Data security is in the news.
The good news is that there are now many best-practice measures that modern cloud solutions like Donorfy employ to prevent malicious, unauthorised and unwanted access to their data.
In light of the recent Blackbaud data hack it’s important to know how we keep your data safe at Donorfy. This article outlines twelve of the main measures we take (but also look at the footnote for a surprising stat…).
1. We leave hosting to the experts
Donorfy is built and hosted on Microsoft Azure, one of, if not the leading global cloud infrastructure. Therefore organisations using Donorfy benefit from Microsoft’s huge investment in physical and electronic security, which is way beyond the means of any one organisation or software provider.
2. Your data is encrypted
All data is encrypted, whether it’s on the move between browser and server, or just “at rest” - sitting there on the hard drive. So even if it was accessible, it would be very difficult to make any sense of it.
3. Tokens, tokens, tokens
These day’s there’s simply no need to for the CRM to keep records of credit/debit cards and bank accounts. So we leave that to the payment gateways (Stripe, GoCardless etc). We just hold a unique “token” representing the card / account details, which on its own means nothing. So even if it fell into the wrong hands it would be useless.
4. IP Address restriction
Access to data via the API can be locked down to just the IP addresses of your choice. Ensuring that no access via the “back door” is possible.
5. Unusual login tracking
If anyone logs in from an unusual location on an unusual device Donorfy sends the user an email to alert them, in case it wasn’t them. Usually it’s fine, but it’s always good to know.
6. Two-factor authentication
In addition to the password, 2FA requires a unique code that appears on an app on your smartphone when you log into Donorfy. An extra layer of protection that is now an industry standard.
7. Penetration testing
Using a combination of paid-for “ethical hacking” services and industry-standard pen-test tools we make sure that we haven’t left the doors unlocked.
All login and public-facing forms are protected by Google’s reCAPTCHA 3 security service. This makes it very difficult for machines to gain access by passing themselves off as humans. And with reCAPTCHA 3 the user doesn’t have to tick 3 photos containing storefronts or similar.
9. User Permissions
You can set user permissions in Donorfy to restrict certain users from getting access to certain functions and downloading data.
10. Keeping up with the upgrades
You’re always up to date with the latest, most secure version of Donorfy (and the tools we use to build it), so you don’t have to remember to apply patches or upgrades.
11. Auto logout
An unattended, logged in screen will be a temptation to some. So Donorfy will log you out after a period of inactivity. Irritating if you leave it just too long, but it’s all for a good reason.