Data security is in the news.

The good news is that there are now many best-practice measures that modern cloud solutions like Donorfy employ to prevent malicious, unauthorised and unwanted access to their data.

In light of the recent Blackbaud data hack it’s important to know how we keep your data safe at Donorfy. This article outlines twelve of the main measures we take (but also look at the footnote for a surprising stat…).

1. We leave hosting to the experts

Donorfy is built and hosted on Microsoft Azure, one of, if not the leading global cloud infrastructure. Therefore organisations using Donorfy benefit from Microsoft’s huge investment in physical and electronic security, which is way beyond the means of any one organisation or software provider.

2. Your data is encrypted

All data is encrypted, whether it’s on the move between browser and server, or just “at rest” - sitting there on the hard drive. So even if it was accessible, it would be very difficult to make any sense of it.

3. Tokens, tokens, tokens

These day’s there’s simply no need to for the CRM to keep records of credit/debit cards and bank accounts. So we leave that to the payment gateways (Stripe, GoCardless etc). We just hold a unique “token” representing the card / account details, which on its own means nothing. So even if it fell into the wrong hands it would be useless.

4. IP Address restriction

Access to data via the API can be locked down to just the IP addresses of your choice. Ensuring that no access via the “back door” is possible.

5. Unusual login tracking

If anyone logs in from an unusual location on an unusual device Donorfy sends the user an email to alert them, in case it wasn’t them. Usually it’s fine, but it’s always good to know.

6. Two-factor authentication

In addition to the password, 2FA requires a unique code that appears on an app on your smartphone when you log into Donorfy. An extra layer of protection that is now an industry standard.

7. Penetration testing

Using a combination of paid-for “ethical hacking” services and industry-standard pen-test tools we make sure that we haven’t left the doors unlocked.

8. reCAPTCHA

All login and public-facing forms are protected by Google’s reCAPTCHA 3 security service. This makes it very difficult for machines to gain access by passing themselves off as humans. And with reCAPTCHA 3 the user doesn’t have to tick 3 photos containing storefronts or similar.

9. User Permissions

You can set user permissions in Donorfy to restrict certain users from getting access to certain functions and downloading data.

10. Keeping up with the upgrades

You’re always up to date with the latest, most secure version of Donorfy (and the tools we use to build it), so you don’t have to remember to apply patches or upgrades.

11. Auto logout

An unattended, logged in screen will be a temptation to some. So Donorfy will log you out after a period of inactivity. Irritating if you leave it just too long, but it’s all for a good reason.

So that’s what we do, and we will continue to keep a watching brief on the best practice techniques for keeping your data safe. That said, remember that most data breaches are caused by human error.