With increases in Federal Laws protecting client information many haven't made the transition from a paper based system to fully electronic. Those that have are in most cases using well meaning employees whose original job descriptions have nothing to do with information management.
Systems can be exploited when their accessible to outside internet traffic. The majority of service providers I've had the chance of getting close to all have their computers networked and reachable to/from the internet. None of what I've seen shows any form of standardized imaging, controlled access, or protection from information being compromised...other than built in OS user IDs and passwords.
Here's a few tips to keep a non profit from facing a lawsuit:
1. Cut the cord. Unless a computer user has immediate need for internet access, disallow it both in and outbound.
2. Create an intranet for all electronic resources. Publications, client data, forms used regularly, and anything that's necessary for the job to get done.
3. Use existing tape drives for data backup rather than trusting server space that can be compromised by either attack or failure, preferably using a dual drive system...one for odd and the other even days. Doing so guarantees loss of only one day's worth of data in the event of failure of a unit.
No comments:
Post a Comment