Checklist digital security for cultural organizations

Ensure it is clear who holds ultimate responsibility for the organization’s digital security and make sure the topic is periodically discussed by management.

Digital security is a dynamic topic that must be an integral part of existing risk management in cultural organizations. Risks must be continuously assessed and mitigated if necessary. More information about integral security can be found at the Dutch Cultural Heritage Agency (opens in new tab).

Review all processes involving digital applications and identify which processes are critical for business continuity and where digital risks lie. Map out what happens if something goes wrong and what the consequences could be. Consider all possible processes, such as payments handled by the finance department. Also, pay close attention to situations where your organization collaborates with other parties, the so-called chain dependencies.

Ensure strong passwords. For tips on creating strong passwords, visit the website of the Digital Trust Center, from the government. (opens in new tab) Carefully review which employees have access to which files and make vital components accessible only to those who truly need access.

Add an extra login requirement with multi-factor authentication (MFA). This is also known as logging in with two steps or two-step verification.

Software updates often include both user improvements and security updates. If you don’t update or delay updates, your security may become vulnerable.

Therefore, do not delay updating devices connected to the internet. Preferably enable ‘automatic updates.’ This applies not only to computers or smartphones but also to printers, smart doorbells, websites, servers, and routers.

Encourage cautious behavior. Ensure employees remain alert, for example, by regularly discussing the topic and providing training on subjects like recognizing phishing.

Do you work in the cloud? Be cautious, as this does not automatically mean a backup of your data is created, and the cloud is often targeted in ransomware attacks. Also, ensure accounts of former employees are promptly deactivated. More information on cyber awareness can be found at the Digital Trust Center of the government. (opens in new tab)

Install antivirus software and make sure this software remains up-to-date. Do this on all computers, phones, and servers within the company. Sometimes you can choose an antivirus product yourself. Regularly make backups of important files.

A backup can be a last resort if a cybercriminal targets your company. Therefore, ensure one or more copies of your most important digital data. Copy the files to an external hard drive, disconnect it, and store it in a safe location.

A cyberattack may render your information systems inaccessible. Therefore, ensure the contact details of key parties are printed and ready. Check out an example of such a contact list (opens in new tab). Do you have important clients and (chain) partners? Always ensure a crisis plan is in place and update it regularly.