Non-profits depend on volunteers, but they need professional-caliber computer security. The data files at non-profit organizations contain lots of valuable personal information about donors, employees, and volunteers, and they may be stored on donated, older-model hardware that’s vulnerable to attacks.

Even if the information the non-profits hold doesn’t grab a hacker’s attention, the non-profit’s cause might, making it vulnerable to an attack by a hacktivist. Non-profits need to take steps to make sure they protect their data and their mission.

1. Review your risks

Because non-profits have limited funds, it’s especially important to be strategic about where you invest your resources. Identify the data that’s most valuable and the systems that are most vulnerable and focus your attention there first. Donor’s credit card information should be a top priority for protection.

2. Upgrade and apply patches

Donated equipment and software that’s no longer supported makes you vulnerable to both new and old malware attacks. Upgrade to supported versions and make sure you have a process for applying patches.

3. Bring in tools to defend you

Every non-profit should have antivirus software running on every computer. Depending on your organization and how complex your infrastructure is, you may need other tools like firewalls and intrusion protection systems.

4. Train employees and volunteers

Employees and volunteers should all undergo computer security training as they’re brought on board. This training should address topics like identifying phishing messages and using strong passwords. Because the human factor is a frequent cause of security lapses, consider whether you should use multi-factor authentication for added security.

5. Establish policies for phones and tables

Implement a “bring your own device” policy to protect against threats from volunteers’ phones or tablets your staff uses out in the field.

6. Review your vendors’ security

Your data can be made vulnerable through third parties that have access to it. Make sure your payment, email, and other technology services are obtained through reputable companies that adhere to their own information security plans.

7. Have an incident response plan

Know how you’ll identify that a data breach has occurred and what your legal and technical response will be. Make sure your backup and recovery procedures are effective so you can restore a known, good state of your systems if necessary.

The information security threats facing non-profits change constantly along with changes in technology. Work with a provider like Prescient Solutions, who can keep you up to date on the risks and implement strategies to address them. We’ve provided services to Chicago-area businesses and non-profits for 20 years, helping them achieve effective use of their technology. We can help you address all your IT challenges, including information security, networking, help desk support, and more. Contact us to learn how we can solve your IT problems so you can focus on achieving your non-profit mission.