The April 2012 issue of Nonprofit Business Advisor (Wiley Periodicals, Inc.) has an informative article about security concerns for nonprofit organizations. Since we are wrestling with this problem at one of the nonprofit agencies on whose board I serve, this caught my eye. We have noted in our search for better IT security, that we will never be able to afford being fully protected. Heck, the US Government can't afford that, apparently, judging from the hacking they've been victims of in the past year. And we don't have as big an army as they do to chase the bad guys down.
The expert, Chester Wisniewski, wrote about cloud computing as a helpful idea for smaller agencies that have tiny IT budgets. He said: "…smaller organizations may find cloud computing advantageous, because it's relatively inexpensive and can free organizations from the complex rules, regulations and legalities related to storing data such as credit card information." He also suggested changing passwords frequently – we've heard that before – and using thumb drives that come encrypted if you allow employees to copy any sensitive information, such as for work at home. We all know how easy it can be to lose one those little guys.
One thing we do know – you can't ignore technology security just because it isn't a big enough line item in your budget. If you maintain sensitive information, donor contact info, credit card data, employee social security numbers, etc., you must take some action to reasonably protect that information from theft. How much is reasonable care? That's for you and your board to decide, preferably with the help of a good security expert. If you don't know one, we do. Ask us.
As always, I welcome your comments and feedback.