Wednesday, October 17, 2012

Is Your Nonprofit's Data Safe?

Chances are your nonprofit's database has a plethora of files containing sensitive donor information. With hackers constantly in the headlines, it's important that you keep your data secure.

There is no foolproof way to completely secure your files from hackers, but there are ways to significantly reduce the risk of data breach. Jon Biedermann, vice president of Softerware Inc., recommended five practices that can be used when information is stored on an organization's own computers or with a hosted backup provider.

The five practices are:
  • Backup, backup, backup. The greatest risk is not because of hackers; it’s data loss from computer failure, fire or other accident. Complete backups should be performed every day.
  • User ID and password security. Some of the most stringent requirements are used by the healthcare industry under the Health Information and Patient Privacy Act (HIPPA). Included in this act: passwords are at least seven characters, with a nonalphabetical character; passwords are not displayed on screen; passwords should expire and be changed every 60 days; no more than three unsuccessful log-in attempts; access to data should be limited to certain subsets.
  • Audit trails. A database system should be able to provide a security audit trail of user login.
  • Physical security. This includes not only computers and servers but also access to printed records.
  • User security awareness training. Make users aware of “phishing” schemes.

No comments: