Keeping your organisation's information safe and protected from those with malicious intent it is a priority of businesses. Whilst there are lots as a CRM provider that we do to ensure your data is protected we thought we’d compile a list of security measures that we provide and tips you can follow to keep your organisation's information private and protect your devices from threats.
Keep your CRM secure
Audit your CRM users. Any users who have left or third party users you no longer use should be deactivated. You can do this via the Security Centre in your Donorfy.
If you use the Donorfy API, review the access keys and check they are still needed. Remove any that you don’t need.
Don’t share logins between users. Donorfy comes with unlimited logins, so make sure everyone has their own.
Set user permissions to reflect their roles and activities, including their ability to download CSV files from Lists.
Strongly recommend or make it your organisation’s policy to use Two-Factor Authentication (2FA) to login to Donorfy and other apps.
Review the Allowed IP addresses under your Forms. Navigate to Security or Online Donations, click Security - Form & Web Widget Security.
Transfer data and security whilst out and about
Don’t use USB sticks. If you need to transfer files use a secure service like Dropbox or Wetransfer.
If you find a USB stick somewhere do not plug it into your device. This is a common way of attempting to compromise your device.
Avoid using public WiFi, use a personal hotspot instead.
Use a VPN when mobile.
Other Security tips
A quick audit of your own security policies - do they need updating?
Refresh your team about GDPR and cybersecurity threats.
Use good quality anti-virus and threat protection software.
Keep your software up to date, especially the operating systems - i.e. Windows, iOS, etc. Turn on auto-updates so this happens automatically.
Make sure you are using a secure up to date browser: the best options are Firefox, Safari or Chrome.
Turn on encryption on your computer: i.e. for Windows BitLocker, mac FileVault.
Delete downloaded files or data you no longer need.
Change the password on your home WiFi router.
Use strong passwords and enable a password vault e.g 1Password.
What we do to keep things secure
Email you if it looks like your Donorfy sign-in has been used from a new device.
Provide a Dashboard view on how secure your Donorfy is within the Security Centre and provide guidance on how to increase your rating.
Allow you to set up Two-Factor Authentication on your Donorfy.
Allow API access to be locked down to specific IP addresses .
Web Widgets and Forms can block or allow specific IP addresses.
Transactional forms utilise Stripe and are PCI compliant: we do not store credit/debit card details.
reCaptcha can be enabled on transactional forms to help prevent fraudulent activity.
Donorfy is hosted in Microsoft Azure, a highly secure and scalable cloud computing platform. As one of the world’s leading platforms, Microsoft takes security extremely seriously. Read more about it here.