Technology Decision Makers

last person joined: 17 days ago 

A group for those in nonprofit IT decision-making roles to connect with peers and share best practices. This Technology Decision Makers group is for nonprofit IT or MIS Directors/Managers as well as CIOs and CTOs to connect with their peers and share best practices. Topics for discussion include, but are not limited to: hardware and software management, product reviews, emerging technology, best practices, collaborating effectively with other departments, and management conundrums. Membership is restricted to IT staff at nonprofit organizations.

Secure tool to request sensitive data

  • 1.  Secure tool to request sensitive data

    Posted Apr 21, 2020 18:43
    Hi All:

    I am wondering if anyone has a suggestion for an secure, inexpensive (or free) tool to request sensitive data such as passwords, banking info, etc.

    Hope this makes sense!

    ------------------------------
    Jessica Markowitz
    Senior Director of Finance, Data, and Operations
    NY
    jmarkowitz@footstepsorg.org
    ------------------------------
    picture of work desk from home with notebook, glasses, coffee, keyboard


  • 2.  RE: Secure tool to request sensitive data

    Posted Apr 22, 2020 06:08

    Hi Jessica,

    I am not sure about banking data (why not though) but for keeping my passwords secure I use KeePass. I can recommend it as it never failed me and it is very handy. It also does what you want the most, meaning keeps everything secured :)

    https://keepass.info

    Alex

    --------------------------------------------
    Alexandra Midgett

    Analyst at Bank Opening Times



    ------------------------------
    Alex Midgett
    ------------------------------

    picture of work desk from home with notebook, glasses, coffee, keyboard


  • 3.  RE: Secure tool to request sensitive data

    Posted Apr 22, 2020 12:44
    Jessica,

    I hesitate to respond here, because there's a lot of nuance and I don't want to make it too complex. Short answer is that best practice would be to keep everything encrypted, secure and out of email when possible. Sharing via Password Managers such as LastPass, 1Password and Dashlane is my preference here. Using Signal would be my next choice.

    What you want to AVOID is any situation that winds up putting the sensitive information in plain text either in transit (like in an unencrypted email or txt message) or at rest (like in a Word document or spreadsheet) or both (emailing a spreadsheet with passwords).

    Two popular free and simple tools people use for this purpose are Password Pusher (pwpush.com) and PrivNote (privnote.com).

    These services let you quickly created a self-destructing message that you then share with a link: Pic below along with link (which will only work once).

    The nice thing about PrivNote and PWPush is that they're free and easy to use. I am not aware of any incidents where information entered into these services has later turned up in a breach.

    But I can't recommend either of them without hesitation, because I don't have enough information about how they store the data and whether it's kept on logs, etc. I'm personally comfortable sharing a username for a service via email or over the phone, then sending the password only using PWPush or PrivNote (don't put all the needed information in one place, in other words). I personally would not share banking information except via methods mentioned in my first paragraph (password managers or Signal).

    Hope that's helpful, Jessica.

    -JP

    https://privnote.com/nPEzhHo4#KaPP29LoC





    ------------------------------
    Joshua Peskay
    VP of Technology Strategy
    RoundTable Technology
    joshua@roundtabletechnology.com
    www.roundtabletechnology.com
    ------------------------------

    picture of work desk from home with notebook, glasses, coffee, keyboard