SlideShare a Scribd company logo

Encryption 101 for Nonprofits

Download as PPTX, PDF
Community IT Innovators
Community IT Innovators

We review the basics of encryption as a method for improving IT security at nonprofit organizations.

Technology
1 of 24
Encryption for Non-Profits Webinar Series June 2018
About Community IT Advancing mission through the effective use of technology. 100% Employee Owned
Presenter Matthew Eshleman CTO
Agenda Encryption Overview Use Cases QA
What is encryption? the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor
History of Encryption This Photo by Unknown Author is licensed under CC BY-SA This Photo by Unknown Author is licensed under CC BY-SA This Photo by Unknown Author is licensed under CC BY-SA
Why Encrypt
Why Encrypt? Compliance – you are required to encrypt some or all data due to its classification Risk management - information that you are working with is sensitive and shouldn’t be publicly disclosed. Security - encrypting our information is a Best Practice
Written & Updated Policies Predictive Intelligence Security Training & Awareness Passwords Antivirus Backups Patching Encryption Good Security Practices
Example “Protect your data with encryption” …Šb¾MuN •–¦è&Õ¤tÄZPD7Õ$ÿÇÛ²ÎzzßÓx2Ô$»•IhqÓ”,:QüïÈ8ìn¹³¡N@-Ö#âP9ÿ¡³mS ~v¾iôrô ü=¢Žy'Zø¢°ûò§ž•a0–•E}þÀØ*³zÚÝRÙmeâ–Ký¯”,Ž(C[7ë_ËOû“&g-ŠÆÎåÄÜXI¿WXc›Mj{ù54òÔâbÿ.’ Jâ‚v#Íý§wš2CÐC‘•€ÆÅ„?ÚHÒ…«^֐•0Pv𩜤ÙÁ0}ù ¹ŽQ¯b&ð.ÿ4Õ8&~úæ&dc¡ÒÀå .XGXŒÝi"/•98¾øp— Ðw(²â†·‘f6t‰ßøö÷MKÊÓ‘Âñ«*»OœÞõ~Tµ•~A<€P‘÷•§kÄñŠs¦îLh…¦z¹S¬Ã@¯û&Ñyú]ZøGÃfk2Uûÿ…]°+¿¶æØþfˆª@Û5/ks•- k‡öjŸTn§ÏÍš°ifnÁmœ÷¼¤&Źï÷Ì ïÊ+?Ùß¡µÑ€€*4ÿÑ“'îDÆbþDäéâÑ”Q?âi¢À©³ÿvŸÍDƒ—X³3´— Nÿ™n×ü”rSSéiUÑÃåÓ‡'ÕéðÑä°«4M-ØB–1H׬ ŒýhŽï$V?×@ô#¥Á>XkçùÁ¥ ÍÙhkOßxñ ÅÂkõd ,ôC¼ Äц §ä°¨Þ|ûCú¬–¸G‹E¹EwÆ ]ºᛠÒØüíi驨>ƒùêÆKžîø2'»°êЖ¦••õR!SwêÈÎþ qÍ»3šÅçz£»Êàk“l+›Ù™»0‹6” s!5ä“ôò
Ransomware This Photo by Unknown Author is licensed under CC BY
Glossary of Terms Encrypted at Rest: Data being stored on a server is encrypted. It may still be possible for the hosting company to access the data. Encrypted in Transit: Data is encrypted between the user and the server. The hosting company would have access to the data. End to End Encryption: Typically communication encryption where only the participating parties have they key. This term is sometimes used incorrectly as providers change the meaning of “end”. Zero Knowledge Encryption: Data is encrypted at all times and not even the hosting company can access the data. You do not have to trust that the service would not give out your information since they do not have access to it. This is especially important in the event of a subpoena or data breach.
What to encrypt? • In Transit • By Service Provider • By end user Email Chat Programs Full Disk Encryption Within Applications
Email Encryption • TLS - Enabling TLS or using a TLS compliant email service such as Office 365, or Gmail ensures that no one can read your email as it is in transit between another TLS compliant provider. In the example below, we can see that I have received a message that was protected by TLSv1.2 Received: from mail-lf0-f48.google.com (mail-lf0- f48.google.com [209.85.215.48]) by mx1423.ess.rzc.cudaops.com (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 03 May 2018 13:20:40 +0000 Received: by mail-lf0-f48.google.com with SMTP id v85- v6so25907237lfa.13for <MEshleman@communityit.com>; Thu, 03 May 2018 06:20:41 -0700 (PDT)
Inbound TLS Report
Email Encryption • Service Provider • Office 365 • Google Mail Encryption • Barracuda • Zix • Virtu • The easiest type of encryption to implement. It is email encryption that is performed by the service provider
Email Encryption • PGP - This form of encryption is performed on the sender’s computer which uses a public/private key pair to encrypt the message. • Sender encrypts (or locks) the contents of a message using the Public Key of the intended recipient and their own Private Key • Both the sender and receiver to have PGP configured. Based on “web of trust” model.
Chat Programs Signal WhatsApp iMessage Keybase Skype4Business….
Disk Encryption • Window Pro • Combine with InTune or MBAM for administration Bitlocker (Windows) • Can be centrally managed with Casper FileVault (Mac)
Applications • Thinking mostly of databases • Systems like Blackbaud and SalesForce • Check custom / legacy systems
Upcoming Webinar Building an Effective IT Function Wednesday July 18 4:00 – 5:00 PM EST
Follow Up Review your organization’s requirements for encryption 1 Explore how you could use one technology described here 2 Find a buddy and send them an encrypted message 3
Questions?

