Volunteer Week: Best Practices for Managing Volunteers’ Personal Devices
Volunteer Week in the UK is the perfect occasion to recognise the vital role volunteers play in supporting nonprofit organisations. At our core as a Solutions Provider, we’re aware of the distinct challenges that arise when volunteers use their own devices—such as personal phones and laptops. Without proper controls, these devices can introduce potential security vulnerabilities.
This blog post outlines actionable steps, recommended security measures, conditional access strategies and IT policy guidance that charities can adopt to effectively manage volunteers’ personal devices in a secure, practical way.
Practical Advice
Establish a BYOD (Bring Your Own Device) Policy
Create a clear and concise BYOD policy that communicates expectations for volunteers who use personal tech for charity-related activities. Include details about acceptable use, security requirements (e.g., enabling passwords, keeping devices updated and using antivirus tools) and the consequences of non-compliance and/or IT’s ability to remove corporate data if needed.
Offer IT Training and Assistance
Since volunteers may not have advanced technical skills, it’s helpful to provide basic training on cyber safety—such as spotting phishing scams, using strong passwords and keeping software current. Ensure that your support channels are accessible and friendly. Academia also offers free Microsoft 365 training here and can provide cyber software solutions that delivers cyber safety training in a really effective way.
Deploy Mobile Device Management (MDM) Tools
Using solutions like Microsoft Intune and Jamf allows organisations to enforce security settings, wipe data remotely in case of theft or loss and verify device compliance. Intune comes with several Microsoft 365 subscriptions (like Business Premium and E3), so if you’re unsure about your licensing or would like support with either Intune or Jamf, we can help – see more info here.
Security Controls
Enable Device Encryption
Ensure that volunteers’ devices are encrypted to safeguard sensitive information if the device is lost or stolen. Tools like Microsoft BitLocker – available in many Microsoft licenses, cover this.
Implement Multi-Factor Authentication (MFA)
Enforce MFA for all access to systems and data, such as CRMs. Requiring more than one method of identity verification adds a critical layer of protection.
Conduct Routine Security Checks
Regular audits help uncover risks such as outdated software, unauthorised access or policy violations. Consider running vulnerability assessments or penetration testing to further protect your digital environment. Academia can help run vulnerability tests on your web applications and penetration tests on your IT estate – for more information click here.
Conditional Access
These are specific security policies that allow you to set certain policies before a device can connect. Conditional Access is available in many Microsoft plans, these settings just need proper configuration. Some examples include:
-
Device Compliance Requirements
Allow access only from devices that meet specific criteria – such as having the latest security updates, encryption enabled and a passcode or PIN set too. -
Geographic Restrictions
Limit access based on the device’s physical location (e.g., only within the UK or specific networks). -
Approved Applications Only
Prevent the use of unverified or unsafe apps by enabling application allow-lists. This reduces the risk of malware or unauthorised software from compromising the device.
IT Policy Guidance
Acceptable Use Policy
Craft a clear policy detailing what volunteers can and cannot do on personal devices when conducting charity business- this includes restrictions on using unsecured networks or installing non-approved apps.
Incident Response Procedures
Have a step-by-step plan ready in case a volunteer’s device is compromised. Outline how to report incidents, isolate the issue and communicate protocols.
Data Protection and Privacy
Ensure all personal data handling aligns with laws such as General Data Protection Regulation (GDPR). Gain consent from volunteers and make sure that any stored or shared data is protected with encryption and secure transmission protocols.
Final Thoughts
Effectively overseeing volunteers’ personal devices involves a balanced mix of practical strategies, strong security frameworks, well-configured access controls and robust policy management. By utilising tools like Microsoft Intune and Jamf, you can mitigate the risks associated with personal devices and ensure that their valuable data remains secure.
During this Volunteer Week, let’s not only honour our volunteers but also empower them to work securely and confidently. If you’d like support in implementing any of the above solutions, don’t hesitate to get in touch here.
