Updates and Patching

IT staff should ensure that all software is up to date and properly patched. This can include device policies that push updates to all computers, but it should also include updates to core applications (e.g. case management systems). This might also require upgrading hardware as well, since older computers might not be able to support new software.

User Accounts

Whenever creating user accounts on computers or in technology systems, IT staff should create standard accounts, not admin accounts. Every user should have a standard account. When a user needs admin level access, IT staff should create a separate account. IT should also have policies for onboarding and offboarding staff to ensure that former staff do not retain access to accounts after they depart.


Staff should be trained not to use key applications over public Wi-Fi while outside of the office. Public Wi-Fi can be unencrypted and might reveal private data and information to others sharing that network.

Inside the office, you should separate your private staff network from your guest network. This way, outside users do not use the same Wi-Fi network that is handling your sensitive data and applications. You can also configure your Wi-Fi network with more security features, such as connecting users to your wireless network with unique logins or segmenting your network depending on the user or group permissions by using VLANs.

Remote Work

When building remote work technical capacity for staff and volunteers, it is helpful to start with the development of policies or protocols for remote work so that the organization build the right capacity, functionality, and security into the environment.  If the organization already has remote work technology in place, it is still worth developing the policy and then work to comform the technology to support the policy. Have a telecommuting policy and have policies that explain how to use personal devices. This should include policies on which applications your staff are allowed to use and how to use them. You should also establish a communication plan for how to share information with your staff. Invest in the right technology tools to make remote work as secure and successful as possible.


You should also have a security plan for any remote work. In general, users should only be using the equipment provided by your organization to secure your data. Consider the other topics in this toolkit, as they can be even more important in remote settings (e.g., MFA and password policies). You can also use virtual private networks (VPNs) for remote access, which can provide direct secure access to your on-site technology even while off-site.

Table of Contents