Recommended

The path to most GRC requirements
The path to most GRC requirementsThe path to most GRC requirements
The path to most GRC requirements
Watchful Software
 
Steven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer cloudingSteven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer clouding
'Self-Employed'
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloud
FREVVO
 
How to Knock Out Threats from Crypto-Style Viruses
How to Knock Out Threats from Crypto-Style VirusesHow to Knock Out Threats from Crypto-Style Viruses
How to Knock Out Threats from Crypto-Style Viruses
Carbonite
 
Check your network security
Check your network securityCheck your network security
Check your network security
Your Virtual CTO
 
Azlan Security Offering
Azlan Security OfferingAzlan Security Offering
Azlan Security Offering
Gianandrea Daverio
 
Petya Ransomware
Petya RansomwarePetya Ransomware
Petya Ransomware
Siemplify
 
Barracuda Web Filter Cipa Presentation
Barracuda Web Filter Cipa PresentationBarracuda Web Filter Cipa Presentation
Barracuda Web Filter Cipa Presentation
Carolynrahn
 

Recommended

The path to most GRC requirements
The path to most GRC requirementsThe path to most GRC requirements
The path to most GRC requirements
Watchful Software
 
Steven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer cloudingSteven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer clouding
'Self-Employed'
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloud
FREVVO
 
How to Knock Out Threats from Crypto-Style Viruses
How to Knock Out Threats from Crypto-Style VirusesHow to Knock Out Threats from Crypto-Style Viruses
How to Knock Out Threats from Crypto-Style Viruses
Carbonite
 
Check your network security
Check your network securityCheck your network security
Check your network security
Your Virtual CTO
 
Azlan Security Offering
Azlan Security OfferingAzlan Security Offering
Azlan Security Offering
Gianandrea Daverio
 
Petya Ransomware
Petya RansomwarePetya Ransomware
Petya Ransomware
Siemplify
 
Barracuda Web Filter Cipa Presentation
Barracuda Web Filter Cipa PresentationBarracuda Web Filter Cipa Presentation
Barracuda Web Filter Cipa Presentation
Carolynrahn
 
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Storage Switzerland
 
Wannacry & Petya ransomware
Wannacry & Petya ransomwareWannacry & Petya ransomware
Wannacry & Petya ransomware
Raghavendra P.V
 
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
David McHale
 
10 Tips to Keep Criminals Out
10 Tips to Keep Criminals Out10 Tips to Keep Criminals Out
10 Tips to Keep Criminals Out
Neil Kemp
 
Watch guard reputation enabled defense
Watch guard reputation enabled defenseWatch guard reputation enabled defense
Watch guard reputation enabled defense
Medley India Infosolution Pvt Ltd
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
HTS Hosting
 
Protecting Against Ransomware
Protecting Against RansomwareProtecting Against Ransomware
Protecting Against Ransomware
Symantec
 
Best Cloud Security Training in Bangalore by myTectra
Best Cloud Security Training in Bangalore by myTectraBest Cloud Security Training in Bangalore by myTectra
Best Cloud Security Training in Bangalore by myTectra
myTectra Learning Solutions Private Ltd
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
Chandrapal Badshah
 
Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?
Osirium Limited
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
SlideTeam
 
Mack Hardy: Five practical things you can do to secure your online self. Poli...
Mack Hardy: Five practical things you can do to secure your online self. Poli...Mack Hardy: Five practical things you can do to secure your online self. Poli...
Mack Hardy: Five practical things you can do to secure your online self. Poli...
NetSquared Vancouver
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Storage Switzerland
 
The Nitty Gritty of Website Security
The Nitty Gritty of Website SecurityThe Nitty Gritty of Website Security
The Nitty Gritty of Website Security
HTS Hosting
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
Jawhar Ali
 
The Benefits of a Network Security Plan
The Benefits of a Network Security PlanThe Benefits of a Network Security Plan
The Benefits of a Network Security Plan
SwiftTech Solutions, Inc.
 
Global Thought Leadership Webcast, March 23
Global Thought Leadership Webcast, March 23Global Thought Leadership Webcast, March 23
Global Thought Leadership Webcast, March 23
Patrícia Alves
 
Anatomy Of An Attack
Anatomy Of An AttackAnatomy Of An Attack
Anatomy Of An Attack
Cisco Canada
 
Ways to protect your data from hacking
Ways to protect your data from hackingWays to protect your data from hacking
Ways to protect your data from hacking
Webspiders Interweb Pvt. Ltd.
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Marco Balduzzi
 
assign3.docx
assign3.docxassign3.docx
assign3.docx
Captain898
 
Balancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecurityBalancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With Security
Symantec
 

More Related Content

What's hot

Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
SlideTeam
 
Mack Hardy: Five practical things you can do to secure your online self. Poli...
Mack Hardy: Five practical things you can do to secure your online self. Poli...Mack Hardy: Five practical things you can do to secure your online self. Poli...
Mack Hardy: Five practical things you can do to secure your online self. Poli...
NetSquared Vancouver
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Marco Balduzzi
 

What's hot (20)

Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
 
Wannacry & Petya ransomware
Wannacry & Petya ransomwareWannacry & Petya ransomware
Wannacry & Petya ransomware
 
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
"10 Tips To Keep Cybercriminals Out While Coronavirus Keeps You In" Infographic
 
10 Tips to Keep Criminals Out
10 Tips to Keep Criminals Out10 Tips to Keep Criminals Out
10 Tips to Keep Criminals Out
 
Watch guard reputation enabled defense
Watch guard reputation enabled defenseWatch guard reputation enabled defense
Watch guard reputation enabled defense
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
 
Protecting Against Ransomware
Protecting Against RansomwareProtecting Against Ransomware
Protecting Against Ransomware
 
Best Cloud Security Training in Bangalore by myTectra
Best Cloud Security Training in Bangalore by myTectraBest Cloud Security Training in Bangalore by myTectra
Best Cloud Security Training in Bangalore by myTectra
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
 
Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
 
Mack Hardy: Five practical things you can do to secure your online self. Poli...
Mack Hardy: Five practical things you can do to secure your online self. Poli...Mack Hardy: Five practical things you can do to secure your online self. Poli...
Mack Hardy: Five practical things you can do to secure your online self. Poli...
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
 
