Photo by Blake Patterson

Photo by Blake Patterson

In the first blog post of this series, I focused on the critical role staff play in IT security.  In this post, I focus on the role of planning and policies in IT security.
1. Does your organization have IT security policies and do you enforce them?
Technology can do many things. IT wizards have a host of tools to secure your data, success or failure often comes down to the end user. Good IT policy must be pushed from the very top of the organization. Such policies should be reevaluated periodically. They must also be enforced and upheld by everyone in the company.
Remember that leadership sets the tone and if a policy is neglected or outright ignored, other users will be less likely to give it the needed weight. Even the president of your company and the top VIP’s must follow security policies. Even your tech support team, often notorious for dodging the rules, should be held accountable.
IT security polices should include (but are by no means limited to): password policies, BYOD (bring your own device), use of passwords and physical security (many of these are covered later). Policies only help secure your network if people follow them.

2. Does your organization have a password policy?
While this may seem like a no-brainer, every company needs a good password policy and it MUST be enforced. Users should have to reset passwords every 60 to 90 days, and passwords should be complex.
Beyond that, consider where these passwords are recorded both on a personal level (no sticky notes under the keyboard) and as a company (where does that Excel file live? Is it protected? What happens if you lose it?).
Resource: Password Security – Tips & Tricks
3. In terms of IT planning, do you have a business recovery and backup plan?
Part of a good security plan is planning how to recover from a problem. While  you can start the discussion with hackers in mind, stopping there is not prudent. There are a host of things that can bring down your network, and you should have a backup plan.
If you can’t answer the following questions (or find someone in your company that can) you should look outside your organization for help:

Resource: Planning for Disaster

This is Part 2 of a blog series on IT Security Best Practices. Feel free to comment below to share your questions and ideas on the topic. Join us for the webinar on July 25 on IT Security Best Practices.

Video: Artificial Intelligence (AI) and Ethics for Nonprofits

Join Sarah Di Troia and Johan Hammerstrom for a discussion of the impact of AI as staff do their jobs, and with your community partners, volunteers, and funders.

Are You Ready for IT You Can Depend On?

Fill out the form below to request a quote. We’ll be in touch shortly to discuss your needs and take the first step toward better nonprofit IT.