Security Culture at my Nonprofit

I was shredding some documents in the office yesterday, and Aspiration's Director, Allen, over heard me and asked what I was doing. I told him I was shredding.  He then asked if I was going to blog about my shredding and suggested that I blog about Aspiration's security procedures. Funny that he suggested this topic considering the Brown Bag Lunch discussion I will be hosting in a couple of weeks is about Risk Management.

So, this blog post is dedicated to Allen Gunn who taught me a lot about security culture. 

Here is a glimpse of Aspiration's security culture. All of our security culture procedures are listed in our Operations Manual.

  1. Shred all trash documents that have personal employee information, organizational information, credit card advertisements, and other documents that may be able to be used for identity theft.
  2. Never e-mail username and password and URL to someone in the same e-mail
  3. It is never good to write down passwords, but if you must, consider the following. Do not store username and password information in the same file on your desktop. Create a numbered sheet of paper with your password information and then on another piece of paper in a separate location with the numbers, username information and website locations. (If possible laminate the sheets of paper and keep in two separate secured locations.)
  4. Create different accounts for contractors accessing the same website.
  5. Change passwords every 60-90 days.
  6. Do not ask firefox or any internet browser to remember your password for any site.
  7. If purchasing a product and using a secure webform it is ok to put your e-mail, however otherwise do not give your e-mail address out online.
  8. If posting a job announcement or something online that requests a reply from the general public, create a random e-mail address that will forward to your e-mail account.
  9. Always have a different person sign the check than the person who writes the check. Also if possible, have a different person open the mail, than the person who writes the checks.