We all know that there are things we should be doing to stay safe online, but keeping current with the latest technology can be daunting, even for the tech literate. The good news is that you can get a handle on the basics without reading a 300 page manual that's about as interesting as watching paint dry.

Enter Really Simple Security, a biweekly, one-minute long video series hosted on YouTube, designed for the regular folks among us. Don't just take our word for it; watch their video on a very timely subject matter:

RSA Conference, the annual IT conference on security, officially kicked off this week in San Francisco's Moscone Center. Last year, we noted that IT managers in the enterprise sector were ambivalent about cloud computing or "software as a service" (SaaS) as deployed and used in the enterprise.

This year, cloud computing still has its fair share of sessions and discussions, but with the acknowledgement that IT managers will have to accept it in the enterprise environment, as well as address the security risks it poses accordingly. The fact that Web 2.0 applications in public clouds — like Facebook and Twitter — are now credible threat vectors used for malware deployment or phishing schemes makes the job of an IT manager even harder, let alone the accidental techie.

This "consumerization" of corporate IT — where users bring in their own devices which may not have the same level of security measures built in, is a familiar theme in our sector. When you bring in your personal netbook, Apple iPhone, or Android device to make your work easier and save your organization IT costs, you should understand the risks to your organization, and take appropriate measures to mitigate it.

• Read more

Many nonprofits, including several of TechSoup's member organizations, are working hard to bring aid to earthquake victims in Haiti. It's dangerous work, and these organizations will need a lot of help to get operations in Haiti up and running (or up and running again, as many of our member organizations had offices in Haiti before the quake).

Fortunately, several of TechSoup's donation partners have stepped up and either promised funds or otherwise directed aid toward relief efforts in Haiti.

• Microsoft has committed $1.25 million in relief funds, promised to match employee donations up to $12,000, and started several other relief efforts.
• NetHope, a group of 28 NGOs supported by Microsoft, Cisco (another donation partner), and others, aims to improve communication in developing countries and since the quake has been working to set up Internet connectivity in Haiti.
• Read more

Perhaps it's not a coincidence that the September National Preparedness Month is followed by National Cyber Security Awareness Month. Organized by the National Cyber Security Alliance, it aims to educate users in the home, business, and school environments about healthy and secure computing habits.

Barbara has blogged here before about the new TechSoup Limited offerings available to nonprofits and libraries on a limited basis. It was just brought to my attention that there are four TS Limited products that organizations and libraries are allowed to re-distribute to their constituents, members, and individual supporters.

Our donor partner, PC Tools has made their Internet Security, Registry Mechanic, Spyware Doctor, and famous Spyware Doctor with Antivirus broadly available to nonprofits and libraries — and now to your members and users as well. 

Each of the three products includes 3 licences that can be installed on 3 different machines (for a total of 9 installations) so not only can your organization use their spyware, antivirus, and registry cleaning tools to keep your computers functioning well, but you can share them with the individuals you serve. According to the restrictions:

Does your organization have a plan to keep your technology, data, and assets protected in the event of an emergency or disaster? What if it's not an actual disaster like a hurricane or flood, but a staff member simply loses or breaks a laptop carrying essential supporter data? How much time or money might your organization spend trying to recover even a fraction of what's been lost? If these questions have crossed your mind and your answers are less than ideal, you should join us for our two-part webinar series on disaster planning to protect your technology.

Join me on Thursday, August 20 at 11 a.m. Pacific as I interview nonprofit tech expert Chris Shipley from Nutmeg Consulting and Elliot Harmon, TechSoup staff writer and editor of our soon-to-be-released The Resilient Organization: A Guide for Disaster Planning and Recovery. We'll also be joined by Michelle Baldwin, Executive Director of Volunteers in Service to Others, which runs the Cooke County emergency food bank. They experienced a flood two years ago and she'll be offering advice for other nonprofits trying to plan ahead.

TechCrunch, the popular technology blog, just published a survey and matrix on some online apps to share large files. We had a forum thread on a similar topic a few weeks ago, and as the responses in the blog post and forum thread suggest, there is no clear "winner" in this field, and the best tool for you will depend on your organization's needs.

Back in March we blogged aobut how URL-shortening services could pose a threat on social networking sites such as Twitter. The Wall Street Journal blog is now reporting that they may be doing something about it.

Although Twitter hasn't officially responded, the blog is reporting that tweets with links to suspicious sites will be deleted, with a message "Oops! Your tweet contained a URL to a known malware site!."

The recent theft of confidential documents from Twitter's Google Docs account points out the dangers of insecure passwords. NTEN's blog discusses the details of the break-in and lessons we should learn from it. The chief lesson: good passwords are key to good security. 

A 2007 NTEN post provided suggestions and resources for creating strong passwords and establishing a password policy.  More recently, Slate.com published an article called Fix Your Terrible, Insecure Passwords in Five Minutes with general password tips and a clever algorithm for developing strong passwords. You can also look at TechSoup's Security Corner for more tips, articles, blog posts, and resources on securing your information. 

Photo: Paul Linton

The front-page headlines read "Hacker steals Twitter's confidential documents," but the real story isn't about Twitter — it's that the stolen documents were stored online, "in the cloud." This could happen to any nonprofit or company storing data this way. As we've seen over and over, it's amazingly easy to guess or steal passwords. And anyone who gets access to the password of an employee with access to those online files gets access to all files shared with that employee. This can happen with internal network passwords as well, but there are differences:

• IT staff can require secure passwords for their own networks and email systems. They can't control the password requirements for web-based email accounts or cloud computing apps.
• IT staff can require employees to change their network passwords regularly. They can't do that for cloud apps.
• IT staff can test the security of passwords on their own networks. Do they do that with their employees' Google Doc passwords?
• IT can disable email and network accounts for former employees. Does anyone think to disable those employees' access to docs in the cloud?
  
  • Read more