Keeping your organisation's information safe and protected from those with malicious intent has long been a priority of businesses. Whilst there are lots as a CRM provider that we do to ensure that your data is protected we thought we’d compile a ‘101’ of security measures that we provide and tips which you can do to keep your organisation's information private and protect your devices from threats.
Keeping your CRM secure
- Audit your CRM users - any users who have left or 3rd party users - e.g. web developers - you no longer use should be deactivated - you can do this via the Security Centre in your Donorfy
- If you use the Donorfy API review the access keys and check they are still needed - remove any that you don’t know you need
- Don’t share logins between users - Donorfy comes with unlimited logins, so make sure everyone has their own
- Set user permissions to reflect their roles and activities, including their ability to download CSV files from Lists
- Strongly recommend or make it your organisation’s policy to use Two-Factor Authentication (2FA) to login to Donorfy and other apps.
- Review the Allowed IP addresses under your Forms > Security or Online Donations > Security - Form & Web Widget Security
Transferring data and security whilst out and about
- Don’t use USB sticks - if you need to transfer files use a secure service like Dropbox or Wetransfer
- If you find a USB stick somewhere do not plug it into your device - it's a very common way of attempting to compromise your device
- Avoid using public WiFi - use a personal hotspot instead
- Use a VPN when mobile
Other Security tips
- A quick audit of your own security policies - do they need updating?
- Refresh your team about GDPR and cybersecurity threats
- Use good quality anti-virus and threat protection software
- Keep your software up to date - especially the operating systems - i.e. Windows, iOS, etc - turn on auto-updates so this happens automatically
- Make sure you are using a secure up to date browser - the best main-stream options are Firefox, Safari or Chrome
- Turn on encryption on your computer - i.e. for Windows BitLocker, mac FileVault
- Delete downloaded files or data you no longer need
- Change the password on your home WiFi router
- Use strong passwords and enable a password vault e.g 1Password
What we do to keep things secure
- Email you if it looks like your Donorfy sign-in has been used from a new device
- Provide a Dashboard view on how secure your Donorfy is within the Security Centre and provide guidance on how to increase your rating
- Allow you to set up Two-Factor Authentication on your Donorfy
- Allow API access to be locked down to specific IP addresses
- Web Widgets and Forms can block or allow specific IP addresses
- Transactional forms utilise Stripe and are PCI compliant - we do not store credit/debit card details
- reCaptcha can be enabled on transactional forms to help prevent fraudulent activity
- Donorfy is hosted in Microsoft Azure, a highly secure and scalable cloud computing platform. As one of the world’s leading platforms, Microsoft takes security extremely seriously. Read more about it here.