Your nonprofit's database is your organization's most treasured possession. It can be difficult to remind yourself of securing the little things, and let's be honest — all of us can get lazy when it comes to being thorough with protecting our data. How many of you have ever written down a password on a sticky note and stuck it on your PC monitor in plain sight? Don't worry. Me too.
The point is, we all have to start being more careful about our data. For you and your organization, this means following specific guidelines for security and privacy.
Below are some security and privacy pointers that can help you create a more secure donor database:
Password protect your work computer to prevent unauthorized access to sensitive documents and files. Avoid using common words and phrases when creating your passwords. Creating a password will enable you to securely lock your computer through Windows. Unattended computers should always be locked.
Your desktop isn't the only thing that should be protected. Mobile devices are a gateway to your network, so password protect and lock your mobile devices when not in use.
Avoid saving personal information such as social security numbers or bank account information in unprotected document files. If keeping this information on your system is necessary, password protect or encrypt the file to prevent unauthorized access.
It's a jungle out there! Install antivirus software to protect your system against viruses, ransomware, and malware. Keeping your antivirus software up to date is important, so always run updates when prompted.
Antivirus software isn't the only thing that needs to be updated. Run Windows or iOS updates when prompted or set a schedule under System Updates to ensure updates are automatically applied to your computer when they become available.
Be sure to back up important documents and files. External hard drives are a cheap and efficient way to quickly back up your data or consider using subscriptions-based cloud services like Carbonite or iCloud to save your data.
If you’re database is cloud based, then your data is being backed up regularly, but if you store your data on a desktop, be sure that you back up your database at the end of every day—especially after a day of heavy database use—to an external source, be it in the cloud or an external hard drive.
Be alert for email scams and phishing. Emails from unknown senders should always be deleted, but you should also be wary of odd emails originating from friends, family, or coworkers. Unusual subject lines or messages generally indicate the message came from a malicious source.
As public Wi-Fi becomes more ubiquitous it's tempting to use a free connection whenever it's available but remember that these connections are not secure and any information sent over public Wi-Fi can potentially be intercepted by hackers scanning the connection.
If you need to send an email or access sensitive personal information online, disconnect from the wireless network first. Don't forget: your mobile device can create a personal Wi-Fi hotspot, allowing you to safely connect your devices such as laptops or tablets to the Internet.
Your policy manual should include policies around all these security and privacy best practices, but there’s little point in having all these policies if you don’t take the time to make sure all staff know and understand them. New employees should receive a thorough review of all these points and all staff should have a regular periodic review.
Expand upon and alter these policies so they make sense for your specific organization, and you will have a more secure donor database, guaranteed.
And no more passwords on sticky notes, okay?