A Practical Guide to Blocking Cyber Threats

As cyberthreats dominate the news headlines day after day, it is important for large multinational organizations and nonprofits to take immediate notice of such events. Nonprofits often work under stark resource constraints, such as minimal IT staff and limited access control methods — yet the critical information they carry, from donor to staff information, must always be protected. As cyberattacks on nonprofits are rising faster than ever, the limitations that nonprofits have often put in place make them an ideal target for phishing, account takeover, and insider misuse. One of the critical and initial methods nonprofits can implement to protect their assets is the Principle of Least Privilege. The principle is based on the simple idea that bare minimum access to the appropriate resource should be provided to the subject, and no more than what is required for them to do their job. In general, there are basically no blanket permissions and no “admin for convenience.” It is a highly practical and actionable approach to fortify their defenses — without requiring a major personnel or technical overhaul. The principle — when implemented correctly — reduces the attack surface area for nonprofits and prevents such attacks from happening in the first place.