Keeping your organisation's information safe


Keeping your organisation's information safe and protected from those with malicious intent has long been a priority of businesses. Whilst there are lots as a CRM provider that we do to ensure that your data is protected we thought we’d compile a ‘101’ of security measures that we provide and tips which you can do to keep your organisation's information private and protect your devices from threats.

Keeping your CRM secure

  • Audit your CRM users - any users who have left or 3rd party users - e.g. web developers - you no longer use should be deactivated - you can do this via the Security Centre in your Donorfy
  • If you use the Donorfy API review the access keys and check they are still needed - remove any that you don’t know you need
  • Don’t share logins between users - Donorfy comes with unlimited logins, so make sure everyone has their own 
  • Set user permissions to reflect their roles and activities, including their ability to download CSV files from Lists
  • Strongly recommend or make it your organisation’s policy to use Two-Factor Authentication (2FA) to login to Donorfy and other apps.
  • Review the Allowed IP addresses under your Forms > Security or Online Donations > Security - Form & Web Widget Security


Transferring data and security whilst out and about

  • Don’t use USB sticks - if you need to transfer files use a secure service like Dropbox or Wetransfer 
  • If you find a USB stick somewhere do not plug it into your device - it's a very common way of attempting to compromise your device 
  • Avoid using public WiFi - use a personal hotspot instead
  • Use a VPN when mobile


Other Security tips

  • A quick audit of your own security policies - do they need updating?
  • Refresh your team about GDPR and cybersecurity threats
  • Use good quality anti-virus and threat protection software
  • Keep your software up to date - especially the operating systems - i.e.  Windows, iOS, etc - turn on auto-updates so this happens automatically
  • Make sure you are using a secure up to date browser - the best main-stream options are Firefox, Safari or Chrome
  • Turn on encryption on your computer - i.e. for Windows BitLocker, mac FileVault
  • Delete downloaded files or data you no longer need 
  • Change the password on your home WiFi router
  • Use strong passwords and enable a password vault e.g 1Password


What we do to keep things secure

  • Email you if it looks like your Donorfy sign-in has been used from a new device 
  • Provide a Dashboard view on how secure your Donorfy is within the Security Centre and provide guidance on how to increase your rating
  • Allow you to set up Two-Factor Authentication on your Donorfy 
  • Allow API access to be locked down to specific IP addresses 
  • Web Widgets and Forms can block or allow specific IP addresses
  • Transactional forms utilise Stripe and are PCI compliant - we do not store credit/debit card details
  • reCaptcha can be enabled on transactional forms to help prevent fraudulent activity
  • Donorfy is hosted in Microsoft Azure, a highly secure and scalable cloud computing platform. As one of the world’s leading platforms, Microsoft takes security extremely seriously. Read more about it here.


Please sign in to leave a comment.
Powered by Zendesk