Organization and budget
Ensure it is clear who holds final responsibility for the organization's digital security and make sure the topic is periodically discussed by management.
Digital security as part of existing risk management
Digital security is a dynamic topic that should be an integral part of existing risk management in cultural organizations. Risks must be continuously assessed and mitigated if necessary. More explanation about integrated security can be found at the Cultural Heritage Agency of the Netherlands (opens in new tab).
Inventory important processes
Review all processes that use digital applications and identify which processes are critical for business continuity and where the digital risks lie. Map out what happens if something goes wrong and what the consequences could be. Consider all possible processes, such as payments handled by the finance department. Also pay close attention to situations where your organization collaborates with other parties, the so-called chain dependencies.
Choose secure settings for devices and connections
Ensure strong passwords. For tips on creating a strong password, visit the Digital Trust Center website of the government. (opens in new tab) Check carefully which employees can access which files and make vital components accessible only to those who truly need them.
Add an extra login requirement with multi-factor authentication (MFA). This is also known as two-step verification.
Perform updates in security software
Software updates often contain both user improvements and security updates. If you delay or skip an update, security can become vulnerable.
Therefore, do not delay updating devices connected to the internet. Preferably enable 'automatic updates.' This applies not only to computers or smartphones but also to printers, smart doorbells, websites, servers, and routers.
Increase employee awareness of potential risks
Encourage cautious behavior. Ensure employees remain alert, for example, by discussing the topic regularly and providing training on subjects like recognizing phishing.
Do you work in the cloud? Be aware that this does not automatically mean a backup of your data is made, and often the cloud is also targeted in a ransomware attack. Also, ensure accounts of former employees are deactivated in a timely manner. More information about cyber awareness can be found at the Digital Trust Center of the government. (opens in new tab)
Keep antivirus programs up-to-date and ensure backups
Install antivirus software and keep it up-to-date. Do this on all computers, phones, and servers within the company. Sometimes you can also choose an antivirus product yourself. Regularly back up important files.
A backup can be a last resort if a cybercriminal targets your company. Therefore, make one or more copies of your most important digital data. Copy the files to an external hard drive, disconnect it, and store it in a safe location.
Print an emergency contact list and create a crisis plan
In the event of a cyberattack, you may lose access to information systems. Therefore, ensure that the contact details of key parties are printed and readily available. View an example of such a contact list (opens in new tab). Do you have important customers and (chain) partners? Always ensure there is a crisis plan and update it regularly.
Additional tools and information about cybersecurity
Inspired to improve online security within your organization but unsure where to start? The Digital Trust Center of the government provides further information and has handy tools and resources to help you and your organization become cyber secure.
Also take the Cybersecure Check from the Digital Trust Center to see where you currently stand.
More articles per topic
