We interviewed Justin Lewis, Regional Sales Director for Sterling Volunteers, to learn more about how to safeguard your volunteer data. Sterling Volunteers partners with nonprofit organizations, and technology companies who serve the nonprofit sector, to help create safer volunteer and work environments, This is achieved through their automated and innovative background screening solution that’s integrated into volunteer management systems, like VOMO. It is also where sensitive information is maintained within their highly-secured platform.
Why should organizations be concerned about their data privacy?
It’s two-fold. Many of the organizations that we work with don’t want to have their PII (personally identifiable information) on any of their servers or computers, so they keep that data separate to maintain a higher level of security. We maintain the more sensitive pieces of biographical data in a secure cloud environment and then invest heavily in layered technologies to protect that information.
A lot of smaller nonprofits don’t have the infrastructure and the technology stacks in place to create a holistic digital security blanket around themselves. If they can completely avoid collecting sensitive information, it leaves them a lot less vulnerable if their systems were ever compromised. The last thing they want is to have one of their employees naively click on a phishing email, and then have bad actors gain access to their infrastructure. The less PII you maintain, the less risk it will be to your organization.
Where might they be vulnerable?
Well – for example – there’s no reason for organizations to store social security information that someone might be able to use in the wrong way. It’s always best to separate yourself from sensitive information that you don’t need to have on file.
Our recommendation is to collect very basic biographical information and then use a trusted, compliant and technically advanced consumer reporting agency like Sterling for your sensitive data. We are held to the highest legal and ethical standards and invest heavily in cybersecurity defenses. Sterling is committed to the protection of individual privacy rights and takes significant efforts to ensure security and confidentiality of all sensitive data. From encrypted databases and communications links, to ongoing security monitoring/assessments. All available means are used to safely store, transmit and process information. We advise organizations to utilize us for sensitive information and keep data stored in a secure cloud environment rather than on your local machines or desktops. Also – If you have sensitive printed material, store it in a locked file cabinet and keep those keys inaccessible.
What are some things that people can do to protect their data?
A good rule of thumb is to invest in password security features that are user friendly and recommended by the cyber security community. One of the most basic tools is single sign-on, which gives you one protected password that allows for unified access management. That keeps you from having to remember 15 different passwords or trying to keep track of multiple post-it notes (not recommended) that you jotted them down on. I would also recommend multi-factor authentication and staying on top of your security updates – especially on company devices. Additionally, it’s always good practice to check for device and security updates on a regular basis, there are always vulnerabilities that creep up and have to be patched with updates.
Beyond the basics, if your organization feels it needs to incorporate more advanced data security measures, I’d recommend engaging with a managed security service provider. There are many great companies out there that fit the budget and needs for all organizational sizes. These MSSP’s can provide a threat analysis, implement a security program based on the assessment, and act as a retained security partner to keep your data safe.
Is it ever safe to give out personal information?
It’s safe if you know what the end-user is. If you’re confident that your software partners are compliant with all of their security measures and that they are maintaining data in a secure cloud environment, you are putting yourself in a safer security posture. It’s okay to provide that information as long as you properly vet your vendors and partners and can trust they know how to manage your information. It just takes a small amount of due diligence to know if your partners are taking those security measures on your behalf.
At Sterling, we firmly believe in a layered security strategy which includes technical, procedural, and quality measures. We always maintain a high degree of security because of the type of information we work with on behalf of our clients.
How can an organization obtain the information needed to run a successful volunteer program while still protecting their volunteer’s privacy?
By collecting basic information and then having a streamlined integration like Sterling to gather the more sensitive pieces of data. For example, VOMO collects basic information like birthdate, name, and email address. The more sensitive information – like a Social Security number and driver’s license numbers, will be collected on our site and maintained at a high-security level.
What do you do if someone is concerned about giving out their Social Security number? Does Sterling have a way to run a background check without it?
We do have an option to run a background check without a Social Security number. It all depends on the risk level that the organization we’re working with sets. If the volunteer or employee does not want to provide that information, they can check the box that says, “we do not wish to provide.” Some volunteers do find that concerning, so we provide them the ability to opt-out of sharing that information. However, with a more in-depth level background check like our Complete level search, a SSN is required because it allows us to run a Social Security trace. This is a good supplemental tool for locating addresses linked to a volunteer that they may have been purposely left out of the application. It also works as an investigational tool used to determine who to search for and where to look when conducting a criminal record search.
For any organization who wants to take a deep dive and explore the various types of background checks available, we will gladly provide a consultation. Sterling wants to make sure you have an educated understanding of the risks you may be facing based on your volunteer opportunities. Mitigating risk looks different for each organization. There might be an organization that does low risk volunteerism for whom a simple background check option might work. On the other hand – a social good organization that works with more vulnerable volunteer populations might need something more robust in nature. We help you explore every detail to ensure that you have the necessary background screening program in place to match your organization’s risk profile.
Check out VOMO’s integrations page to learn more about Sterling Volunteer and our other partner organizations.