View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
August 15, 2014

Charities risk security breaches without a BYOD policy in place

Limited budgets lead many charities to allow staff to bring their own devices to work unregulated.

By Duncan Macrae

Charities and not-for-profit (NFP) organisations are vulnerable to IT security risks and reputational damage without a formal BYOD policy in place.

This is according to a new white paper commissioned by accounting and business software provider, Advanced Exchequer.

Charitable organisations should educate key stakeholders about the safe use of mobile devices and investigate the technical measures they can take to safeguard their data and networks, the paper advises.

Charities and NFPs have been quick to exploit the potential of mobile technology as an effective fundraising solution to make their limited funds stretch further. This has led to an increasing number of organisations allowing their employees and volunteers to use their own portable devices such as smartphones, tablets and personal digital assistants (PDAs) for work purposes to connect with their supporters and target audiences.

However, research conducted by PricewaterhouseCoopers (PwC) for the 2014 Information Security Breaches Report has highlighted that the cost of information security breaches has almost doubled in the last year. For small organisations, the worst breaches cost on average between £65,000 and £115,000 and for large organisations between £600,000 and £1.15m.

PwC’s survey of 9,600 senior executives from organisations across 115 countries also revealed that just over half (51%) of the worst breaches were caused by human error (31%) and deliberate misuse of systems by staff (20%).

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Greg Ford, MD of Advanced Exchequer, said: "Protecting corporate data from intrusion, misuse or abuse is a high priority for any organisation. For charities and not-for-profits storing highly confidential donor and beneficiary data, security is absolutely imperative.

"While it is tempting for charitable organisations to allow staff and volunteers to use their personal devices to save costs and drive donations without a formal and explicit policy on BYOD, they run the risk of encountering a damaging security breach."

To avoid being exposed, organisations should create a BYOD policy which is communicated regularly to staff, trustees, volunteers and partners describing the data that may be processed on personal devices and best practice security procedures. The BYOD policy should also explain clearly what measures will be taken if a personal device is compromised or lost, such as automatically wiping data and/or denying access to network systems, to prevent sensitive information from falling into the wrong hands.

In addition, charities should further reinforce their IT infrastructure to safeguard the transmission of data to and from mobile devices across multiple platforms. Personal devices should be checked for compliance and sufficiently resilient to withstand their operating environment.

Ford said: "As charities continue to wrestle with limited budgets and greater demands from staff to use their own devices, now is the time for them to think seriously about BYOD and data security. By creating a consistent and coherent BYOD strategy, organisations can mitigate the threat of security vulnerabilities and empower employees and volunteers to use mobile technologies to help generate vital funds, without placing donor relationships at risk."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.