Use a BYOD policy or risk losing supporter trust, warns Advanced
Howard Lake | 6 August 2014 | News
Charities and voluntary organisations that do not implement a formal Bring Your Own Device (BYOD) policy risk IT security problems and damage to their reputation.
That is the warning in a white paper by accounting and business software provider, Advanced Exchequer, part of Advanced Computer Software Group plc.
It advises charities to educate key stakeholders about the safe use of mobile devices, and plan how they can protect the organisation’s data and networks.
Advertisement
The challenge is only going to grow, as charities embrace mobile technology for fundraising and communications. Staff and volunteers too expect to have their mobile devices within easy range throughout the working day.
Cost of information security breaches
However, these different devices could lead to information security breaches. Indeed, research by PricewaterhouseCoopers for the 2014 Information Security Breaches Report suggests that the cost of these breaches has almost doubled in the last year.
For small organisations, the worst breaches cost on average between £65,000 and £115,000. For large organisations the figure is between £600,000 and £1.15 million.
Most of the worst breaches are not deliberate acts by staff. Around the world (senior executives from 115 countries were surveyed), human error accounted for 31% of the worst breaches, with deliberate misuse by staff at 20%. If government ministers can leave briefcases containing sensitive documents on the train, then charity staff can and do lose mobile phones and tablets in cafes and on the bus.
Greg Ford, Managing Director of Advanced Exchequer, said:
“For charities and not-for-profits storing highly confidential donor and beneficiary data, security is absolutely imperative. While it is tempting for charitable organisations to allow staff and volunteers to use their personal devices to save costs and drive donations without a formal and explicit policy on BYOD, they run the risk of encountering a damaging security breach.”
What should charities do?
- create a BYOD policy
- communicate it regularly to staff, trustees, volunteers and partners, describing the data that may be processed on personal devices and best practice security procedure.
- specify what measures will be taken if a personal device is compromised or lost. This could include automatically wiping data and/or denying access to network systems.
- reinforce their IT infrastructure to safeguard the transmission of data to and from mobile devices across multiple platforms.
- check that personal devices are sufficiently compliant with security requirements at work, whether interacting on the premises or remotely.
Ford added that charities should think about these issues sooner rather than later, given the increasing prevalence of personal devices at work. He said:
“By creating a consistent and coherent BYOD strategy, organisations can mitigate the threat of security vulnerabilities and empower employees and volunteers to use mobile technologies to help generate vital funds, without placing donor relationships at risk.”
You can download Why every charity and not-for-profit needs a BYOD strategy from Advanced Exchequer. Free registration is required.
About Howard Lake
Howard Lake is consultant editor of UK Fundraising. He founded the site in 1994 and successfully sold it in 2022. As director of Giving X Ltd he is exploring growing giving on a massive scale.
He is the founder of Fundraising Camp and co-founder of GoodJobs.