A charity's list of donors is no different from a public or private company's list of customers. Charities should be protecting this precious electronic asset as carefully as possible.
Working in the third sector is often a pleasure, surrounded as you are by people who are committed to the cause and feel a tremendous sense of pride in everything that is achieved.
However, the PC is not emotionally involved in your organisation, and there are cases in which people could have access to the network without your regular employees' knowledge. How can you ensure that the PCs in your organisation are protected from contractors or ancillary staff when the regular users have gone home for the day or are away from their desks?
The correct approach to this dilemma is encapsulated in one word - policy.
On many levels, the policies you set within your organisation govern the way in which people interact with you, both internally and externally, and how you respond to those situations.
Policy with regard to information and communication technology is no different. However, as with any policy, it is the ability to enforce it that really counts.
Many such policies can be enforced using the password and user account services that are present in the various Windows Server environments, but these offer only 'front-door' protection. There is now technology available that can offer a level of detail down to the actual file, or even application, that a user is attempting to open.
For charities without the benefit of ICT support on a regular basis, a solution that can reside on the network and monitor the use of different programs and files is of immense benefit.
Another threat is the veritable cornucopia of USB storage devices, such as MP3 players and digital cameras, that can be 'innocently' connected to a PC or laptop on the network and would offer a very quick and efficient method of extracting information from the organisation.
As a defence, certain software solutions enable policies that would automatically prevent USB storage devices from being attached to any computer on the network. Authorisation would be returned to users or their devices only on a case-by-case basis.
The same policy should be enforced for programmes and even files, so that only certain network users can access sensitive information. This ensures that the charity as a whole can feel safe in the knowledge that the benefits of information access far outweigh the possible threats.
- Charities should be working to protect important electronic information such as their donor lists
- These details can often be copied by unscrupluous people with USB devices
- To combat this, charities should put in place policies that restrict the use of such devices on any of their computers.