This is the fourth in a series of articles addressing top technology challenges facing nonprofit organizations. If you have a suggested topic, please email us, and we will try to address that topic in an upcoming article!
Nonprofits have access to an increasing amount of data to help inform programming, constituent relations and fundraising. However, with so much data available, many nonprofits find data management challenging, as well as interpreting and securely storing it.
In its simplest terms, data management requires that you know where your sensitive data is and how securely it is stored. Below we have outlined some tips to help with managing data and risk.
• Map out all the systems that collect and store data.
• Store only the sensitive data you need. If you don’t need to have those social security numbers, find a way to not store them anywhere. What is not there cannot be stolen and keeping unnecessary data increases your data security surface area and your risk.
• For any sensitive data you need, assess how securely it is stored.
• Make sure your systems and hardware are up-to-date. If your technology is older than 3 to 4 years, then the chance you have security vulnerabilities increases. Check with your system and hardware providers and make sure you have a well understood and current working relationship with each vendor.
• Review the backup strategy for each of these systems. Is the backup data secure? Who has access to the backup data? What about when it is stored remotely? And how far back do you retain your data – is it far back enough that you could deliver data to an auditor for the time period you are legally required to?
Beyond streamlining the data you collect to only what you need and ensuring your tech solutions are up-to-date, it is important to develop a culture of security within your organization so that staff do not inadvertently become the weak link in the data security chain. For instance, educate your employees about social engineering with information about how to spot malicious emails and apps. As we pointed out in our blog, Social Engineering: Bad People Tricking Good People, while social engineering schemes are difficult to prevent entirely, there are a number of steps you can take help avoid these types of data security breaches:
• Educate your employees about how to identify malicious emails and apps. (See our blog on this topic.)
• Implement a data security policy.
• Use the best antivirus software. While antivirus software cannot eliminate social engineering schemes, it can help mitigate its effects and that of other malware.
• Reduce and control local administrator rights to minimize the number of people who can download or make changes to system-wide software.
• Commit to strong passwords. Change passwords every six months and use two-factor authentication whenever possible. (Read this blog to see how secure your password is and for more detailed information on creating strong passwords.)
At Sinu, we are committed to providing all-in-one services for our customers built with proven technology with your data security as a top priority. We also provide on-demand data and reporting to help inform your mission-critical decisions. If you have questions about managing data and data security, contact us. We’re here to make your (virtual) life easier!