View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
August 15, 2014

Charities risk security breaches without a BYOD policy in place

Limited budgets lead many charities to allow staff to bring their own devices to work unregulated.


Charities and not-for-profit (NFP) organisations are vulnerable to IT security risks and reputational damage without a formal BYOD policy in place.

This is according to a new white paper commissioned by accounting and business software provider, Advanced Exchequer.

Charitable organisations should educate key stakeholders about the safe use of mobile devices and investigate the technical measures they can take to safeguard their data and networks, the paper advises.

Charities and NFPs have been quick to exploit the potential of mobile technology as an effective fundraising solution to make their limited funds stretch further. This has led to an increasing number of organisations allowing their employees and volunteers to use their own portable devices such as smartphones, tablets and personal digital assistants (PDAs) for work purposes to connect with their supporters and target audiences.

However, research conducted by PricewaterhouseCoopers (PwC) for the 2014 Information Security Breaches Report has highlighted that the cost of information security breaches has almost doubled in the last year. For small organisations, the worst breaches cost on average between £65,000 and £115,000 and for large organisations between £600,000 and £1.15m.

Content from our partners
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion
How enterprises can best prepare for finance digitalisation

PwC’s survey of 9,600 senior executives from organisations across 115 countries also revealed that just over half (51%) of the worst breaches were caused by human error (31%) and deliberate misuse of systems by staff (20%).

Greg Ford, MD of Advanced Exchequer, said: "Protecting corporate data from intrusion, misuse or abuse is a high priority for any organisation. For charities and not-for-profits storing highly confidential donor and beneficiary data, security is absolutely imperative.

"While it is tempting for charitable organisations to allow staff and volunteers to use their personal devices to save costs and drive donations without a formal and explicit policy on BYOD, they run the risk of encountering a damaging security breach."

To avoid being exposed, organisations should create a BYOD policy which is communicated regularly to staff, trustees, volunteers and partners describing the data that may be processed on personal devices and best practice security procedures. The BYOD policy should also explain clearly what measures will be taken if a personal device is compromised or lost, such as automatically wiping data and/or denying access to network systems, to prevent sensitive information from falling into the wrong hands.

In addition, charities should further reinforce their IT infrastructure to safeguard the transmission of data to and from mobile devices across multiple platforms. Personal devices should be checked for compliance and sufficiently resilient to withstand their operating environment.

Ford said: "As charities continue to wrestle with limited budgets and greater demands from staff to use their own devices, now is the time for them to think seriously about BYOD and data security. By creating a consistent and coherent BYOD strategy, organisations can mitigate the threat of security vulnerabilities and empower employees and volunteers to use mobile technologies to help generate vital funds, without placing donor relationships at risk."

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy