It can be hard enough to trust your own staff with computer equipment, let alone the general public. Yet for some nonprofits and libraries, any computer is a shared computer, with staff using equipment by day to work and constituents using it in the evenings for training, educational, or even recreational purposes.
While wanting to share your resources with community members is admirable, there are certain risks associated with opening up your staff computers to the public that you should be aware of.
Below, we'll identify some of the hazards associated with sharing computers, and offer tips for avoiding or mitigating these threats.
Inexperienced computer users often mean well, but may not understand what they're doing. While working on your equipment, users could delete, save over, or move important files and folders without even realizing it, costing your nonprofit days — or weeks — of recovery time, not to mention lost productivity and repair fees. And if users have access to the Internet and spend time downloading music or checking email, these activities could put your organization at risk for a variety of threats, including:
In general, it's advisable to separate your work computers from your public computers if you can avoid it. After all, a computer missing key files or afflicted with a virus is of no use to anyone, staff or patron. Below are a few safer alternatives to sharing computers with the public.
If there isn't room in your budget for a new or refurbished computer, donations are hard to come by, and you are determined to share your nonprofit's computers with non-staff despite the risks, there are a few steps you can take to educate your users and protect your equipment.
1. Provide users with an acceptable-use policy. An acceptable-use policy is essentially a code of conduct for users detailing the features and tools available to users, and how this equipment should be used. Acceptable-use policies may include the following guidelines:
Many acceptable-use policies will also outline consequences of violating the policy, such as withdrawing access privileges; notifying appropriate authorities in the case of illegal activity; or reimbursing the organization for damaged or vandalized equipment.
Keep in mind that you don't need to write an original policy from scratch. The SANS Institute has posted its acceptable-use policy online (PDF), which you are free to use and modify.
2. Create separate user profiles. Each staff member should have his or her own user profile, which defines which folders on a shared machine or server he or she can access, and what activities are allowed per those guidelines.
A similar system should be in place for non-staff, limiting these users to one or more specific folders where they may save files (depending on the project) or restricting their access to the server. You may also want to configure this profile to limit users' ability to make changes to the computer's settings and programs. Microsoft SteadyState is a free program for Windows XP that can help you manage user privileges; Web Junction's article Introduction to Windows SteadyState offers some good information to help you get started.
3. Use a content filter. There are many programs on the market that allow you to control which Web sites a computer browser can access. These content filters allow you to block access to sites with inappropriate content or to sites that could expose your computers to spyware and adware, such as gambling, pornography, or gaming sites.
You may also consider blocking access to file-sharing programs such as the popular LimeWire, as downloading music will affect the speed of your network and raises liability issues for your organization if the music is being downloaded illegally. For a comparison of content-filtering tools, see this filtering technology comparison chart from Libraryfiltering.org.
4. Ensure that your antivirus program is updated. If all else fails, your antivirus program may be your only line of defense. Make sure that any computer connected to the Internet has an antivirus program installed and that it is always updated. New viruses are constantly being created; antivirus updates ensure you are protected and up-to-date. See TechSoup's Virus-Prevention Toolkit for resources for protecting your nonprofit's computers; Symantec Norton 360 and AntiVirus 2007 are available to qualifying nonprofits for an administrative fee on TechSoup Stock; for free basic protection you can also try AVG from Grisoft.
Managing computers that are open to public requires different support than maintaining staff computers. For more information about managing public computers, see TechSoup's Nonprofits with Public Computers Toolkit.
Kami Griffiths is the Senior Program Associate for TechSoup's Healthy and Secure Computing initiative, where she is involved in projects that help nonprofits manage their technology to better serve their community. Previously, she helped manage dozens of computer labs in New York City, taught computer classes, and managed volunteers.
Copyright © 2007 CompuMentor. This work is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 License.