Help for not for profit and charity trustees

Information security

A lot is written about data security and its related issue, GDPR. The latter is about protecting the information of those who interact with your charity and making sure their information is secure. Generally the advice is about backing up systems and related security matters. An issue which does not get so much attention which can be important for small charities and related organisations, is the human side of things. Some examples:

  • An accountant becomes disgruntled at the way things are going and decides to leave the organisation taking with him the codes and passwords for the accountancy package leaving them struggling to find if bills have been paid and how to do the wages.
  • The web master for an association of a political nature, similarly becomes disgruntled, and leaves with the means to access the website. The organisation is unable to post new material and would have had to create a new domain and basically start again.
  • There is an argument within another semi-political campaigning organisation and the secretary departs taking with them the mailing list – a list which has taken many hours and considerable effort to build.

These examples, and there are others known to me, do not involve technical or IT issues, but the actions of humans who have possession of crucial information who, in a fit of pique or other reasons, depart the organisation leaving them with a huge and sometime insoluble problem. All these examples caused immense frustration and took a huge amount of time to fix. Remember, I am talking of small organisations without IT departments able to come to the rescue.

You may say ‘wasn’t the information backed up?’ Yes it was, but if you don’t have the codes or passwords, it doesn’t matter how well it is backed up, you can’t get at it.

The lesson of course is to make sure that more than one person has the necessary passwords and that these are regularly checked in case they have been changed. Essential lists should be in more than one place or, if stored in the cloud, more than one person knows how to access them. The essential point though is to ask, ‘if X leaves, do we know how to access the work and information they have?’

Peter Curbishley

Author of How to be a Successful Trustee

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: