Nonprofits have to be just as vigilant about protecting their data as for-profit businesses. They need comprehensive security plans that include policies about data access, management, and disposal. Here are some important things that nonprofits need to do to prevent data loss and breaches.
Create a Written Information Security Plan
Massachusetts data protection laws require all companies that manage data containing people’s personal information to create a Written Information Security Plan. A WISP should describe who is in charge of managing protected information and what must be done to keep it secure.
Destroy Data Securely
Simply throwing out documents or CDs with sensitive data on it could cause a serious breach. Be sure that everyone on your team knows that they need to shred sensitive documents. It may be a good idea to request that people shred all of their documents rather than have to decide what data has to be shredded. Also, take care to safely destroy any physical hardware that contains protected information. For help with hard drive destruction Boston MA, reach out to a provider who can help you onsite so you won’t have to transport your data anywhere.
Establish Secure Login Procedures
Everyone who logs onto your network should have their own login credentials. Avoid using the same password format for everyone, and instruct your staff and volunteers that they must each use their own account whenever they use a computer for any reason.
Train Staff Thoroughly
You can’t count on everyone at your organization to recognize data risks or know how to manage data safely. In addition to requiring some advanced technical know-how, effective cyber security management involves heightened awareness about the dangers and possible consequences of breaches. Hold a staff training session to familiarize everyone with what they need to do in their individual job roles to keep data safe.