14 Ways to Improve Your Organization’s Online Security

The Chronicle asked the staff at Techbridge, a nonprofit that helps other groups improve their technology, to share tips on bolstering security.

Firewalls

• Consider Cisco firewall devices found on TechSoup.
• SonicWall and WatchGuard devices are also a good value.
• Make sure your firewall includes a multiyear warranty.

Wireless Internet

• Access to the wireless network should always require a passphrase, a multiword variation on the password that is more secure.
• Use WPA2 (Wi-Fi Protected Access II) with AES encryption. WEP and WPA encryption are no longer secure.
• Have separate wireless access for employees who bring their own devices to work and for guests.
• Change the wireless security passphrase once or twice a year, depending on your security concerns.

Passwords and Passphrases

• Passwords and passphrases should be 8 to 16 characters long and a combination of uppercase and lowercase letters, numbers, and symbols.
• Force employees to change passwords at least every six months, and keep at least four passwords in the password history so a recently used password can’t be repeated.
• Configure screensavers to lock machines after a short period of inactivity and require a password to reactivate them.
• Require a four-digit PIN to secure mobile devices that the charity provides.
• As IT vendors or support staff leave and others are brought in, change and keep a record of administrator passwords.

Budgeting

• To purchase, install, and configure a firewall and separate wireless access for employees and for guests, organizations should expect to pay $1,500 to $2,000.
• Organizations need to dedicate staff time to create a security strategy and implement policies for passwords, personal devices brought into the office, and other security matters. The amount of effort depends on the size of the group, its mission, and the importance of security based on the mission and data the organization collects.