Skip to main content
Philanthropy Journal Home

Philanthropy Journal News

Tech risks – Security lacking

 | 

Information technology is critical to most nonprofit work, yet nonprofits typically fail to protect their hardware, software and data, a new survey says.

“This should be a wake-up call to the nonprofit sector,” says Audrie Krause, author of the survey and executive director of NetAction, a San Francisco-based nonprofit that focuses on Internet advocacy and tech policy. “Security needs to be improved.”

Just over half of the 134 nonprofits responding to the survey back up their data every day, and roughly one-third have a plan to recover data in case of catastrophic loss of data.

Only 4 percent of nonprofits encrypt all sensitive files, the survey says, but nearly two-third keep sensitive files on computers linked to a local network, and nearly half keep them on computers tied to the Internet.

Computer users in nearly one-fourth of the nonprofits surveyed do not routinely lock or turn off their computers when away from their desks, and eight of 10 indicated that volunteers, interns, outside consultants and/or temporary staff have access to office computers.

About two-thirds of the nonprofits update their anti-virus software one or more times a month, but about two-thirds use Microsoft’s Outlook or Outlook Express to send and receive email, even though those programs are at greater risk than other email programs of attack by viruses or works, the survey says.

About two-thirds of nonprofits surveyed say they need to address user work habits and disaster planning, about half say the need to address data backup and encryption, and a third say they need to address virus protection and firewalls.

“With experts warning that the vulnerabilities in computer systems are increasing faster than the nation can respond, it is important that nonprofit organizations take steps to improve the security of their computer systems,” says Krause.

Leave a Response

Your email address will not be published. All fields are required.