Victim service organizations often work with multiple agencies to provide comprehensive support for survivors; these agencies include healthcare providers, social services, law enforcement agencies, and more. While collaborations are helpful to effectively meet the needs of survivors, ensuring that cybersecurity measures are effective across all parties is crucial to protect survivor data. There can be data breaches from human error, hacks, unsecured networks and more.
Here are specific tools and frameworks that victim service organizations can use when working across multi-disciplinary teams that solve for specific risks:
Risk: Increased vulnerability to cyber attacks
Solution: Standardized security frameworks
Frameworks such as NIST Cybersecurity Framework or ISO/IEC 27001 ensure that all agencies follow consistent, high-level security protocols. They provide detailed guidelines for risk assessment, incident response, and continuous monitoring. Additionally, consider leveraging CISO as a Service options. These services provide access to a part-time Chief Information Security Officer, ensuring you have expert guidance and support available for incident response and ongoing security needs.
Risk: Data interception via sharing data over email/other insecure platforms
Solution: Encrypted data-sharing platforms
Platforms like Tresorit enable data sharing of sensitive victim information, offering end-to-end encryption and ensuring data remains secure during transmission and storage. For organizations with limited budgets, exploring free or low-cost options like ProtonMail for encrypted communication can be beneficial.
Risk: Data hacking into existing systems due to inherent vulnerabilities
Solution: Regular penetration testing
Penetration testing simulates cyberattacks to identify and fix vulnerabilities before they can be exploited. Conduct regular penetration testing using automated services such as Cobalt and BreachLock, which offer continuous and on-demand scanning. These services even provide pro bono or discounted rates for non-profits, making it more accessible for victim service organizations. At Parasol, we use pen testing to ensure our tools are safe and secure.
Risk: Data stored across multiple platforms increases chances of data breaches
Solution: Application Programming Interfaces (APIs)
Using APIs can facilitate secure management seamlessly across agencies without needing multiple tools to save data. For organizations that don’t have in-house technical expertise, it’s important to ask vendors about their API solutions as they will typically be the ones who implement them. Questions to ask include the kind of API management they offer, how they ensure data security, costs associated with it, and the level of support provided. Open-source solutions like Kong API Gateway can be a cost-effective alternative.
Risk: Human error leading to data hacks
Solution: Phishing Simulation Programs
Human error accounts for around 24% of all data breaches (from IBM's 2023 Cost of a Data Breach Report); it’s reasonable to infer that a significant portion of those human error incidents are due to phishing. Implement phishing simulation programs, such as those offered by KnowBe4 or Cofense, to train staff in recognizing and responding to phishing attempts. These simulations can significantly lower the risk of successful phishing attacks. For budget-friendly options, consider free alternatives like Gophish, which provide basic phishing simulation capabilities.
Although some solutions can be costly, there are many affordable alternatives and grants available to support non-profits in their cybersecurity initiatives. At Parasol, we have a Technology Enablement Fund (TEF); this grant award program aims to bridge the funding gap for operational expenses related to technology in nonprofit organizations providing victim services, enabling them to procure tech to better support survivors.
Effective cross-agency cybersecurity in victim services requires standardized frameworks, specific tools, and collaborative efforts. By adopting these best practices and cost-effective options, victim service organizations can safeguard sensitive information and ensure their collaborative efforts enhance, rather than compromise, the safety and well-being of the survivors they serve.
Comments