aging services expo presentation
DESCRIPTION
IT Security Best PracticesTRANSCRIPT
Company
LOGO
Bridging the Technology gap
TechBridge, Inc
www.techbridge.org
Mission
Our mission is to help other nonprofits leverage technology to better serve the
community. We help nonprofits to:
Solve mission-critical initiatives Improve communications with stakeholders Increase operating efficiencies
Source: Techbridge
Why have a Technology Plan?
A Technology Plan is a strategy document that helps you think through what your IT needs are and how they can be achieved
with the resources that you have.
Source: Techbridge
Why have a technology plan?
A well thought out plan can help you: Increase efficiency in your daily operations Manage your budget and spend money more
effectively Build an online community and boost fundraising
efforts Give donors more confidence in your organization
and provide an element of sustainability. Avoid crisis by reducing the chance of lost data and
capabilities Protect your organization from outside threats
Source: Techbridge
Getting Started
Technology planning is a process (7 things you need to know)
1. Establish leadership and support for your technology plan.
2. Assess your current resources – www.techatlas.org
3. Define your needs
4. Explore solutions- here’s where you may need a technical consultant.
5. Put your plan in writing
6. Develop a funding strategy - 70/30 rule: for every dollar budgeted for technology, 30 cents goes towards hardware and software purchases and the remaining 70 cents for training and support.
7. Implement a plan and timeline
Source: Techbridge
Basic Components of a Technology plan
Include a summary of the current state of your technology then provide an overview
of how technology will further your organization’s mission.
The body of the plan should include descriptions of the technology projects you
plan to undertake.
Source: Techbridge
Basic Components of a technology plan
Each project should contain the following information:
Description Benefits – useful in raising funds Tasks – helps with a timeline Cost Budget – is it practical? Timeline – phases and deadlines
Source: Techbridge
Technology focusIT Support – who will support the new technology?Workstations/Servers/Printers (hardware) - inventoryNetwork Infrastructure – See example below: areas
•IT Support- who will support the new technologies and respond to problems?•Workstations/Servers/Printers (hardware)- take inventory•Network Infrastructure diagram - see below:
Source: Techbridge
Focus areas
Internet Connectivity- How fast is your connection? There are several free tools you can use! http://www.speakeasy.net/speedtest/
Remote Access- Can your employees access files while at home or on the road?
Email – Do you have the ability to share calendars? Backup/Disaster Recovery – what happens if your server fails? How
quickly can you recover your data? Intranet – How do your employees share information and
collaborate? Applications/Software – Does it meet your needs?
Source: Techbridge
Virus Protection
Consider a corporate Anti-Virus solution that Centrally manages corporate network devices:
Servers, desktops, laptops, and mobile devices are all susceptible to attack
Detects virus, trojans, malware, and spyware: replicate & spread, unauthorized access, information gathering
Automates scanning and removal processes: scheduled scans, automated detection and removal without user interaction
Combines hardware and software solutions: Website Filters, E-mail SPAM and Virus Prevention, network firewalls
Source: TechBridge
Some Security issues for 2010
Anti Virus is NOT enough – Companies such as Norton Anti-virus are using technologies that evaluate the reputations of the files and applications running on your PC.
Social Engineering - is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques. Attackers are going directly after the end user by tricking them into downloading malware or divulging sensitive information. I.e.: Rogue security software vendors.
Social Networking Sites – Adjust Facebook privacy settings to help protect your identity Read the Facebook Guide to Privacy Think carefully about who you allow to become your friend Show "limited friends" a cut-down version of your profile Disable options, then open them one by one as it makes sense.
Social networking third-party apps. Windows 7 will come in the crosshairs of attackers – Be sure your organization
keeps security patches up to date with ANY new Operating System. URL-shortening services – be mindful of the source when you click on shortened
links via Twitter.Source:
www.internetnews.com/www.sophos.com
Secure your wireless connection
Use encryption Use a password Don’t broadcast the name of your network Use MAC address filtering- this forces the
network to reject any device it does not recognize.
Make sure your computers are properly secured with anti-virus, security patches and a firewall to protect your org from malware-based connections.
Source: www.sophos.com
Anti-virus policy
Introduce an anti-virus policy Produce a policy for safe computing and distribute it to all staff. Make sure
every employee has read and understood the policy, and that they know who to speak to, if they have any questions.
Such a policy could include: A ban on downloading executables and documents directly from the
internet. A ban on running unsolicited executables/documents/spreadsheets
within the organization. A ban on playing computer games or using screensavers which did not
come with the operating system. An IT checking and approval system for executables that arrive via
email from the outside world. Locking down workstation to prevent users from downloading programs.
Source: www.sophos.com
IT Project Implementation
Designate a point person Break projects into tasks Assign responsibilities Establish a timeline – set milestones Evaluate your success – On time? On
budget? Meet your needs? Is it being used?
Update your technology plan- should be a living breathing document
Source: TechBridge
Things to consider
Training – Technology that is implemented and not used is useless!
How will you care for your new technology? Who will do regular maintenance to prevent problems? Consider 3rd party support.
Sometimes going the cheapest route doesn’t yield good short-term results.
Source:
Resources
Techsoup- donated and discounted hardware and software. www.techsoup.org
Sophos - www.sophos.com – Download the 2010 security report.
Tech Atlas- FREE online Tech Assessment and planning tool www.techatlas.org
Find Tech Grants- www.techfoundation.org FREE Online Training for Microsoft Office 03/07-
http://office.microsoft.com/en-us/training/
Source: TechBridge