Easily guessed
  • Know how a phishing attack works and the signs to watch for — even if they know the sender
  • Keep laptops and mobile devices secure by ensuring they are not left unattended in vehicles or public places
  • Promptly install updates on their computers, smartphones, tablets, etc.
  • Avoid using public Wi-Fi, particularly for accessing sensitive systems
  • Understand the risks of email and avoid sharing confidential or sensitive information via unencrypted email or instant messages
  • Be cautious about sharing personal information on social media, as it can be used for social engineering or identity theft
What your organization can do
  • Create a culture of cybersecurity so that every employee from the top leadership down understands, respects, and follows security measures
  • Provide comprehensive and ongoing cybersecurity training for all network users
  • Limit data and systems access to users who need it to perform their duties
  • Provide a method for reporting suspicious emails and encourage employees to use it
  • Consider our Cyber Checkup, which includes a phishing test
  • Use email filtering — although it won’t stop all spam, it will help
  • Use encrypted options, not email, for transferring sensitive data
  • Implement multi-factor authentication to add an extra layer of security to network logins, email, and cloud services
  • Set controls for and monitor use of your organization’s Wi-Fi network
  • Create policies for:
    • Mobile devices, which often have business information stored on them
    • Removable media such as USB drives, which are easily lost and can transfer malware to local systems
    • Acceptable use of your organization’s equipment and systems
  • Check routers for malware and change default passwords
  • Develop and implement a vendor review process that includes an assessment of your vendor’s:
    • Financial condition
    • Data security, including confirmation of vulnerability testing
    • IT security controls
    • Incident response
    • Business continuity and disaster planning
    • Insurance coverage
    • Performance standards
    • Service-level agreements (SLAs)
  • Perform cybersecurity assessments annually, with vulnerability testing done more frequently, such as monthly or quarterly


According to Symantec’s 2018 Internet Security Threat Report, 54.6% of all email sent in 2017 was spam.


Access more cybersecurity articles and blog posts here.

Leave a Comment