Nonprofits of all sizes face similar challenges when it comes to technology. Office technology, though it is so often critical, can be overwhelming and confusing, and funding it can be a challenge.
Plus, there are so many factors to consider. Training, efficiency, cost, and increasingly, security. The Canadian Centre for Nonprofit Digital Resilience recently produced a report proposing a sector-wide cyber security vision and strategy.
If you’re reading this and feeling like your nonprofit workplace, large or small, could have better technology policies and practices, you are not alone.
Here are some tips for reviewing your current technology setup:
Have someone you can call on with technology questions
No matter the size of your budget for IT support, you need someone with tech skills that you can call on with questions. Unless you are the dedicated technology person at your nonprofit, you likely don’t have the time to focus on new tech skills while also doing your regular work.
Whether your go-to tech person is a local company, a consultant, or a volunteer, find someone who can help you understand best practices.
Remember, you don’t always have to use the latest, greatest technology. But you do need to make sure technology is helping you advance your mission, improve operations, and/or save money. We recommend that you focus on using technology that helps you achieve your goals and that you make it a priority to keep that technology safe from cyber attacks.
To better understand what to look for when researching IT products and services, check out the 2023 IT Services Buyers’ Guide on our website.
Create a data security policy and Incident Response Plan (IRP)
Unfortunately, every organization, large or small, is at risk of a cyber attack that can hurt you both financially (if your data is held for ransom, for instance) and in terms of trust and reputation. Creating a data security policy and an Incident Response Plan will help you fight a cyber attack before it happens.
It’s important to understand where your data (files and software) is located, and that copies of it are backed up in a secure location. Consider confidentiality, and who can access your data (including information about your communities, staff, volunteers, members, supporters, and/or donors). Think about the security of all devices (computers, phones) used to do your work.
I regularly host webinars on basic cyber security. You can view a recorded version and download slides here: 5 Ways to Fight Cyber Attacks without Breaking the Bank. It includes information on five critical cyber security items that you can implement at very low cost.
One important cyber security item is having plans in place, preferably before a cyber attack occurs. A critical component of any plan is updating the plan. Make sure it’s someone’s job to review and update technology policies every year or so.
Here’s what to include in a cyber security IRP:
Before an attack: Identify where your data lives. How sensitive is it and how critical is it to your organization?
During an attack: How do you detect an attack? How will you determine the scope? How do you know the attack has been stopped?
After an attack: Who do you need to notify, and how? Figure out how the attack occurred, and remediate any systems or processes as needed.
Protect your best asset: your people
The smartest, best asset you have isn’t an algorithm, Artificial Intelligence (AI), or a fancy software suite: it’s your people. Your staff and volunteers are the ones putting in the work and the brainpower required to advance your mission.
Beyond the security policies, make sure your policies on the use of technology are thorough and clear. Communicate policies such as response times, “off” hours, and “on-call” hours. Consider people’s need to fully disconnect from work during off hours. Especially in an age of so much technology and frequent communication, breaks away from work technology can help prevent burnout and help us stay focused for the longer term.
Colin Pearce is an office technology and operations expert from Hamilton, Ontario. In 2017 he launched his IT support company Inderly, a boutique firm local to Hamilton and Toronto, serving clients across Ontario. Colin enjoys figuring out how to make technology work best for each unique situation.
