Nonprofit Digital Security Policies

Is your nonprofit’s digital security policy keeping you safe? Or is it hidden away, gathering dust?

You can think of your organization’s digital security policies as the intricate threads of a spider’s web, crucial for both protection and efficiency. Much like how a spider’s web is strategically designed to collect food and offer shelter, nonprofit organizations must meticulously craft these policies to safeguard their operations and stakeholders. Within this digital web, nonprofits typically attend to password security, cybersecurity insurance, and are keeping systems healthy, but that’s not the end of the line. Here are three more critical aspects that are often overlooked: email management, file storage, and app downloads.

Email Management

Email management acts as the silken strand that filters out potential threats. Standard policies of filters and server settings help reduce spam and spoofing. What about staff policies? Does your handbook give clear instructions on who to contact when someone gets an email that looks suspicious? Should they forward the email or just delete it? Are team members coaching on how to avoid falling for common Phishing schemes? And what should be done if someone accidentally clicks a malicious link? Making sure that all these questions are easily answered will strengthen your web of security.

File Storage

Much like a spider’s web creates a stable, reliable platform for its daily activities, file storage represents a foundational piece of your organization’s web. Are you storing files in the cloud with Google, Microsoft, Box, or another platform? How are you organizing those files? Can you control access to various folders? One of the biggest risks in cloud storage arises when an employee leaves the organization. If lots of files are stored in (and owned by) that individual’s personal account, that poses a problem when they leave. You’ll have to leave their account active for a longer period of time while you sort through and migrate all the documents over to another drive or owner, creating an unattended security risk in the process.

There are better options! For example, Google Workspace currently offers a feature called “Shared Drives,” which gives a whole host of access control you don’t have if individuals use their own personal “My Drive” storage. With Shared Drives, when an employee leaves, their account can be shut down right away but the documents remain accessible to the rest of the users, in their respective shared drive. Safe, secure, and attended to. Most cloud storage platforms offer these features – some are more robust than others, but all require work and thought to ensure best practices are followed. Putting a policy in place ensures that valuable information is secure, remains intact and easily retrievable, enhancing overall operational effectiveness.

App Downloads

App downloads are the threads that connect the web to the broader digital landscape. What apps are your staff using? Whether it’s a browser extension, a third-party CRM plugin, or a desktop application, it’s important to ensure these add-ons are safe and secure. Take the time to review and approve specific apps for their features, staff accessibility, and usefulness. Just as a spider spins all the right threads to maintain its web’s integrity, these policies ensure that apps enhance the staff experience, rather than become a nonprofit digital security risk.

Strengthen Your Web of Nonprofit Digital Security Policies

When creating digital policies, make them clear and concise. Audit your policies to make sure they are being followed. When a large number of your staff are going around, under, or just skipping policies altogether, check to make sure you haven’t made the policy too stringent. Together, these threads within the digital web of security policies form a comprehensive defense system for nonprofits, protecting their valuable assets while enabling them to thrive in the interconnected world. Want help evaluating your digital tools, email support or contact us for a Technology Assessment.