Every now and again it’s sensible to do a system security check-up. We’d suggest starting with:
- Check logins. Have you removed any logins for people that have left? Is everyone at the correct level? Don’t forget to check each project, if you have them.
- Consider two-factor authentication if you haven’t already, at least for some users (system admins, for example)
- Check your password policy. We’d suggest a) long (12 characters+) and b) avoid common passwords. Encourage everyone in your team to start using a password manager to make this easier.
In Lamplight you’ll find all of these in System Admin > Database Operators and Security:
More generally, this update from the NCSC highlights the risks to charities from phishing and ransomware, and links through to the free support available to get Cyber Essentials.