Close this window
In a perfect world, your nonprofit would have the resources
to equip every worker and volunteer with a secure laptop. Unfortunately, the
world isn’t perfect—that’s why nonprofits exist in the first place—so you
probably deal with a hodgepodge of personal devices.
That’s not a bad thing. Many private enterprises are moving
in that direction anyway; people appreciate the comfort that comes with using their
own devices. In May, Gartner predicted that by 2017, half of employers will stop
giving employees company devices altogether.
The trend has a name: BYOD, or Bring Your Own Device.
Nevertheless, BYOD workplaces are harder to control and
secure. How should your nonprofit reap the benefits of BYOD without investing
too much money and time?
If your organization is full of foreign devices, hackers have
more ways to break in, full stop.
It’s easy to push the thought of a security breach to the bottom
of your list of concerns when you haven’t experienced one, especially if you
have few staff members; small organizations tend to figure hackers won’t notice
them. But size isn’t everything: The only hacked organization I’ve ever worked
with had just four full-time employees.
As a nonprofit, it’s especially important to make security a
priority. Depending on what kind of data you handle—student data, medical data, and so on—security is likely a key part of your work. Even if you don’t think
it is, remember that nonprofits rely on other peoples’ trust to deliver their
services. It’s important to encourage that trust in whatever way possible.
Since you can’t secure your BYOD workplace when you don’t know
what your priorities are, the first step is figuring out what data you
absolutely must protect.
If you work with a large number of volunteers, it’s not
realistic to make sure each and every one uses the Internet responsibly.
Implementing guest access control allows you to treat volunteers and staff
members differently without thinking too hard about it.
Volunteers—i.e. guests—could be barred from getting their
hands on sensitive information. Plus, whatever malware they might have picked up
from, say, using a random Facebook application wouldn’t be able to harm your
network. Certain products even assess guests’ devices before allowing them to
connect to the network in the first place.
As mentioned above, you can’t educate every volunteer that
passes through your office. Your staff,
on the other hand, is a serious investment. Treat it like one by training staff
members to take basic security precautions.
The first order of business should be password hygiene. Paradoxically,
making hard-to-crack passwords is so simple that plenty of people neglect to do
so; think of the way people get dehydrated even though they know perfectly well that drinking water is
All staff members should make passwords for their devices that
include a mix of letters (uppercase and lowercase), numbers and symbols. The
passwords should be free of anything too obvious, like street names or spouse
names. Is it annoying to use hard-to-remember passwords? Yes. But it’s also
annoying to break them.
PINs (personal identification numbers) deserve similar treatment. A
study of 3.4 million PINs found that over 10 percent of them were just
1234. If you add in 0000 and 1111 into the mix, you have 20 percent of them
Together, you and your staff can set mandatory password
change dates. Feel free to throw some hacker-related horror stories out there
so that staffers actually listen.
BYOD workplaces have a lot of moving parts, but simple
precautions go a long way. The hope is that eventually, your biggest concern
will be the constant arguments between Mac and PC users.
I BYOD with a Mobile Beacon hot spot!
This is also a topic of conversation over on the TechSoup Community Forum:
I work with a lot of nonprofits that are frequent targets of hackers, because of their mission focus - they are under attack constantly. Most do not allow people to join their networks with their own devices - and most don't have the budget to be able to offer a network just for guests.
This work is published under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License.