Nonprofits are focused on fundraising, staff and volunteers, programs, and other mission-oriented initiatives. Finding the time to handle technology and data security can be a challenge. Nearly half of Sinu’s customers are nonprofits, and we have found most organizations face many of the same tech challenges. We have decided to identify the top technology challenges we have seen in organizations and select one topic each week to provide tips and resources to our nonprofit friends. If you have a suggested topic, please email us, and we will try to address that topic in an upcoming article!
Below are the top IT challenges we have identified along with our first topic: Data Security.Top Tech Challenges for Nonprofits:
Replacing obsolete technology
Data backup and continuity solutions
Creating and enforcing tech policies and best practices
Migrating to appropriate cloud solutions
Training staff and board on new technologies
Budgeting for system upkeeps and replacement cycles
While organizations may be more diligent about utilizing security hardware and software, people also play a critical role in protecting against data security breaches. In fact, studies show that 95 percent of IT security breaches are attributed, in part, to human error (according to IBM’s 2014 Cyber Security Intelligence Index report).
Large companies with big technology budgets are not immune to data security breaches. One of the largest data breaches in recent history was with JP Morgan in 2014. That year alone, the company spent $250 million on computer security, yet the company’s security team apparently forgot to upgrade an overlooked server in its vast network, leaving JP Morgan vulnerable to intrusion.
With the human factor so critical to preventing data breaches, it is important to put a clear, easy-to-adopt data security policy in place at your nonprofit and clearly communicate expectations to employees in order to minimize your organization’s risk with these tech challenges. There are ways to create a culture of data security within your organization and follow security best practices with a little time, good internal communication, and without a large investment.
Strong passwords are universally the most challenging to generate and manage when following recommended practices, but they are probably the single most important defense against a data breach. The most secure passwords are long, include special characters, do not repeat between accounts, and are changed often. While your staff may complain that they are hard to remember and you may hear heavy sighs everytime you change passwords, organizations should create and enforce a password policy in order to protect their data.
Here are some tips for generating secure passwords:
- Generate a different password for each online account
- Make a random 2 to 4 word paraphrase that does not include any elements from your name, organization, address or any information associated with you
- When generating your own password, it should contain upper and lowercase letters, punctuation, a number and be a minimum of 14 characters long
- Change your passwords every 3-6 months and don’t reuse them
- Do not store your password list in the cloud, such as on Google Docs or Dropbox
- Consider a two-step verification on services that provide it
For most organizations, it is difficult and time consuming to manage dozens, if not hundreds, of unique online passwords. There are several password management solutions that can help you both generate and manage secure passwords for your online accounts. Lastpass, offers free and premium password generation and management services. With Lastpass you only need to remember one master password to access the other passwords it encrypts and stores for you. A good, free tool is xkpasswd which is easy to use. In the "Presets" area at the top, choose NTLM, WEB16 or APPLEID (these just represent templates, ordered by increasing complexity); scroll down to the "Generate Passwords" area; click “Generate 3 Passwords"; choose one of them. Then say it, type it, memorize it.
For an overview of how best to manage the passwords in your nonprofit, along some tools for storing your passwords, read Sinu's blog: How secure is your password.
While passwords are critical to protecting data, replacing obsolete software and hardware is equally important, as they pose a risk when companies no longer support the technology and provide regular updates and patches. We will discuss the importance of keeping your technology up-to-date in next week’s article covering another top tech challenge for nonprofits. In the meantime, if you would like to read more about data security, please download our free whitepaper: Oh, the Humanity! The role people play in data security.