See my comment, but I have some terrible trenched stories with how non profit run service.
A last one : I was ask to pry open the personal windows of a freshly dead employee because apparently a bunch of critical informations were stored on it ( payroll, bunch of passwords to Linux boxes running stuff )
I refused, then asked to get permission of family.
Then I learned that the plan was to basically reclaim that personal laptop of a dead employee because migrating stuff was too hard.
I told them I was busy.
I think they stole that laptop containing private correspondance and still use it today.
It’s a NGO you heard off. Running on most continents.
My take : IT and security are a distant thought in those places and you need strong top down directions and training to enforce basic hygiene
> 4 is basically having my data stored on a crappy Core2 Duo server under a staircase, managed by a teenager
... isn't 1 the same then ? Aside from teenager part