In this guest post, Richard Cooper, Director of Programmes at Charity Digital, looks at how charities can stay smart when using Bring Your Own Device (BYOD). For many in the charity sector, Bring Your Own Device (BYOD) is an inevitable reality. Limited budgets mean that charities often struggle to regularly refresh their hardware; while at the same time, employees and volunteers are generally willing to use their own kit. These factors usually mean that banning BYOD is not a viable option for charities, which can leave them open and vulnerable to IT security risks. I know how helpful tablets can be in meetings and for working on the go, but I also know that the average charity can’t afford to provide all of their staff with the latest gadgets and mobile devices. I suppose this makes me a proponent of ‘smart BYOD’ rather than ‘no BYOD’ policies for charities. As such, I find myself answering a lot of questions about keeping sensitive data and information safe, while still allowing staff and volunteers to use their own laptops, tablets and smartphones.
Data security is the biggest risk associated with BYOD because if mobile devices are mislaid or stolen, unsecured data has now unintentionally been put in the hands of a stranger, thief or hacker. Similarly, if someone leaves the organisation, their personal device may still contain sensitive data like donors’ financial information or fundraising records. For this reason, make sure any device someone uses while working with your charity has antivirus software and contains a remote wipe function. As the name suggests, this allows you to delete data on the device, even when you don’t have it with you, ensuring sensitive and confidential information doesn’t fall into the wrong hands. Insisting that any mobile device has these features is absolutely imperative. To ensure everyone adheres to these rules, I recommend working with your trustees to draw up BYOD guidelines and sharing them with the entire organisation. You can also limit the devices that people use by providing support for certain programs that meet your requirements, such as Office 365, Salesforce.com or a range of business-friendly apps (see Richard Craig’s blog for suggestions). That way, if their device doesn’t run the agreed program, they won’t use it for work, helping to maintain security and also save you money on support costs. While these measures may seem a bit draconian, they will help your charity make the most of people’s willingness to use their own device, without putting your organisation, its data or its donor relationships at risk.