Data security: no longer optional
Humanitarian and development organisations now produce, store, analyse and report on large quantities of data – we do love a questionnaire, don’t we! While data safety and security is nothing new, many organisations are still vastly unprepared for the task.
15 years ago, when premise servers were the norm, most data was kept on local desktops not connected to internet, or in server rooms, and data security and safety was a logistical issue. One of my first jobs with the UN was to look at how to ensure we kept our data safe in case of a major Avian Flu outbreak: it was all about calculating how many litres of fuel we needed to run the generator for the server room. Today the same contingency plan would only need to look at sustaining internet access.
Development and humanitarian organizations have a responsibility to protect their data. They owe it to the general public, their constituents and donors, but most importantly to their beneficiaries. The right to privacy is a human right (article 12); data protection is not.
What we can do
In today’s world a key part of our job is to ensure the data we collect, exchange, distribute and use is protected. And as project managers there is a lot we can do to ensure the basic safety and security of our data. Here is our guide to the top 10 tips to follow when writing request for proposals (RFPs):
- All web platforms should only be accessible via a secured protocol (HTTPS)
- All data should be backed up regularly
- All data should be encrypted
- Where possible all data should be anonymized. Good practice is to keep identifying features (names, phone numbers etc) and collected data in different data sets
- Collect and store only what you need (yes donors require us to keep records of our work, but not everything is worth storing)
- Ensure databases are replicated and different data centers and ideally different regions of the word. This will add significant protection against data loss and possible ransomware
- Protect data access with strong passwords and, if possible, two-factor authentication. This is generally very easy to implement and has a big impact
- Make sure there is a monitoring system for user accounts, and limit privileges (not everyone using a system needs to have access to it all!)
- Ensure your system is maintained and regularly updated (most cybercriminals rely on outdated systems and exploit known security breaches)
- Conduct regular security and safety audits with a third party (and yes this can be part of your RFP).
Maintain your best by preparing for the worst
Cloud storage is becoming the new norm. Internet giants such as Amazon Web Service, Microsoft and Google are pushing for all data to be stored on the cloud, preferably theirs. According to Forbes, the total spending on off-premises clouds will grow steadily to overcome on-premises solutions by 2022. With increased cybersecurity threats, enhanced data management and security is crucial. It is becoming challenging for organisations to adapt: IT services are struggling to maintain, update and upgrade current systems while setting up processes and procedures for the countless new projects arising every day is a challenge! But preparing for the worst that can happen will help organisations to safeguard their data into the future.