In Focus Resource Center > Insights

Not-For-Profit Alert: IT and Cybersecurity Risk Awareness

By John Eusanio, David Rosenbaum .

Many companies are grappling with the business impacts of the Coronavirus and the difficulties of keeping their firms operational with their staff working from home. Not-for-profit organizations face the additional challenges of ensuring that they continue to remain focused on their mission, that they continue to meet the needs of their constituents, that they consider the impact of social distancing and stay-at-home orders on their programs, and that they don’t lose the confidence of their donors. Enabling their staff members to work from home effectively, efficiently, and safely requires careful planning, vigorous coordination, and continuous communication, including consideration of the following:

Identify The Work To Be Done

Determine what work can be done remotely and identify the software and data that’s needed. Review software licensing agreements and operating requirements to decide what can be installed on employees’ home computers vs. which programs will require employees to connect to office computers or Cloud systems to use the software. Establish secure, remote access to data that’s stored on the organization’s network and file servers.
Oftentimes much of an organization’s administrative work (e.g. cash receipts/billings, cash disbursements/payables, constituent management) can be done remotely, especially if procedures exist (or are implemented) to facilitate online transactions. Unlike administrative work, mission-related activities and program delivery may require physical presence. Determine what aspects of the organization’s mission cannot be accomplished remotely; evaluate whether alternative methods to deliver on the organization’s mission and programs can be achieved.

Provide Employees With The Right Tools

Not all employees will have adequate technology in their homes to do their work efficiently or effectively. It may be necessary to provide employees with computers, printers, scanners, webcams, and second monitors. If spare equipment isn’t available in the office to send home with employees, consider purchasing slightly-older, refurbished equipment (e.g. from Amazon). Establish connectivity to the office network (e.g. Citrix, Terminal Services, VPN) so that employees can get to the systems and data they need to do their jobs. Assist employees with arranging for faster Internet service where needed. Don’t forget to provide the ability for employees to answer their office phone extensions from home.

Set Expectations

It’s important to set expectations for both employees and for managers. Determine how you will measure performance and productivity. For some job functions, hours worked may be an appropriate measure; for other job functions, completing designated projects or staying current with processing the day’s transactions may be better metrics. Understand and accept that employees working from home will experience distractions that don’t exist in the office, and that an eight-hour workday may span 12 (or more) hours. If contact with constituents is part of an employee’s responsibilities be sure that the employee knows the specific hours they’re expected to be available and reachable.

Provide Support

Employees who are accustomed to having administrative or IT support when working in the office may be less efficient without this support. Look for creative ways to provide this support by leveraging remote access technology. Subject to internal control considerations, provide training to help employees learn to do tasks that they previously relied on others to do.

Communicate

Isolation, fear, “cabin fever” --- these are all emotions that your employees are likely experiencing. Frequent communication between managers and employees will help employees to feel engaged, less isolated, and part of the team. Encourage employees who are accustomed to collaborating on projects to continue to collaborate using technology (e.g. Teams, Zoom, Skype). Communicate with constituents so that they’re aware of current or anticipated impact to the organization’s mission or programs and of new ways that the organization will be endeavoring to achieve its mission or deliver its programs.

Cybersecurity Considerations

The cybersecurity policies, procedures, and protections that exist in the office likely weren’t designed to protect the organization and its data when accessed from employees’ personal computers. Ensure that all computers being used to access the organization’s network have all security patches applied and are protected with up-to-date antivirus software. Arrange for your IT team to work with employees to configure firewall protection for their home Internet service. Cyber-criminals have been very active trying to take advantage of the chaos, often sending emails disguised as Coronavirus news or appearing to originate from the CDC or World Health Organization; remind all employees to be especially careful before opening email attachments or clicking on embedded links.

Citrin Cooperman remains committed to ensuring we do our part to keep you up-to-date on the latest information available during these difficult times. Please reach out to your dedicated Citrin Cooperman Not-for-Profit Practice team at any time, as we are ready and able to assist you and your organization.

 

Our specialists are here to help.

Get in touch with a specialist in your industry today.

* Required

* I understand and agree to Citrin Cooperman’s Privacy Notice, which governs how Citrin Cooperman collects, uses, and shares my personal information. This includes my right to unsubscribe from marketing emails and further manage my Privacy Choices at any time. If you are a California Resident, please refer to our California Notice at Collection. If you have questions regarding our use of your personal data/information, please send an e-mail to privacy@citrincooperman.com.