It seems like every day we heard of a new data breach. Recently a company called Solarwinds was hacked, exposing the data of millions of customers, even the U.S. Government. Last summer, Blackbaud was hacked as well, which impacted many non-profits and schools.
If your organization is using digital tools in any way, you have digital data that must be protected. While it is true that organizations generally are not subject to laws such as HIPPA or FERPA, the impact of a data breach could have crippling impacts on a customer, client, student, family, employee, and/or your organization’s reputation and finances.
In today’s age, how do you know if you’re doing all it can to protect what you have? Here are some questions you can ask to help figure this out.
- Have we identified and outlined the specific information we need, and who we are collecting it from? Consider everyone that has a record – clients, participants, students, parents, staff, donors, board members, coaches, volunteers and more.
- Do we maintain a list of where this information is stored? Is information stored in a system or in files? Consider any systems both on-site and cloud hosted. Also consider file storage (device hard drives, servers, G Suite, etc.)
- Who administers each system? Do they have a backup person or shared password? Are they properly trained? Is there accountability for them, such as logs? Do you have a signed confidentiality agreement either in the handbook or separately?
- Are systems properly configured so users can only access information they need? Is system access limited only to those who truly need it? Do you have policies addressing password sharing and system access?
- For cloud systems, do you know their privacy policy? Have you reviewed the contract you have with them to determine their responsibilities?
In today’s world, you can’t afford to ignore data security and privacy, but the reality is finding the staff and time to accomplish can be difficult. Hiring a consultant like LeadershipOne Technologies can help you accomplish this task, and creates a value to your clients and employees through having a data safety program.
We would love to work with you to evaluate what data you have and where it is, and get a plan in place to ensure information is private and secure. Contact us today and lets have a conversation about your organization’s privacy!
