How to successfully manage the specific IT service needs of charities and non-profits

Here at Fuse Collaboration Services we have recently begun working with a Northamptonshire charity which is both long-standing and expanding its work into surrounding counties.

Working with charities is always interesting for us, as they have specific needs which are distinct from both the business sector and other non-profits, such as educational institutions or local authorities.

Top of the list with our new client is data protection and management, not uncommon throughout our work.

However, when your client is dealing with sensitive information regarding adults and young people in vulnerable situations with multiple stakeholders such as case workers and local authorities it becomes even more important to have the set-up in place to be able to ensure that the highest security possible is available and in place.

This is magnified when the charity’s staff and volunteers are using what could best be termed an eclectic mix of hardware, from donated and second-hand equipment to bring-your-own-devices (BYOD). Understandably, the charity’s priorities have to be on the people who need their services, not on the equipment, but they nonetheless need the state-of-the-art packages and support required in the current era.

Furthermore, with a large number of case workers and volunteers operating remotely they need to be able to access all of the information needed from the head office quickly, efficiently, and securely.

So our first priority has been to protect this data, using encryption, policies for all machines, multi-factor authentication, and so on. Indeed, this is the first thing that we do with every new client, and with Microsoft’s latest packages it is something that is reasonably straightforward, especially when you have the experience that we do!

This security is not limited to Microsoft’s own packages such as Office 365; security policies and protocols can work with on-premises servers as well, regardless of whether you choose to migrate your data to cloud computing or not.

---

This part of our work revolves around two key principles – data loss prevention (DLP) and information rights management (IRM).

For example, DLP could include policies which say that the sharing of certain information (financial info, etc) via email to external stakeholders can either be flagged to your managers or stopped completely automatically.

As an organisation it is possible to monitor what is happening in terms of sharing such sensitive information to ensure that you comply with the data protection act. It is not limited to data such as bank account or National Insurance numbers; it can also include documents tagged for use only within the organisation to prevent them being seen by unwanted eyes.

Having an effective DLP policy is also essential in this era of improved data protection.

Meanwhile your IRM policy could allow you to share a case note or file with a selected external stakeholder (eg a case worker in a local authority) but then prevent it from being sent on to a further party. Only the person who is intended to see the file can open it and read it, and you can prevent misuse and track who is trying to do what with the information.

These technologies have been around for a while but have been hard to successfully implement, particularly for external sharing. But they are becoming more and more user-friendly and are included as part of the Microsoft 365 package​. If you are an organisation where you are dealing with sensitive information with multiple stakeholders then they are becoming increasingly essential.

---

​We’re also able to ensure security for volunteers and staff who use their own devices such as smartphones and tablets as well as their office computers.

We are able to partition devices so that their organisation data is partitioned away from personal information such as photos and music. This means that when that person leaves the organisation the relevant data can be removed without the phone or tablet being restored to factory settings or blocked completely.

This also means that if a device is lost or mislaid then the relevant data can be deleted quickly to avoid it being compromised or accessed by an unwanted third party.

Equally important is the need for all of this – and more – to be achieved within a tight budget. Microsoft’s significant discounting for charities allows us to do just that and make sure that your return on investment is significant both financially and in terms of your overall operations.​