More than half of the organizations surveyed in a 2016 report said that they had experienced a data breach caused by an employee. Most of those breaches were not caused by maliciousness, however, but by carelessness. Staff members often don’t know when they’re taking risks. Good technology policies protect your organization’s data and reputation by providing clear guidance on what’s acceptable and how to manage risky situations.
By documenting your policies, sharing them widely, training users to understand them, and enforcing them consistently, your nonprofit can significantly reduce the risks and ensure that everyone is clear on what’s expected. We created this workbook to help you think through specific policies to manage your nonprofit’s risk. It contains prompts to help you create and document policies for the acceptable use of technology and networks, personal devices for work, how to provide IT guidance to “accidental techies,” how to respond to an IT incident, and how to recover your technology after a major disaster.