Early in my career I taught a series of classes for UNIX system administrators, including a course in computer security. I guided people through password management, taught them about viruses and worms and showed them how to set-up a firewall. This was back in the days of the “world-wide-web” when the underground world of hackers – people who wanted to steal or destroy your data or just wanted to wreak havoc upon your organization – was just emerging. Although the internet was young, those connected to it put their data at risk. And that was just the beginning. As we all know, today there is a LOT more data and therefore a LOT more risk.
As capacity building grantmakers, the Packard OE team believes that the digital security of our grantees is a key aspect of their infrastructure. Many nonprofits face chronic capacity limits with information technology and are especially vulnerable to an attack. An organization whose digital security is breached puts those they serve at risk too, so it is critical that nonprofits and funders pay attention to building a secure digital environment.
Recently, NetGain created the DIGITAL SECURITY & GRANTCRAFT GUIDE to guide grantmakers through conversations about digital security. The report cautions against funders just paying for a computer security class like the one I used to teach. The report states, “while trainings may help to increase awareness within an organization of digital security issues, and may suggest steps to take, provided alone they are unlikely to result in systematic changes in the different behaviors, technologies, and habits necessary for security.” The guide recommends a systematic and evidence-based approach towards security from the beginning, where funders collaborate with the grantee and other funders on long-term planning and encourage organizations to make iterative IT capacity improvements such as ensuring that grantees have sufficient funds for IT personnel, hardware and software.
As I used to tell my students, the only completely secure computer system is turned off in a locked vault. Fortunately, that is not the only answer. There are many ways to make sure your data is available for use and protected against most cyber-attacks. Paying attention to these issues is just as important for nonprofits as for the rest of our connected world.