Security Culture at my Nonprofit
I was shredding some documents in the office yesterday, and Aspiration's Director, Allen, over heard me and asked what I was doing. I told him I was shredding. He then asked if I was going to blog about my shredding and suggested that I blog about Aspiration's security procedures. Funny that he suggested this topic considering the Brown Bag Lunch discussion I will be hosting in a couple of weeks is about Risk Management.
So, this blog post is dedicated to Allen Gunn who taught me a lot about security culture.
Here is a glimpse of Aspiration's security culture. All of our security culture procedures are listed in our Operations Manual.
- Shred all trash documents that have personal employee information, organizational information, credit card advertisements, and other documents that may be able to be used for identity theft.
- Never e-mail username and password and URL to someone in the same e-mail
- It is never good to write down passwords, but if you must, consider the following. Do not store username and password information in the same file on your desktop. Create a numbered sheet of paper with your password information and then on another piece of paper in a separate location with the numbers, username information and website locations. (If possible laminate the sheets of paper and keep in two separate secured locations.)
- Create different accounts for contractors accessing the same website.
- Change passwords every 60-90 days.
- Do not ask firefox or any internet browser to remember your password for any site.
- If purchasing a product and using a secure webform it is ok to put your e-mail, however otherwise do not give your e-mail address out online.
- If posting a job announcement or something online that requests a reply from the general public, create a random e-mail address that will forward to your e-mail account.
- Always have a different person sign the check than the person who writes the check. Also if possible, have a different person open the mail, than the person who writes the checks.