We recommend a three-tiered approach to storing your documentation: hard copies, personal storage devices, and online. It’s essential that you keep the hard copies of your documentation somewhere sheltered from both natural disasters and theft, such as a waterproof safe or a safe deposit box. For electronic information, be sure to encrypt it (see Encrypting Your Master Key below). In both cases, keep copies in two different places that are unlikely to be hit by a single disaster. As one nonprofit told us after recovering from Hurricane Ike, “Consider your entire city a potential point of failure.”
The Master Key
Your master key is a simple USB flash drive (also referred to as a thumb drive) where you keep all of the information you’ll need to restore your technology infrastructure after a disaster or respond to any other unforeseen incidents. It is a place where you can compile all of your important documentation and other crucial information safely and conveniently. Flash drives are available for as little as $15 or as much as $300 USD, but in most cases, you should be able to find a quality drive that meets your needs for less than $50. Flash drives from respected brands like SanDisk, Lexar, and Kingston are sturdier than generic drives and generally include better warranties. Think of your master key as the nexus of your nonprofit’s operations and keep it with you at all times.
One of the nonprofit professionals we surveyed suggested that in addition to the recovery and maintenance information outlined above, your master key should also include essential information about your nonprofit; for example, it might include PDF versions of up-to-date marketing collateral and PowerPoint slides for your rehearsed introduction to your nonprofit’s mission and message. This way, you’ll always be ready to introduce potential donors, volunteers, or beneficiaries to your nonprofit’s work. Although this type of information doesn’t necessarily fall under “emergency preparation,” having it on hand at a moment’s notice is an earmark of an organization that’s prepared for anything.
Once a week or so (can vary depending on your level of activity), check the documents on your master key to see if there’s anything that needs to be updated.
Essential Contact Information: Are You Ready?
We spoke with the director of development and operations at a human services organization in California. She said that her organization was ready for a hardware failure, with a combination of local and remote backups, with the most critical data being backed up multiple times every day. She admitted, though, that the organization’s communications were considerably less prepared.
With a staff of eleven, “Everyone has everyone else’s phone numbers programmed into their personal mobile phones. But we also have a youth program for about 25 students and there is only one staff member who knows how to contact their parents. If that staff member were unavailable during a disaster, it could take the rest of us a few hours to find everyone’s contact information.”
After our interview, she set a meeting with her staff to identify critical information and make sure everyone has appropriate access to it in case of an emergency.
Encrypting Your Master Key It’s easy to store the documentation listed above and any other essential data on a flash drive, but you should be sure to encrypt any sensitive information so that it doesn’t get into the wrong hands by accident. If your documentation is in Microsoft Word format, you can encrypt the data directly from Word itself (see File Encryption in Microsoft Office, Page 34).
There are numerous secure flash drives on the market that automatically encrypt and password-protect any data that’s saved on the drive. Some of these drives include additional features such as fingerprint scanners or automatic deletion of files after a certain number of incorrect password attempts.
A less-expensive alternative is to use a standard Flash drive with a special encryption application. FreeOTFE and TrueCrypt are two free applications you can use to secure the drive. Both applications give you the option either to encrypt an entire disk or create an encrypted, virtual disk that can be stored on either an internal or external drive. You can also copy either application onto your flash drive and execute it directly from there, making it easy to access your encrypted files from any computer without downloading new software.
Who Should Have a Master Key? How many people at your organization should have a master key? That depends on a number of factors. How many people in your organization have the authority to make time-sensitive decisions about your tech infrastructure? At the very least, the executive director and one other person should have a key.
When thinking about who should have a master key, consider the problems that could befall your nonprofit; for example, if you live in a flood-prone area, be sure that it least one is in an area that’s not susceptible to flooding. If the executive director does not live in the same city as the main office or is on vacation for part of the year, the decision-maker who works in the ED’s absence should have a key.
A Note on Passwords
There are various philosophies surrounding how frequently you should update your passwords. In this guide, we’ve made the decision to emphasize storing your passwords safely over changing them frequently. One thing to note, though, is that it’s advisable not to use the same passwords for highly sensitive accounts (like your web hosting and backup services) as for day-to-day nuisance logins (like online newspaper access and other low-security online services). For more information, see the TechSoup article Password Tips for Privacy.
There are various approaches to storing your documentation online. What’s most important is that it’s easily accessible for you and your fellow decision-makers, but impervious to accidental or malicious security breaches. For this reason, we don’t recommend storing your documentation on web applications like Microsoft Office Live and Google Docs.
Encrypt your data (see Chapter 4: Privacy and Encryption, Page 33) and upload it to your backup service (see Remote Backup, Page 28). Alternatively, you could send the encrypted files to a webmail account like Yahoo or Gmail (do not send them unencrypted).
Disaster Planning Is for Employees Too “Employees and volunteers need to have their own personal disaster plans in place as well so they can spend the effort needed at the organization when a disaster strikes.”
―Karen Roberts, Senior Resource Association, Vero Beach, FL