Keeping Your Nonprofit’s Technology Modern, Safe and Cost-Efficient with an IT Audit
Guest Blog by Alina Stone, Marketing Coordinator, Gelman, Rosenberg & Freedman CPAs
For smaller or start-up nonprofits, infrastructure elements like information technology (IT) are often small and uncomplicated allowing the greatest flexibility and economy. The bad news is that while the organization is saving money, aging IT systems lack critical security features as well as the strategic and functional advantages enjoyed by peers who have prioritized IT investments. What should you do if your organization has fallen behind the curve? Like any other large capital expense, the investment you make in IT should play a significant role in helping your organization achieve its mission. To ensure the alignment of investment with
mission
IT security will continue to be a significant focus for nonprofit organizations, businesses
and
Start by considering your donors. A large number of recent security breaches in the news has the threat of stolen
personally
Consider the Cloud
To minimize costs and increase overall efficiency, nonprofits in growing numbers are upgrading their IT systems to the cloud. After an initial investment and with the appropriate solution, these organizations have been able to reduce IT expenses through cloud-based systems. In an era of nonprofit transparency, many organizations are sensitive to public perception of the budget spent on overhead versus programmatic activities. However, as the availability of cloud technology increases, the more affordable your options become. There are a vast amount of free products currently on the market that can increase security, storage, availability and provide an increasingly convenient alternative. As nonprofits grow, some have also taken advantage of the opportunity the cloud offers employees to work virtually with the residual benefit of reducing the need for new or additional office space. If your organization is considering a move to the cloud, consider which business functions make sense to transition, where to stick to your current technology or plan an upgrade, the potential impact on vendors and affiliates, and your organization’s commitment to security. If you are an international organization, the cloud should top the list of possible solutions for your organization’s needs.
Complete an IT Risk Management Framework
Mitigating significant internal and external risks can keep your organization on track. Cloud systems, while efficient and reasonably priced, contain many of the same IT risks as their non-cloud-based counterparts. Due to the continued presence of these risks, having an IT Risk Management Framework set up can help you easily find and establish countermeasures against
cyberattacks
An IT audit doesn’t need to be complicated. In 2017, every organization should be taking a close look at the technological methods they have in place, and updating every couple of years accordingly. A thorough analysis of your IT controls will save you time and trouble in the long run.
Employee Education
The most important element in your organization’s IT framework is employee education, particularly with relatively new cloud-based technology. Over 90% of all cyber attacks use information stolen from employees who unwittingly give away their login information to hackers. Securing your network from external attacks is worthwhile – but the call is coming from inside the house in the majority of these information breaches. By coaching your employees on common tricks or best practices for data protection, you eliminate the vast majority of hackers’ entryways.
Start with an IT Audit
Wherever your organization falls on the spectrum of IT sophistication, if your organization is considering replacement or upgrade, an IT audit is a great place to start. An IT audit can help your organization ensure your use of IT is effective, that systems and processes operate as intended, and that IT assets and other resources are efficiently allocated and appropriately protected. IT audits help organizations understand, assess and improve their use of controls to safeguard PII, measure and correct performance and achieve objectives and intended outcomes. For more information on conducting an IT audit, contact Ricardo Trujillo, CPA, CITP, CISA at 301-951-9090 or rtrujillo@grfcpa.com.