All businesses today need to concern themselves with threats to their computers and data networks.  Children’s summer camps are no exception.

Questions to Ask Yourself

• How are you safeguarding sensitive information?
• How well are you planning for contingencies?
• Are your information systems being misused by your staff and campers?
• Are you archiving data that you may need to produce if you are sued?
• How well are you protecting data transmitted between locations?
• How effective is your protection agains viruses, spyware, and spam?
• How do you manage your information security risks?

How are you safeguarding your sensitive information?

Camps use computers to store many different kinds of sensitive information:

• parents’ credit card numbers
• campers and staff members’ medical information
• staff members’ social security numbers
• contact information for everyone at camp

How are you making sure that this information is accessible only to those members of your staff who need it? Are you protecting sensitive information when it is sent by email or submitted on your website?

Does your website restrict access to campers’ photos and specifics regarding trip schedules and other sensitive elements of your program?

How well are you planning for contingencies?

If a computer that you use to store critical information on your summer program crashes mid-season, do you have a recovery plan in place?  Are you doing regular backups?  Are you storing the backups in a location away from the computer?  How quickly can you get your computers serviced and repaired and, if necessary, replaced?

If a rainstorm knocks over a tree, taking out the cable that feeds your cable modem or DSL modem, are you confident that your Internet provider will repair it quickly?  Do you have an alternate means of connecting to the Internet so that you can upload photos of your campers to your website, download email messages from parents, and continue to function day-to-day?

If a lightning strike creates a power surge that disables a critical piece of equipment, do you have a spare that you can swap in?

If you are using a web-based camp management service, how confident are you that you will be able to retrieve all your data if your vendor goes out of business?

Are your information systems being misused by your staff and campers?

If you are providing computers for your staff to email home or for your campers to use in your program, can you be sure that those computers cannot also be used to access sensitive information on the computers that you use to run the camp?

Have you taken any steps to prevent the users of those computers from being able to download programs from the Internet that could be infected with viruses or that may consume precious resources on your network?  How tolerant are you willing to be of staff members hogging your computers or using them for high-bandwidth activities, like downloading movies or watching sports broadcasts?

If you provide wireless access for your staff to use with their own laptops and smart phones, can you be sure that campers with smart phones aren’t also using it to email their friends or to post to social networking sites?

Even if you are not providing wireless access points, can you be sure that no one has connected their own access point to your network?

Are you archiving data that you may need to produce if you are sued?

If someone decides to sue you and they contend that whatever it is that you are supposed to have done is documented in your computer files and email, they can demand that you turn over the data as part of the process of finding evidence (lawyers call this “discovery”) and, should you fail to do so in a timely fashion, you will potentially face serious fines.  Courtrooms are littered with companies undone by “smoking gun” emails or botched email discovery.  Are you archiving your corporate data so that you will be able to respond to such a request if ever it comes your way?

How well are you protecting data transmitted between locations?

Many camps have staff members, such as a bookkeeper, who work at physical locations other than the camp itself.  While it may be desirable, if not critical, for the bookkeeper to have remote access to the camp’s data network, have you protected
the network so that unauthorized users are not also able to access it?

How effective is your protection against viruses, spyware, and spam?

These days, most computers come with software to protect them from viruses and spyware.  However, to be effective, the software must be updated frequently.  Often, new computers come with only a limited subscription to updates, typically for one year.  Are you certain that all your computers are still protected?

How much time are you and your staff wasting wading through unwanted email messages?

How do you manage your information security risks?

Camps should manage their information security risks in the context of all their business risks.
There are no right answers for every camp.  Ask yourself:

• What assets do we have to protect?
• What are the threats to those assets?
• Do we have countermeasures in place to safeguard against the greatest risks?

And most importantly...

• Do we have the staff and systems in place to manage these issues?

If you're not confident that you do, contact us!  We can help.