The Nitty Gritty of Website Security
The Nitty Gritty of Website SecurityThe Nitty Gritty of Website Security
The Nitty Gritty of Website Security
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
 
The Benefits of a Network Security Plan
The Benefits of a Network Security PlanThe Benefits of a Network Security Plan
The Benefits of a Network Security Plan
 
Global Thought Leadership Webcast, March 23
Global Thought Leadership Webcast, March 23Global Thought Leadership Webcast, March 23
Global Thought Leadership Webcast, March 23
 
Anatomy Of An Attack
Anatomy Of An AttackAnatomy Of An Attack
Anatomy Of An Attack
 
Ways to protect your data from hacking
Ways to protect your data from hackingWays to protect your data from hacking
Ways to protect your data from hacking
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
 

Similar to Encryption 101 for Nonprofits

Balancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecurityBalancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With Security
Symantec
 
Data Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement TodayData Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement Today
DATAVERSITY
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
Octogence
 

Similar to Encryption 101 for Nonprofits (20)

assign3.docx
assign3.docxassign3.docx
assign3.docx
 
Balancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With SecurityBalancing Cloud-Based Email Benefits With Security
Balancing Cloud-Based Email Benefits With Security
 
Data Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement TodayData Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement Today
 
Encryption-Decryption of Email
Encryption-Decryption of EmailEncryption-Decryption of Email
Encryption-Decryption of Email
 
Secure Data Sharing in Cloud through Limiting Trust in Third Party/Server
Secure Data Sharing in Cloud through Limiting Trust in Third Party/ServerSecure Data Sharing in Cloud through Limiting Trust in Third Party/Server
Secure Data Sharing in Cloud through Limiting Trust in Third Party/Server
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
Webinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosWebinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von Baggenstos
 
PACE-IT: Network Hardening Techniques (part 2)
PACE-IT: Network Hardening Techniques (part 2)PACE-IT: Network Hardening Techniques (part 2)
PACE-IT: Network Hardening Techniques (part 2)
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
Migrating PGP to the Cloud
Migrating PGP to the CloudMigrating PGP to the Cloud
Migrating PGP to the Cloud
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
 
What is cloud encryption
What is cloud encryptionWhat is cloud encryption
What is cloud encryption
 
TLS 1.3: Expert Advice to Modernize Your Security and Decryption Practices
TLS 1.3: Expert Advice to Modernize Your Security and Decryption PracticesTLS 1.3: Expert Advice to Modernize Your Security and Decryption Practices
TLS 1.3: Expert Advice to Modernize Your Security and Decryption Practices
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 
Paper id 27201446
Paper id 27201446Paper id 27201446
Paper id 27201446
 
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
 
Webinar Mastery Series: How Security & Compliance become easier with SkyConne...
Webinar Mastery Series: How Security & Compliance become easier with SkyConne...Webinar Mastery Series: How Security & Compliance become easier with SkyConne...
Webinar Mastery Series: How Security & Compliance become easier with SkyConne...
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 

More from Community IT Innovators

Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?
Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?
Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?
Community IT Innovators
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report
Community IT Innovators
 
Cybersecurity Training for Nonprofits
Cybersecurity Training for NonprofitsCybersecurity Training for Nonprofits
Cybersecurity Training for Nonprofits
Community IT Innovators
 
SharePoint Online for Nonprofits
SharePoint Online for NonprofitsSharePoint Online for Nonprofits
SharePoint Online for Nonprofits
Community IT Innovators
 
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
Community IT Innovators
 
Nonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment BasicsNonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment Basics
Community IT Innovators
 

More from Community IT Innovators (20)

Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?
Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?
Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report
 
Cybersecurity Training for Nonprofits
Cybersecurity Training for NonprofitsCybersecurity Training for Nonprofits
Cybersecurity Training for Nonprofits
 
SharePoint Online for Nonprofits
SharePoint Online for NonprofitsSharePoint Online for Nonprofits
SharePoint Online for Nonprofits
 
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
 
Nonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment BasicsNonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment Basics
 
Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?Does Your Organization Need a Better Technology Roadmap?
Does Your Organization Need a Better Technology Roadmap?
 
