Does your small to mid-sized nonprofit have good security policies and practices? Even if you work for a large nonprofit with a dedicated IT team managing security threats and hopefully preventing disaster, coming by a solid system for securing your technology, infrastructure, documents, devices, and equipment can be a challenge.
Share your top tips in this thread. What's worked for your organization? Did your staff go along with new policies you implemented? If not, did you have strategies to help encourage staff to adopt more secure web-browsing, internet surfing, email-attachment-opening, and other unintentional security breaches? What about policies to secure against one staff person having too much access to databases or servers? Do you set strict roles for who has access to what information?
Tell us your experiences so we can learn from them. We'll be publishing a white paper about how to address security threats at small to mid-sized nonprofits with few resources later this week. I'll post the link in this thread once it's live.