• Encryption: Encrypt sensitive data on devices and storage platforms to render it unreadable in case of a breach.

• Regular Backups: Back up data regularly to a secure location to ensure recovery in case of a cyberattack.

• Strong Passwords: Enforce strong and unique passwords for all devices and online accounts and using two-factor or Multi Factor authentication (2FA/MFA) for added security.

• Phishing Awareness Training: Educate staff on identifying and avoiding phishing/social engineering attacks.

• Cybersecurity Training: Provide regular cybersecurity training to staff on best practices for secure online behavior. These best practices can include awareness on practices like

a. Limiting admin access to devices and systems only to who are authorized to use and logging off when not in use to prevent sneeking or unauthorized access

b. Implementing physical security measures to protect devices like keeping them in locked areas.

c. Usage of a proper cover and screen guard to protect your mobile from damage.

d. Avoid having food or water while working on system to avoid spillage

e. Usage of accessories for protection like padded/cushioned bags for carrying laptops and screen guard and covers to protect devices

• Data Handling Protocols: Establish clear policies on data handling, access controls, and reporting suspicious activity.

• Anti-virus/Anti-malware Software: Install and keep updated anti-virus and anti-malware software on all devices. •

Software Updates: Ensure timely updates for operating systems and applications to patch vulnerabilities.

• Secure Wi-Fi: Avoid using public Wi-Fi for accessing sensitive data. Consider using a Virtual Private Network (VPN) for added security on public networks.

•Remote Wiping: Enable remote wipe functionality on devices to erase data in case of theft or loss.

• Firewalls: Deploy firewalls to monitor and control incoming and outgoing network traffic, helping to block unauthorized access and malicious activity.

• Security Research: Research the security practices of any online platforms or cloud storage services used by the NGO.

• Vendor Contracts: Include data security clauses in contracts with vendors or service providers who handle NGO data.

Remember: Security is an ongoing process. Regularly review and update security measures to stay ahead of evolving cyber threats.