This post is Part 1 in a series about how nonprofit organizations could solve tomorrow’s problems today. Click here for Part 2 and Part 3.

“I have so much to do, 8 days a week wouldn’t be enough!”

That seems to be the chronic problem of dedicated nonprofit employees. You check one thing off the list and three more take its place. Often, the unfortunate results of this shows up as a crisis: something that wouldn’t have been much of a problem if you had had time to prevent it a year, a month, or even a day ago.

Unfortunately, confirming our data is as well-protected as possible might be set aside, especially for those of us who find the entire language of technology completely foreign – and worse, constantly evolving. While preventing all data breaches seems impossible and the cost of protection can feel insurmountable, there are some steps every nonprofit should take to help solve tomorrow’s problem today:

  1. Hire a professional from outside your organization – and with no ties to any of your staff – to conduct a data breach risk analysis. This will tell you what’s at risk and how it is at risk and what can be done to reduce or eliminate the risk. It can also help you set priorities for strengthening security and removing vulnerabilities. A nonprofit’s donor base is one of its most important assets, so protecting it is critical.
  2. Restrict access to data on a need to know basis. Many databases can be easily copied to a flash drive and dropped into a backpack or purse. You may not want to consider that one or more of your employees could have less-than-honest intentions, but that’s not a reason to basically invite problems by not building in safeguards.
  3. Provide training for staff. We’ve been hearing the same warnings for years about regularly changing our passwords and not writing them down and putting them where they are easy to find. Yet if you walked around your office and looked under every keyboard, how many sticky notes would you find with the password written on it? Research shows that the most common password is “password,” followed by “123456.” We roll our eyes at that (or else gulp if we’re guilty!), but let’s face it – memorizing a random string of lowercase letter, uppercase letters, numbers and symbols is almost impossible for most of us. Another critical data protection measure – and one that is often sacrificed to the tyranny of the urgent – is back-ups. Helping employees truly understand the importance of data and the “why” behind security requirements can go far in increasing compliance.

Want to know more? Check out this article from Nonprofit Risk Management Center.

Too much to do and not enough time? Protecting your nonprofit’s database is one thing that you simply can’t afford to put off until tomorrow.

Continue to part 2 here or advance to part 3 here.