Computer security has been part of my best practices since I purchased my first computer way back in 1995 and experienced the Internet for the first time. All of my home systems are always protected with host-based IDS, software backups, and regular maintenance. However, I had a “wow” computer security moment recently.
I attended a board meeting for a small non-profit and was appalled by what I saw and heard. First, there was no backup system in place on the sole computer that housed the non-profit’s donor database. Second, the non-profit had a computer on its network that, more than likely, was infected by either a virus or a bot – but the non-profit’s staff did not remove it from the network to repair it. Third, anyone could walk into the non-profit’s headquarters and either steal data or corrupt it.
As security experts, we know rule number one: the value of a company is worth only as much as the value of its data. But if the data is destroyed, then what? It is unfortunate, but I see this often in small and medium-size non-profits. The security of equipment and data is the last thing on top leadership people’s minds within the non-profit world. These folks do not comprehend the danger until it is too late, and many often say that they cannot afford the extra cost that security warrants. But I say, you only pay for as much security as your data is worth. So, what’s it worth to you, and if you lost it, how much would it cost to get your company’s gold back?