Tips to improve technological security in non-profit organisations

The rise in new technologies and the digitalization of non-profit organisations in recent years have opened the door to new threats in the field of digital security.

Storing information on the net, the daily use of emails and all sorts of software, sharing information between different devices and other usual practices in this new day-to-day make it necessary to establish some protocols to secure information and maintain technological confidentiality.

To help non-profits in the field of digital security, and so they can defend themselves from possible attacks, the Fundació Pere Tarrés offers a series of guidelines:

6 recommendations to protect the organisation’s information

• Storing information on the net. Always use the organisation’s resources to store information and make backup copies regularly. It is not advisable to use personal devices such as external memory drives or USB sticks when copies aren’t made or they don’t have the adequate measures.
• Contact with staff from outside the organisation. When it comes to sharing confidential information, and whenever this is possible, it is good to encrypt the information.
• Delete confidential documents. It is necessary to regularly empty your device’s trashcan to delete any traces of information we wish to delete. It is also advisable to go through our storage units regularly and delete unwanted items.When referring to information on paper, always use a shredder to destroy these documents.
• Carrying information. Never leave a device that is used outside the office and that contains information on the organisation unattended. Take special care when using USB sticks as they can easily be lost or stolen.
• Keep your workspace safe. It is important to keep your workspace and the information used safe. Block your device before leaving your workspace without waiting for it to block automatically and keep your desk free of papers.
• Passwords. It is essential to have passwords that are complex and difficult to relate to a person. Passwords must always be personal and shouldn’t be shared or left for others to see. To find a suitable password you may use a password generator such as Lastpass.

7 tips to protect your professional activity when working from home

This type of prevention in the field of digital security is even more relevant during the times of the pandemic, when working from home is so usual for non-profit organisations. The Fundació Pere Tarrés also defines a series of aspects that should be observed:

• Use of WiFi networks. Avoid accessing the services of the organisation remotely from WiFi networks that aren’t trustworthy; avoid connecting from public shared networks that aren’t known and authorised for this purpose.
• Use of professional workstations. The computer you will be using will have access to confidential information of the organisation and, therefore, it is important that it is only used by authorised personnel. Avoid using it for personal use or any other use that is not related to work, and avoid other family members from using it.
• Accessing the server. Whenever you connect to remote applications, servers and accessories of the organisation, make sure you are connecting to the right destination.
• Storing information on the server. Avoid generating office documents on your personal computer used when working from home if it is not saved to your work server. Personal computers won’t automatically back up the files and may easily breach the information security rules.
• Downloads. Avoid downloads that may pose a risk to the workstation and make sure the device you use has an antivirus installed and that systems and applications are updated to the latest version.
• External messages. Many cybercrimes are based on forging identities to send messages to workers and confuse them to then steal information or passwords from them, etc. Never trust messages asking you to reset your password.
• Have someone in charge of technology in your organisation.