All articles

A Password Manager for NGOs & Foundations

5 min. read

Shelby Lee Neubeck

Shelby Lee Neubeck

30 March, 2023

A password manager for NGOs and Foundations

A Password Manager for NGOs and Foundations

Non-profit organisations handle sensitive information on a daily basis, from donor information to project details. Protecting this sensitive information is a critical part of operations. Having the right password manager in place can help NGOs keep data secure and manageable, which allows your organisation to focus on it’s mission.

Passbolt has a mission of its own — to make password management easy to use, affordable and, most importantly, secure. Nobody, especially an NGO, should have to compromise on security or cooperation. Feel empowered to protect your data by using the right tools for the job.

NGOs vs. Password Security: Winning Combination

“Having a centrally managed and secure password manager system can take the pressure off of an IT team, meaning that major vulnerabilities can be avoided and infosecurity threats will decrease.”
— Cliodhna Kirk, IT Team Lead at Greenpeace

When it comes to cybersecurity and password management, NGOs face some unique challenges. To start, organisations need to securely share passwords with coworkers, sometimes volunteers, and maybe even stakeholders. With multiple accounts to manage, things can quickly get overwhelming. And that’s not even mentioning accessing controls or password audits.

Regular audits of passwords and accounts can be time consuming when performed manually. Without a centralised password management system, there’s no good way to keep track of all your passwords. Organisations with multiple accounts and users might struggle with providing access or monitoring who can view sensitive information.

An NGOs guide for choosing the right password manager

Finding the right tool for your non-profit organisation can be a lot of work, especially if you don’t know what to look for or where to start. There are many password management tools on the market and not all of them might meet the values of your organisation.

The first thing to consider, of course, is security. When choosing a secure solution for your NGO, make sure the password manager uses advanced encryption techniques and has a strong security track record. Look for further security enhancements like 2FA and a customizable password generator. And try to find a platform that doesn’t have a single point of failure.

It’s also important to find a password manager that’s easy for all of your team members to use and navigate. There should be a support team, forum, and documentation that can help if you get caught up in any part of use. There’s no replacement for good customer support.

“One of the main challenges that we faced whilst adopting a password manager was changing the culture around password management: people need to change how they work with and store their passwords. Similar to any IT tooling implementation, what stood out as being important was having clear guidance, communication on the ‘why this is needed’ and training was required in order to get as many people to engage with the tool. Educating users is a fundamental part to mitigating challenges as it’s important for users to understand why they can’t simply store their passwords in an excel file in plain text.”
— Cliodhna Kirk, IT Team Lead at Greenpeace

Not every team member uses the same computers or phones so finding a solution that works for everyone is important. It should work seamlessly across different devices, browsers, and operating systems. A solution limited by the technology your team uses can really hamper the collaboration and access abilities within your organisation.

Choosing a password management system that offers multi-user access is crucial for an NGO with a team that needs access to certain accounts. Access to sensitive information such as donor details, financial records, and confidential communications needs to be stored in a system that’s secure but easily accessible to those who need it. Multi-user access lets more than one person access credentials. Without it, your organisation might have trouble working together safely.

Find one with audit logs and reporting for access. Some password managers provide alerts, set expirations, and keep a log of users who have accessed any given item. Auditing and reporting provides an extra layer of accountability and can help NGOs identify any suspicious activity or attempted breaches.

You’ll also need to consider the cost of the password manager. Security is paramount, but finding a solution that fits within your organisation’s budget is also a big deal. Look for a provider that has flexible pricing plans and discounts for NGOs.

When your organisation is choosing a password manager, the NGOs mission and values should align with the company’s. Choosing a company that aligns, ensures that your organisation is protecting its sensitive information while maintaining integrity, working towards your vision, and keeping a clear identity. A tool can often become an extension of your organisation, having one you trust and align with is crucial.

Implementing A Password Manager

Detailing the steps to implement a password manager at an NGO

Start by defining the scope of your project. Work out exactly what your organisation is trying to achieve with a password manager. Once you’ve identified this, decide what features you need to make it happen. Then find a solution that meets your needs. To make this process easier, you may need to set up a team. A group of tech-savvy, security-conscious people from your organisation. This team can help research solutions, implement the tool, and train the rest of the organisation to use it.

Then it’s important to identify any risks associated. You don’t want your password management tool to become the Achilles’ heel of your organisation’s cybersecurity. Make sure you identify any potential risks and develop a plan to mitigate them. It’s also important to make sure everyone on the team knows what they’re supposed to be doing. Assign roles and responsibilities to keep things aligned and help everyone understand their tasks.

Once you’ve made a decision, set a timeline. Give your team a realistic deadline for implementing a password manager. Make sure everyone is aware of it, so there are no surprises when you’re setting out. Keeping everyone in your organisation informed about what’s going will make the process easier. Tell you employees, volunteers, and stakeholders; they’ll probably be happy to hear what’s being done to protect their sensitive data.

Now you might feel ready to roll out the password manager. But, you should always test it first — after all, you don’t want to be the organisation that accidentally leaks all your donor information because you forgot to test your password manager. Now that you’ve done a run-through, you’re finally ready, but is your team?

It’s time to train your users on how to use the solution effectively and securely. Have some documentation ready or refer to the tool’s documentation. Well-educated users are your best line of defence against cyber attacks. Of course, you can monitor the use of the password manager and identify any issues that need improvement.

Take a look at how the rollout of the new password manager went, review it and see if there are any areas that need improvement. Make notes of the process and don’t forget to refine it as needed. You’ll never know when you’ll need to roll out another tool.

Mission Accomplished

Secure Your NGOs data

It shouldn’t be a challenge to keep your organisation’s data secure. Implementing a password manager can make it easier. For organisations in need of a customisable password manager that puts security and collaboration at the forefront, look no further than Passbolt. It’s a low-cost, open source solution. Get started today with a free trial or contact us about the non-profit discount.