A Dozen IT Security Tips
Posted on Wednesday, September 18, 2019 Share
Nonprofits collect a lot of data (donor information, mailing lists, board meeting minutes, client information, etc.), a majority, of which is received or maintained electronically. It is important that your data is protected from unauthorized access. Normally nonprofits have fewer IT resources which makes them more vulnerable to cyber attacks. To help protect your organization, here are some IT security tips to consider implementing.
- Make data security a priority. Provide training for everyone in your nonprofit (staff, volunteers, board members) and develop policies for best practices. Make sure everyone understands common IT threats and how to recognize them.
- Limit access to data. Individuals should only be given access to what they need to perform their jobs. Most software has the ability to control users’ access to certain functions within the software. Administrative authority (installing and uninstalling software, making changes to software, etc.) should be limited. Also make sure access is revoked when an individual leaves the organization.
- Keep operating systems and software up to date. Software should be set to update automatically so that the organization is on the most recent version. Any software that is no longer supported by the developer should be replaced.
- Use anti-virus or anti-malware software to protect against viruses and spyware.
- Require unique logins and passwords. Each user should have their own login and password to access their computer, programs and databases. Each program and database should have a unique password; avoid using the same password for multiple accounts. Passwords should include upper and lowercase characters, numbers and special characters. A password manager, such as LastPass, can be utilized to store and encrypt passwords with a master password to make it easier to maintain multiple accounts.
- When browsing the internet, avoid unknown websites and never download software from untrusted sites.
- Avoid phishing scams and be careful before clicking links in emails. Make sure you recognize the sender’s email address by hovering over the hyperlinks before clicking. Never open or download attachments from an unknown source.
- Implement procedures for mobile devices. Access through an employees’ smart phones create additional security weaknesses. Require employees to use password protection for their devices. Consider limiting the applications that can be accessed via mobile devices and requiring employees to allow the organization to wipe the organization’s data from the device if lost or stolen.
- Perform regular backups to reduce the loss of data. A copy of the backup should be maintained offsite, either physically or in the Cloud.
- Keep your data secured. Use encryption software when emailing sensitive data. Delete any sensitive information (social security numbers, credit card numbers, etc.) when no longer needed. See our previous blog on Credit Card Processing Security for recommendations on credit card numbers.
- Only use USBs from reliable sources. USBs can hold dangerous viruses that may corrupt your network. Also make sure information is erased from the USB after use to limit access to the data.
- When accessing the organization’s network, use virtual private networks (VPNs) for remote access to provide greater security. Also implement multifactor authentication to verify a user’s identity when accessing the network.
Posted by: Carrie Minnich, CPA
Posted in Mission Minded Nonprofits
Disclaimer: The information contained in Dulin, Ward & DeWald’s blog is provided for general educational purposes only and should not be construed as financial or legal advice on any subject matter. Before taking any action based on this information, we strongly encourage you to consult competent legal, accounting or other professional advice about your specific situation. Questions on blog posts may be submitted to your DWD representative.