I was talking to a someone this week who discovered that the backups on their small network server weren’t being done, and in fact, some data was lost. When she went to investigate she discovered someone had removed the external drive on which backups were saved. When I asked her how that happened and if she knew who might have been responsible, her answered surprised me.
“Someone must have needed the drive,” she said.
The drive turned up in another building on the property attached to someone else’s computer, where it remains. Backups aren’t being done for the time being. Their IT guy has been notified on a service request but he is on vacation.
How many issues do you spot in this situation? Could this happen to you?
I’m not even going to pretend I’m an IT expert here so all I’ll say is be sure your systems have backups of your financial and membership data first and foremost. If you don’t know what that means, make yourself smart about it ASAP. And I mean AS SOON AS POSSIBLE.
Contracting out IT duties to a company is a great way to be sure systems are automatically backed up and set up correctly in the first place. If you are a small company or organization you may have to rely on building it into someone’s job description, possibly yours.
Being a good administrator/manager means being a good steward of all property which includes data. It should be as secure as the dollars you care for. You wouldn’t leave offering or income sit in an open box on your front porch would you? That’s crazy talk in the words of my favorite youth director.
I’m less adamant about backing up creative work or documents unless you are storing historical documents and images, and especially if there are no paper copies. In my mind creative work can be recreated and usually improved so I’m not as inclined to worry too much about backing that up. The exception is writing especially if you have staff or pastors who publish, and hopefully they are keeping backups of their work. It’s the financial, technical, membership or customer-client personal data that needs to be the most secure, in my opinion.
Besides the obvious password protection, a server should be kept secure, in a locked, limited access area. There should be no possibility for the above situation to happen. Computers provided by your business or organization should be well cared for by the employees and volunteers who use them. Standards should be set and kept. There should be no possibility an employee takes a key piece of hardware for their own use!
Computer policies are standard now and if you don’t have one it’s easy to find samples and adapt. This starts with you whether you are an administrator or manager or an employee in my opinion. If you work with data in any way, you should have interest in securing it and your hardware. They are your tools and we are charged with taking care of them, respecting their use, and their power.
My last thought to add is to never feel bad about asking questions, communicating, learning about and sharing needs, striving for better. These are important things that I think build respect and integrity for everyone, which are also key words for data.
Policy resources I’ve used: