TechSoup.org The place for nonprofits, charities, and libraries

How to Stop Worrying and Embrace the Nonprofit BYOD Workplace

How to Stop Worrying and Embrace the Nonprofit BYOD Workplace

  • Comments 2
  • Likes

In a perfect world, your nonprofit would have the resources to equip every worker and volunteer with a secure laptop. Unfortunately, the world isn’t perfect—that’s why nonprofits exist in the first place—so you probably deal with a hodgepodge of personal devices. 

That’s not a bad thing. Many private enterprises are moving in that direction anyway; people appreciate the comfort that comes with using their own devices. In May, Gartner predicted that by 2017, half of employers will stop giving employees company devices altogether. The trend has a name: BYOD, or Bring Your Own Device.

Nevertheless, BYOD workplaces are harder to control and secure. How should your nonprofit reap the benefits of BYOD without investing too much money and time?  

People on various mobile devices

Decide What to Protect  

If your organization is full of foreign devices, hackers have more ways to break in, full stop.

It’s easy to push the thought of a security breach to the bottom of your list of concerns when you haven’t experienced one, especially if you have few staff members; small organizations tend to figure hackers won’t notice them. But size isn’t everything: The only hacked organization I’ve ever worked with had just four full-time employees.  

As a nonprofit, it’s especially important to make security a priority. Depending on what kind of data you handle—student data, medical data, and so on—security is likely a key part of your work. Even if you don’t think it is, remember that nonprofits rely on other peoples’ trust to deliver their services. It’s important to encourage that trust in whatever way possible.

Since you can’t secure your BYOD workplace when you don’t know what your priorities are, the first step is figuring out what data you absolutely must protect.

Use Guest Access Control

If you work with a large number of volunteers, it’s not realistic to make sure each and every one uses the Internet responsibly. Implementing guest access control allows you to treat volunteers and staff members differently without thinking too hard about it.

Volunteers—i.e. guests—could be barred from getting their hands on sensitive information. Plus, whatever malware they might have picked up from, say, using a random Facebook application wouldn’t be able to harm your network. Certain products even assess guests’ devices before allowing them to connect to the network in the first place.

Train Staff Members

As mentioned above, you can’t educate every volunteer that passes through your office. Your staff, on the other hand, is a serious investment. Treat it like one by training staff members to take basic security precautions.   

The first order of business should be password hygiene. Paradoxically, making hard-to-crack passwords is so simple that plenty of people neglect to do so; think of the way people get dehydrated even though they know perfectly well that drinking water is important. 

All staff members should make passwords for their devices that include a mix of letters (uppercase and lowercase), numbers and symbols. The passwords should be free of anything too obvious, like street names or spouse names. Is it annoying to use hard-to-remember passwords? Yes. But it’s also annoying to break them.

PINs (personal identification numbers) deserve similar treatment. A study of 3.4 million PINs found that over 10 percent of them were just 1234. If you add in 0000 and 1111 into the mix, you have 20 percent of them nailed down.

Together, you and your staff can set mandatory password change dates. Feel free to throw some hacker-related horror stories out there so that staffers actually listen.

BYOD workplaces have a lot of moving parts, but simple precautions go a long way. The hope is that eventually, your biggest concern will be the constant arguments between Mac and PC users.

More Resources

Image: lars_o_matic

  • I BYOD with a Mobile Beacon hot spot!

    www.techsoup.org/mobile-beacon

  • This is also a topic of conversation over on the TechSoup Community Forum:

    forums.techsoup.org/.../37821.aspx

    I work with a lot of nonprofits that are frequent targets of hackers, because of their mission focus - they are under attack constantly. Most do not allow people to join their networks with their own devices - and most don't have the budget to be able to offer a network just for guests.