Security Health Check
Keeping your data secure is our top priority. While transacting online through secure means such as SSL is relatively safe for your organisation and your supporters, there are always threats that you need to guard against to protect data for supporters' privacy and your reputation.
Education is the key
We recommend that all organisations have ongoing cyber security traning and awareness programs to help prevent this most common type of attack.
Platform Security Measures
The Funraisin platform has several measures designed to help you keep your supporters' data safe. Here's a few that your team can action if not in place already by your organisation.
2 Factor Authentication
Email addresses and passwords can be compromised so we recommend you enable this feature within your Funraisin site and have all your team use 2FA to login.
Customisable Role Based Access
Reducing access can help keep threats at bay. Funraisin allows you to manage access and security for your admin users by giving your team an all-access pass as an admin user, or giving them access to specific modules they need for their role.
Data Exports Activity Log
Do you have a process for regularly checking on access to your site? If not, we recommend checking the Data Exports log for suspicious activity monthly.
Go to: Data Exports > Advanced Options (middle white nav) > Logs
Process and vigilance - what should I check?
When it comes to data security there is no substitute for a robust process that is routinely carried out. We recommend that at a minimum you regularly carry out checks on your entrant and donation data and user access for suspicious activity.
The most common perpetrators of data breaches are ex-employees - so it's important to make sure you have some general housekeeping in place for admin users to protect your data and reputation.
Note: The below list is not exhaustive and is not intended to replace the need for your organisation's own data protection protection policies and procedures.
- Have all admin users who have left the organisation been archived in Funraisin?
- Have all admin users been set up with the correct level of access for their role?
- Have you checked your admin logins recently? Has anyone logged in recently that doesn't usually log in? Check with them if they've accessed the system.
- Avoid using shared inboxes for admin user account access - these are the most vulerable to phishing attacks.
- Have you checked your data export logs recently? Has anyone who doesn't usually access reports been downloading data?
- If you are having reports emailed to you - ensure you use the password protection option in the data exports module.
- Consider if you really need to email reports - best practice would be to log in and download the report from within the admin.
- Have you checked your incomplete donations log recently to look for fraudulent activity such as low value card testing?