Security technology can be confusing, especially for a small nonprofit with limited in-house expertise. Between antivirus software, firewalls, ransomware, multi-factor authentication, and other terms, it can feel like you’re learning a foreign language.
Unfortunately, as overwhelming as security may seem, it’s far too important to ignore. Data is the lifeline of any organization – corporate or nonprofit – and protecting that data should be a top priority.
The good news is, you don’t have to be a technical expert to maintain a high level of security. Most security issues can be solved with common sense and the creation of simple policies that bring everyone onto the same page and reduce risk.
There are a few areas of security that cause confusion and create unnecessary risk. However, they are also easily fixable. Here are four tips for making your nonprofit’s database more secure.
1) Know Your Security Responsibilities
When using cloud-based donor management software like Eleo, many nonprofits assume they are absolved of all security and compliance responsibilities. However, cloud security is a shared responsibility.
Eleo software resides on the Microsoft Azure cloud platform. You don’t have to worry about securing that infrastructure. But you do control who has access to your data.
That means user accounts need to be set up. You need to think about who should have access to what data, and who is permitted to enter, modify, and delete various types of data. This requires careful and consistent planning, not technical expertise.
2) Apply the Principle of Least Privilege
The principle of least privilege says each user should be able to access the minimum amount of resources required to perform the tasks their job requires. For example, a part-time volunteer coordinator doesn’t need access to the personal data of major gift donors.
For the sake of convenience, many nonprofits allow everyone to access everything. In this scenario, if an account is ever compromised, your entire database could be exposed, hacked, corrupted, or deleted. Also, a well-intentioned staff member or volunteer could unintentionally cause serious issues within your database. To minimize risk, try to avoid allowing users to have access to data and resources they don’t need.
3) Create a Process for Removing Accounts
In the nonprofit world, it is common to have users that haven’t logged into the system in years. Usually, these accounts still have full access to the nonprofit’s entire database. If you don’t remove or deactivate these accounts, you provide unlocked doors for hackers to walk right into your database. This activity is difficult to detect because they’re using legitimate user account credentials.
Did a staff member leave? Did you create user accounts for people who were assisting with your annual gala? If so, be sure to have a process in place for removing dormant or unnecessary accounts.
4) Stop Using Shared Accounts
Some nonprofits will create generic accounts for small groups of users to share. In some cases, one user will share their account with others because he or she doesn’t want to go through the process of creating new accounts and setting up user permissions.
Additionally, in most cases, donor management systems charge extra for additional users. This lends itself toward short cuts and lumping people together onto one account.
Shared accounts create all kinds of headaches. Activity can’t be traced back to an individual user. Each user could be doing things their own way, resulting in inaccurate or lost data. Also, shared credentials are inherently less secure. Passwords are easy to guess and rarely changed.
Eleo Can Help Keep Your Nonprofit’s Database More Secure!
Eleo offers unlimited user accounts to eliminate the need for sharing. Every user has a unique username and password to make it easier to track user activity and reduce the risk of confusion, data loss, and security breaches.
We know security can still feel complex. If you need help keeping your database more secure, Eleo can help. Visit our support page for valuable resources or call 1-844-676-3536, Monday through Friday from 9am to 5pm EST, for live support.
