We are an IT provider that believes in your mission & measures our success by your impact

Information Security on a Budget

Information Technology Security has become a major headache (or heartache) for Not-for-Profit (NFP) and charitable organizations.  Advances in computing power and technology and the profusion of mobile devices and associated applications have brought the desktop computer out from under the desk and into the pockets and purses of millions of users worldwide.  Protecting those computing platforms and the organizational information they may contain has become a stumbling block to true progress and efficient workflow.

As an NFP or charitable organization, budgets are often slim or severely constrained; every dollar must be accounted for and profitably employed.  IT Security, by comparison has traditionally opaque Returns on Investment (ROIs), typically only realized, as with other forms of risk management, when a breach actually occurs and is mitigated.

Why Bother?

As with many government-funded and/or -regulated sectors it is a case of optics.  Should a serious breach occur you can bet your non-existent security dollars that the political buck will stop with the agency/organization that failed to “protect the public” and “exercise due diligence”.

What Are We To Do?

In order to approach the subject with any real efficacy, we first need to determine what must be the focus of our efforts.
The 3 main objectives of Information Security are the following:

Confidentiality: Preserving authorized restrictions on information access and disclosure.

Integrity: Guarding against improper modification or destruction of information.

Availability: Ensuring timely and reliable access to and use of information.

The three main objectives are conveniently listed in the average order of precedence for an NFP or charitable organization.  It is generally paramount to keep any sensitive business information or client`s personal information confidential.  Integrity for some may be important but most data can usually be reconstituted or restored from a convenient backup, be it electronic or physical (eg. Paper records).  Lack of availability, especially to the electronic medium may be annoying but rarely damaging, the conspicuous exceptions to this is, of course, eHealth wherein lack of availability may be life-threatening.  In those cases the agency usually has special funding or mission critical infrastructure to ensure availability that falls outside the scope of this article.

So, Confidentiality It Is

For an NFP or charitable organization, government funding or subsidy is often crucial as is the good auspices of the public at large.  One of the prevalent issues for both groups is privacy.  Among the three security objectives that which most directly addresses privacy is confidentiality.  Luckily the list of objectives just happens to be inversely ordered relative to expense.  Engaging a screen saver with a password is certainly cheaper than providing backups for integrity or highly available server and network infrastructure for availability.

So, What Can We Do?

Fortunately, the following list comprises items that are free and only take a limited amount of technical knowledge to implement:

  1. Create different user accounts on desktops/laptops with passwords for each staff/volunteer using the machine
  2. Train staff and volunteers to use strong passwords/passphrases
  3. Have staff and volunteers save their information to folders on the hard drive that have permissions only for themselves (and the system administrator, of course)
  4. Have staff and volunteers sign a legally binding Non-Disclosure Agreement (NDA) - get started with a template NDA
  5. Engage system screen savers with password with reasonable time-out (eg 5 minutes)
  6. Encrypt all external storage media
  7. Do not allow staff or volunteers to remove external storage media without authorization - for guidance, see the procedures used by the University of Virginia.
  8. Do not recycle or dispose of old desktops/laptops without wiping or removing the hard drives
    • The University of Wisconsin has an example policy
    • Wiping can be done with open source software, as explained in this tutorial
    • To destroy the hard drive: use a 3 pound sledge hammer (seriously)
  9. Employ Anti-Virus/Anti-Malware software - such as this open source option
  10. Enable automatic system updates

Is That It?

There are of course many more techniques, tools and talents involved in securing your data and environment.  These are simply some of the easier, and cheaper, methods of getting it done.  Should your risk environment be larger than the above covers, consider finding some budget dollars and investing them in your Information Security. Those dollars could mean the difference between your NFP or charity and a lawsuit.

Content Type: 

At PeaceWorks, we know how to set up your organization with technology that drives your mission. Together, we define a technology vision for your organization and recommend the best ways to support that vision.

Find Out More →

We provide effective and affordable migrations, installations and upgrades that better manage your infrastructure. We focus on solutions that meet your needs, not solutions that are unnecessary or outside of your budget.

Find Out More →

We will design and create a new or enhanced on-line presence. We work with you through the entire process to ensure you get exactly what you need for the present, as well as the future. We build our websites with Search Engine Optimization (SEO) and accessibility practices, customizing as required.

Find Out More →

We collaborate with you to create solutions that turn ideas and data into information that you can use, analyze and distribute.  We build the technology solutions that equip you to better engage and manage your staff, your clients, your volunteers, and your donors.  We simplify data collection, intelligence and management.

Find Out More →

PeaceWorks provides the management and sale of hardware and software solutions. We always discuss your needs and provide you with the most preferable options.

Find Out More →

About PeaceWorks

PeaceWorks provides first-rate technology solutions that enable organizations to achieve their mission with increased ease and efficiency. We focus on genuine client-focused relationships, connecting client needs with sustainable and reliable technology solutions.
Learn More

Waterloo

101-554 Parkside Drive
Waterloo, Ontario
Canada
N2L 5Z4

Phone: 519.725.7875
Fax: 519.725.4220
Toll Free: 888.817.3048

Email Us

Winnipeg

100-62 Hargrave Street
Winnipeg, Manitoba
Canada
R3C 1N1

Phone: 204.480.0314
Fax: 204.415.2051
Toll Free: 888.817.3048

Email Us

Connect With Us

Sign Up For Our Newsletter: