Most businesses don’t rely on volunteers, but not-for-profits (NPOs) have an unusual issue regarding security. Firms that have trained, full-time employees have a strong degree of control over the actions of their workers. NPOs, however, may rely heavily on volunteers whose time in the office may be minimal and sporadic. You may feel grateful for their dedication and be less likely to subject them to rigid security training. Also, a threat of punishment for those who make inadvertent errors that create security risks isn’t going to be acceptable in the “volunteer” environment.
Though it may seem a waste of precious volunteer time, you need to consider implementing ongoing security training for volunteers. The two most common ways security breaches occur are falling for phishing scams and bringing storage devices, such as a USB stick, to your office and introducing them to laptops and other devices. For example, a volunteer creates a brochure in their home office, then transfers it to an office PC. This is an excellent backdoor for a virus or malware to infect your infrastructure. So, remind volunteers on a consistent basis that no outside storage devices are to be brought into the office for use on NPO equipment. Create a policy that states they must use secure file sync and share the solution to transfer large files and enforce it.