Many not for profit organizations in our community and elsewhere have used Blackbaud software and services for many years. In May of this year, Blackbaud suffered a cyberincidence where certain of the data on their hosted systems may have been compromised. Here is Blackbaud's statement on the incident:
To be clear, this security incident apparently occurred only to those Blackbaud clients who use their hosted services. On premise servers and systems - where the client owns and operates Blackbaud software on local servers, were not affected.
It has been common for most businesses, organizations, and individuals to invest in preventative cybersecurity defenses. Most organizations have technologies such as firewalls and anti-virus software that are designed to stop a cyber-attack. These controls certainly serve a purpose in fighting the war against cybercrime and should not be discounted.
But, cybersecurity professionals are recommending that we turn our attention to our ability to detect cybersecurity incidents and recover from them.
It makes perfect sense. The reality is that defending against all cyber-attacks is an incredibly hard task to do. Hackers are anonymous, perimeters are not physical, attacks are sophisticated, and the volume of cyber assaults launched every day is astounding. Defending against all cyber-attacks is a little like entering a cage fight blindfolded with one arm tied behind your back. Despite the best defensive efforts, you will get hit.
Hence the recommendation to invest the ability to recover from a cybersecurity incident. Of course we will continue to defend ourselves from cyber criminals, but we also recognize we are not fighting a fair fight, and that we may likely suffer a cyber incident at some point. The thought is simple: If or when we become a victim of cybercrime, we must be prepared to recover from the incident. We can then weather the storm.
BACKUPS ARE KEY
If you do not regularly backup critical data and systems, then you must start doing so immediately. If you do not have a documented disaster recovery plan, then you must create one immediately. In the process of creating a data backup strategy and disaster recovery plan, please recognize the nine most common mistakes made and more importantly, how you can avoid making them in your quest for recovery preparation.
In order to protect sensitive online data, it's likely the passwords you use have become incredibly complex. Many tech-savvy users now use password managers to keep track of them all—but too many users also rely on those “remember me” checkboxes that auto-populate password fields, which can expose sensitive information to potential vulnerabilities. Fortunately, more and more users are skipping passwords entirely by using secure facial recognition tools.