Take active steps to ensure digital peace of mind for your nonprofit
Online backup and storage offers powerful benefits. Your nonprofit no longer needs to buy and maintain a server that connects your employees' computers to a network. Nor do you need to back up your data to physical storage media such as discs or tape. Instead, you simply:
- Install backup software on your organization's computers
- Identify the files that you want to back up
- Choose how often to back up those files
The software sends your data to a remote server according to the schedule you set. Your information then sits in the "cloud." And, you're protected from the threat of data loss caused by a hard drive crash, fire or natural disaster.
If all that sounds relatively simple, that's because it is. To gain maximum protection for your data, take the following additional steps.
Plan for security
The biggest potential risk to online backup and storage is trusting your data to a third party. This point was underlined by a data breach affecting 68 million Dropbox users in 2016, after which the company urged all customers to change their passwords.
Even so, online storage vendors can do far more to protect their data than nonprofits with budget constraints and limited technical capacity. Companies such as Dropbox, Google and Microsoft back up their files on multiple servers in separate locations. Those server farms are typically protected by video surveillance and armed guards.
You can take additional steps to safeguard security. One is two-factor authentication. This means that in addition to using a password to access a database or other tools, your employees and volunteers also enter a randomly generated code sent via email or text message. Work only with vendors who offer this feature, and train your staff to use it.
Some vendors also allow you to exclude users from your files based on their Internet Protocol (IP) address — a unique string of numbers that identifies each computer on a network. You can use this feature to restrict access by former employees, or current employees who use an insecure mobile device.
Shop carefully for an online vendor
Many vendors offer a limited amount of online storage for free. Check with individual vendors for their current packages.
Also ask potential vendors for details about their storage facilities and procedures for data recovery. Find out if you can encrypt data before sending it to their servers or if backup software is available for protected medical or other health information (either included in the package or for an additional fee). Talk to some of the vendor's customers and ask about their experience with the company.
Also find out want happens to confidential data if you decide to withdraw from the cloud service at some point.
Plan for the transition to online storage
Begin by making sure that your organization's computers meet the online vendor's specifications. Then decide which employees will be involved in migrating your data to the cloud. Give them adequate time to complete the task — ideally, on a schedule that doesn't interfere with their mission-critical work.
If you can afford it, consider hiring a consultant to help with the technical aspects of cloud migration. This person can configure backup software based on your organization's specific needs.
Plan to back up some data locally
Much of the information involved in your day-to-day operations — such as spreadsheets, text documents, emails and slide decks — is ideally suited to online backup. However, you still might choose to store selected files locally. Examples include:
- Videos, podcasts, high-resolution images and other large files that take up a lot of space and require high bandwidth for uploading
- Files in application-specific formats, such as those for Quickbooks or Adobe Illustrator
- Financial forms, HR information, contracts, leases, tax paperwork, client or beneficiary records, and other documents with confidential information
- Any other critical data you must have on hand in case you lose your internet connection
To protect such information, look to options beyond online backup. For example, you might make physical copies of sensitive documents and store them in a waterproof safe or locked file cabinet. Or, move large files to a server that you store locally. Above all, be sure to maintain compliance with any regulations governing the privacy and security of health information or other confidential data. Consider these data protection principles — required in the U.K. but good practice for anyone.
Test your backups before a disaster
Make sure that you can retrieve data from your online vendor. Test the process by restoring some cloud-based files to a new computer. Doing this now — before a data loss occurs — can help ensure digital peace of mind.
Idealware: Moving your IT infrastructure into the cloud: Lessons from the field by Chris Bernard (2016)
Computerworld: The Dropbox data breach is a warning to update passwords by Michael Kan (2016)
TechSoup: In search of HIPAA-compliant software by Laura S. Quinn (2016)
TechSoup Global: The resilient organization: A guide for disaster planning and recovery (2009)
Information Commissioner's Office: Guidance on the use of cloud computing