2020 Nonprofit Technology Trends Roundtable
2020 Nonprofit Technology Trends Roundtable2020 Nonprofit Technology Trends Roundtable
2020 Nonprofit Technology Trends Roundtable
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More
 
How Data Quality Defines Your Organization Webinar November 2019
How Data Quality Defines Your Organization Webinar November 2019How Data Quality Defines Your Organization Webinar November 2019
How Data Quality Defines Your Organization Webinar November 2019
 
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Nonprofit Cybersecurity Readiness - Community IT Innovators WebinarNonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
 
5 Steps to Create an Information Strategy for Your Organization
5 Steps to Create an Information Strategy for Your Organization5 Steps to Create an Information Strategy for Your Organization
5 Steps to Create an Information Strategy for Your Organization
 
Server 2008 and Windows 7 End of Life: 3 Things You Need to Know
Server 2008 and Windows 7 End of Life: 3 Things You Need to KnowServer 2008 and Windows 7 End of Life: 3 Things You Need to Know
Server 2008 and Windows 7 End of Life: 3 Things You Need to Know
 
What Makes Nonprofit Tech Projects Succeed?
What Makes Nonprofit Tech Projects Succeed?What Makes Nonprofit Tech Projects Succeed?
What Makes Nonprofit Tech Projects Succeed?
 
Community IT Webinar: Working with an Outsourced IT Manager
Community IT Webinar: Working with an Outsourced IT ManagerCommunity IT Webinar: Working with an Outsourced IT Manager
Community IT Webinar: Working with an Outsourced IT Manager
 
Nonprofit Cybersecurity Incident Report
Nonprofit Cybersecurity Incident ReportNonprofit Cybersecurity Incident Report
Nonprofit Cybersecurity Incident Report
 
Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...
Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...
Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...
 
Community IT Innovators Technology Trends Round Table 2019
Community IT Innovators Technology Trends Round Table 2019Community IT Innovators Technology Trends Round Table 2019
Community IT Innovators Technology Trends Round Table 2019
 
Selecting Nonprofit Software: Technology Comes Last
Selecting Nonprofit Software: Technology Comes LastSelecting Nonprofit Software: Technology Comes Last
Selecting Nonprofit Software: Technology Comes Last
 
IT Security Incident Response for Nonprofits
IT Security Incident Response for NonprofitsIT Security Incident Response for Nonprofits
IT Security Incident Response for Nonprofits
 

Recently uploaded

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
DianaGray10
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 

Recently uploaded (20)

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 

Encryption 101 for Nonprofits

  • 2. About Community IT Advancing mission through the effective use of technology. 100% Employee Owned
  • 5. What is encryption? the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor
  • 6. History of Encryption This Photo by Unknown Author is licensed under CC BY-SA This Photo by Unknown Author is licensed under CC BY-SA This Photo by Unknown Author is licensed under CC BY-SA
  • 8. Why Encrypt? Compliance – you are required to encrypt some or all data due to its classification Risk management - information that you are working with is sensitive and shouldn’t be publicly disclosed. Security - encrypting our information is a Best Practice
  • 9. Written & Updated Policies Predictive Intelligence Security Training & Awareness Passwords Antivirus Backups Patching Encryption Good Security Practices
  • 10. Example “Protect your data with encryption” …Šb¾MuN •–¦è&Õ¤tÄZPD7Õ$ÿÇÛ²ÎzzßÓx2Ô$»•IhqÓ”,:QüïÈ8ìn¹³¡N@-Ö#âP9ÿ¡³mS ~v¾iôrô ü=¢Žy'Zø¢°ûò§ž•a0–•E}þÀØ*³zÚÝRÙmeâ–Ký¯”,Ž(C[7ë_ËOû“&g-ŠÆÎåÄÜXI¿WXc›Mj{ù54òÔâbÿ.’ Jâ‚v#Íý§wš2CÐC‘•€ÆÅ„?ÚHÒ…«^֐•0Pv𩜤ÙÁ0}ù ¹ŽQ¯b&ð.ÿ4Õ8&~úæ&dc¡ÒÀå .XGXŒÝi"/•98¾øp— Ðw(²â†·‘f6t‰ßøö÷MKÊÓ‘Âñ«*»OœÞõ~Tµ•~A<€P‘÷•§kÄñŠs¦îLh…¦z¹S¬Ã@¯û&Ñyú]ZøGÃfk2Uûÿ…]°+¿¶æØþfˆª@Û5/ks•- k‡öjŸTn§ÏÍš°ifnÁmœ÷¼¤&Źï÷Ì ïÊ+?Ùß¡µÑ€€*4ÿÑ“'îDÆbþDäéâÑ”Q?âi¢À©³ÿvŸÍDƒ—X³3´— Nÿ™n×ü”rSSéiUÑÃåÓ‡'ÕéðÑä°«4M-ØB–1H׬ ŒýhŽï$V?×@ô#¥Á>XkçùÁ¥ ÍÙhkOßxñ ÅÂkõd ,ôC¼ Äц §ä°¨Þ|ûCú¬–¸G‹E¹EwÆ ]ºᛠÒØüíi驨>ƒùêÆKžîø2'»°êЖ¦••õR!SwêÈÎþ qÍ»3šÅçz£»Êàk“l+›Ù™»0‹6” s!5ä“ôò
  • 11. Ransomware This Photo by Unknown Author is licensed under CC BY
  • 12. Glossary of Terms Encrypted at Rest: Data being stored on a server is encrypted. It may still be possible for the hosting company to access the data. Encrypted in Transit: Data is encrypted between the user and the server. The hosting company would have access to the data. End to End Encryption: Typically communication encryption where only the participating parties have they key. This term is sometimes used incorrectly as providers change the meaning of “end”. Zero Knowledge Encryption: Data is encrypted at all times and not even the hosting company can access the data. You do not have to trust that the service would not give out your information since they do not have access to it. This is especially important in the event of a subpoena or data breach.
  • 13.
  • 14. What to encrypt? • In Transit • By Service Provider • By end user Email Chat Programs Full Disk Encryption Within Applications
  • 15. Email Encryption • TLS - Enabling TLS or using a TLS compliant email service such as Office 365, or Gmail ensures that no one can read your email as it is in transit between another TLS compliant provider. In the example below, we can see that I have received a message that was protected by TLSv1.2 Received: from mail-lf0-f48.google.com (mail-lf0- f48.google.com [209.85.215.48]) by mx1423.ess.rzc.cudaops.com (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 03 May 2018 13:20:40 +0000 Received: by mail-lf0-f48.google.com with SMTP id v85- v6so25907237lfa.13for <MEshleman@communityit.com>; Thu, 03 May 2018 06:20:41 -0700 (PDT)
  • 17. Email Encryption • Service Provider • Office 365 • Google Mail Encryption • Barracuda • Zix • Virtu • The easiest type of encryption to implement. It is email encryption that is performed by the service provider
  • 18. Email Encryption • PGP - This form of encryption is performed on the sender’s computer which uses a public/private key pair to encrypt the message. • Sender encrypts (or locks) the contents of a message using the Public Key of the intended recipient and their own Private Key • Both the sender and receiver to have PGP configured. Based on “web of trust” model.
  • 20. Disk Encryption • Window Pro • Combine with InTune or MBAM for administration Bitlocker (Windows) • Can be centrally managed with Casper FileVault (Mac)
  • 21. Applications • Thinking mostly of databases • Systems like Blackbaud and SalesForce • Check custom / legacy systems
  • 22. Upcoming Webinar Building an Effective IT Function Wednesday July 18 4:00 – 5:00 PM EST
  • 23. Follow Up Review your organization’s requirements for encryption 1 Explore how you could use one technology described here 2 Find a buddy and send them an encrypted message 3