Protecting Your Data - On Which Devices?
Following on my last blog post on passwords, I turn my attention now to physical devices. Do you have employees that work remotely and/or access sensitive donor or ticket buyer information on a device they own, such as their own iPhone or personal computer? And if so, do you know what data is actually stored on those devices? What would happen if there was a compromise – their laptop was stolen, or they lost their cell phone? Would you have donor data or anything knowing as PII (Personally Identifiable Information) out in the wild?
There are many reasons why you would want to encourage your staff to access data remotely – and some reasons why it’s incredibly risky. The following article titled Bring-Your-Own-Device: What Does Your Organization Need To Know?, published by Carnegie Mellon University, is a good primer on this topic.
As the world becomes more remote and your staff inevitably wants to work from home or on the road, it behooves you to get familiar with the risks and best practices for managing devices that are not in your office to ensure the security of your most precious data – your patron information.