What Do Nonprofits Need to Know About Penetration Testing?

Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman explains what penetration testing is, why some nonprofits may need it, and why other nonprofits may not, or may not need it until after a basic assessment and vulnerability scanning.

Do you have someone urging you to get expensive pen testing, and you aren’t sure if you really need it, or if it is just checking a box on an insurance form? This podcast should give you more information on what the pen test tests, and how to match your investment in cybersecurity to your nonprofits’ risks and needs.

Takeaways on Pen Testing for Nonprofit Cybersecurity

What is penetration testing?

• When nonprofits hosted a server on premises, penetration testing was a step that could be taken to look for vulnerabilities such as open ports on the local network.
• Pen testing, as the name implies, involves finding vulnerabilities and exploiting those openings to show how far into your system a hacker could get. Usually a pen testing company will provide a long and very technical report about the client’s cybersecurity configurations.
• Now that most nonprofits are working in the cloud, there is less to test in a pen test. Vulnerability scanning and a basic assessment can usually create a more valuable list of vulnerabilities and remediation suggestions, for a more affordable price. An assessment will provide a more comprehensive and holistic report on the cybersecurity practices at your nonprofit.
• If you have been told you “need” to have a pen test, make sure you understand why and the ROI return on investment the pen test is expected to provide.
• Pen testing has definite value, but that value is very specific to certain types of organizations; with on-site servers, and with certain technical needs and risks.
• The most likely source of compromise and fraud at most small- to mid-sized nonprofits is going to be malicious phishing email leading to wire fraud or compromised credentials. If you have a limited budget to put toward cybersecurity practices, it makes sense to invest in staff training to decrease the risks of clicking on a bad link, and “basic” cybersecurity to protect account credentials and user ID.
• In general, Community IT would recommend starting a cybersecurity improvement journey with a basic assessment, adding vulnerability scanning, and only after addressing any vulnerabilities discovered at that level, determining whether a pen test is a valuable tool to learn more about your system security and resilience.

Community IT hopes that we can provide trusted advice and guidelines for nonprofit safety and security. Your cybersecurity risks and needs will be individual to your nonprofit. If you have questions on pen testing, vulnerability scanning, and basic assessments, reach out and schedule a conversation or assessment with Matt.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

October is ESOP Employee Owner Month

An Employee Stock Ownership Plan, or ESOP, is a legal structure used in the U.S. to create an employee-owned company. Essentially, an ESOP is a type of retirement plan that invests primarily in company stock, holding the assets in a trust for the staff.

Community IT is 100% employee-owned. This structure means our staff participates in the company’s success. Not all ESOPs are 100% employee-owned. Our CEO Johan Hammerstrom walks through the decisions and concerns of our founder, David Deal, that the mission of the company always remain focused on serving nonprofits with well-managed IT. The best way to preserve that mission when he sold the company in 2012 was to sell it entirely to the staff.

Being an ESOP is fundamentally important to Community IT because it ensures we maintain the stability and focus required to serve the nonprofit sector best. This structure guarantees we control our own destiny, allowing us to prioritize long-term, excellent service to nonprofit organizations over external pressures like seeking to be acquired or maximizing short-term profits for outside owners.

Further, it enhances our culture by aligning the incentives of our passionate employees with our mission, empowering independent decision-making and ensuring that clients benefit from a dedicated, resourceful, and stable team that is invested in the organization’s lasting success.

Join CEO Johan Hammerstrom as he explains what October being ESOP employee owner month means to Community IT, our clients, and our dedication to providing excellent outsourced IT services.

Interested in the ESOP structure advantages and how to become an ESOP? Contact Johan directly, he is always happy to talk about our ESOP.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

A Panel Discussion with Matthew Eshleman and Ian Gottesman.

In part 1, Ian and Matthew discuss an approach to cybersecurity for nonprofits, taking the first steps, and 3 steps you can take to prevent at least 80% of attacks. In pt 2, they talk about making cybersecurity training more engaging, and lessons learned this year. They finish by taking audience questions.

Our nonprofit cybersecurity experts discuss the current state of risks, and the best counter-measures nonprofits should have in their toolboxes.

Learn what are cybersecurity essentials for nonprofits, and how your nonprofit organization can meet the moment.
Keep your staff, your networks, and your data secure in an insecure world.

Worried about nonprofit cybersecurity?

You aren’t alone. The nonprofit sector is seeing new attacks and politicization of work that was never political before. Most attacks we are seeing in our networks are still financial, not political – but that doesn’t make being a victim of these attacks better. AI is changing cybersecurity needs rapidly.

If you aren’t sure what you need to know, or who to ask, learn from our expert panel in this webinar where we will discuss cybersecurity essentials for nonprofits in accessible language, and lay out a plan for any nonprofit to put the basics of cybersecurity in place.

Secure your devices.

Secure your accounts.

Secure your data.

In this new webinar, expert panelists discuss cybersecurity essentials and take Q&A.

As with all our webinars, this presentation is appropriate for an audience of varied IT experience.

Community IT is proudly vendor-agnostic, and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.