Prevent Data Loss
STEP SIX: Data Loss Risk Assessment
As part of your succession planning, you might also want to be thinking of the security of your data within your organization’s computer system. How protected is the hardware and data in your organization? To assess your risk of data loss, you can ask yourself the following questions.
- Do you know where your organizational data comes from, where it is stored, and how it is used?
- Do you have a policy in place to deal with data being lost or stolen (e.g., who needs to be notified, what steps need to be taken to mitigate damages)?
- Are all computers password protected?
- Is there a policy in place for passwords (e.g., changing, documenting, etc.)?
- Does the Executive Director and at least one other person (e.g., Board Chair or other key staff person) have access to all passwords?
- Do you keep laptops locked in a secure location?
- Is there a policy/procedure in place to sign out laptops?
- Do you have a wireless router?
- If applicable, is the wireless encrypted appropriately?
- Do employees use laptops or home computers to work on agency business outside of the office?
- Are the files employees work on outside of the office transferred into the office system on a regular basis?
- Do you have guidelines or a policy in place defining the parameters for employees working on files outside of the office?
- Are all computer files backed up on a regular basis?
- Do you store a copy of backed up data off-site, on a wiki, or on stored on the Internet?
- Are email systems backed up?
- Is computer access and maintenance information accessible by the Executive Director and at least one other person (e.g., Board Chair or other key staff person)?
Consider reviewing any data loss polices that you have in place. Based on the review of your policies and your assessment results, you can modify or draft a data loss prevention policy as necessary. Make a note of what you are missing and make a plan of action to fix any problems or gaps, thereby minimizing your risk. The policy and plan of action should be placed in the Succession Planning Binder. Does your organization have an ongoing plan for your computer system’s maintenance? If not, you might consider creating one and noting the location in the Succession Planning Binder.