When the Colonial Pipeline, the largest fuel pipeline in the country, was hit with a ransomware attack in May, people finally started to take notice of the damage a data breach can cause. Despite paying a $5 million ransom, service was severely disrupted and gas shortages were widespread.
Ransomware hit much closer to home last year when a major donor database provider suffered one of the largest ransomware attacks of 2020, affecting the data of more than 25,000 customers in more than 60 countries. Both the provider and the provider’s customers have been sued over compromised data.
We first warned Eleo blog readers of ransomware back in 2017 as nonprofits continue to be targeted by cybercriminals. Hackers typically use phishing emails to infiltrate a nonprofit’s network, block access to critical data, and threaten to delete the data or publish it on the dark web if a ransom isn’t paid.
The FBI recommends against paying the ransom because there’s no guarantee the hacker will live up to their end of the deal, and paying the ransom could embolden criminals to carry out more attacks. Of course, many organizations, from small nonprofits to large corporations, pay the ransom to avoid major disruption and bad publicity.
Ransomware is just one reason why Eleo goes to such great lengths to keep your data safe. Here’s how we do just that.
Microsoft Azure Security Features
Eleo donor management software is hosted on the Microsoft Azure cloud platform. Microsoft has a team of more than 3,500 cybersecurity experts working together to protect customer data with sophisticated security controls. These controls make it possible to proactively identify threats before they cause problems in most cases.
Azure security features include:
- 24-hour monitored physical security of our servers in Azure data centers.
- Antivirus/antimalware protection built into the servers to detect and remove viruses, spyware, and other malicious software.
- Automatic data and system backups, performed daily and stored off-site so you can restore critical data and systems in case of a breach, power outage, or natural disaster.
- Intrusion detection and Distributed Denial of Service (DDoS) prevention to help detect and mitigate threats. In a DDoS attack, hackers try to overwhelm a system with internet traffic so normal traffic doesn’t reach its destination.
Eleo Security Features
While Microsoft provides a highly secure environment to hold your data, Eleo provides additional security features to help keep your donor database secure without making it difficult for users to access your data.
User authentication is critical to keeping unauthorized users away from your data and systems. Not only do we provide username and password protection, but we also track and log invalid authentication attempts, lock out users after repeated failed login attempts, encrypt all passwords, and notify users of password changes via email.
The Eleo system tracks when users log in and log out, records their IP addresses, and maintains other tracking information. This information can be useful to investigating suspicious activity or data breaches. Advanced 128-bit Secure Sockets Layer (SSL) encryption protects data that travels over the internet to keep outside users from snooping on your activity.
About That Technical Jargon…
Don’t feel overwhelmed! We realize the information here is a bit technical. We’ve tried to provide the simple, concise version of how we keep your data secure, but there’s no getting around the fact that IT security can be pretty technical.
The most important thing to remember is that Eleo donor management software is just as secure as much larger systems, perhaps even more secure.
Of course, there’s no way to 100 percent guarantee a data breach will not occur, which is why we immediately disclose and explain any security events that directly or indirectly affect your data. And if you have questions about security, you can pick up the phone and speak to a live person.