Knowledge Base

Security Health Check

Keeping your data secure is our top priority. While transacting online through secure means such as SSL is relatively safe for your organisation and your supporters, there are always threats that you need to guard against to protect data for supporters' privacy and your reputation.

Education is the key

Security is everyone in your organisation's responsibility. The most common way a cyber attack occurs is when someone in an organisation opens an email and clicks on a link that they shouldn't - opening the door for a bad actor to enter your organisation's systems. This is called a phishing attack.

We recommend that all organisations have ongoing cyber security traning and awareness programs to help prevent this most common type of attack.

Platform Security Measures

The Funraisin platform has several measures designed to help you keep your supporters' data safe. Here's a few that your team can action if not in place already by your organisation.

2 Factor Authentication

Email addresses and passwords can be compromised so we recommend you enable this feature within your Funraisin site and have all your team use 2FA to login.

Customisable Role Based Access

Reducing access can help keep threats at bay. Funraisin allows you to manage access and security for your admin users by giving your team an all-access pass as an admin user, or giving them access to specific modules they need for their role.

Data Exports Activity Log

Do you have a process for regularly checking on access to your site? If not, we recommend checking the Data Exports log for suspicious activity monthly.

Go to: Data Exports > Advanced Options (middle white nav) > Logs

Process and vigilance - what should I check?

When it comes to data security there is no substitute for a robust process that is routinely carried out. We recommend that at a minimum you regularly carry out checks on your entrant and donation data and user access for suspicious activity.

The most common perpetrators of data breaches are ex-employees - so it's important to make sure you have some general housekeeping in place for admin users to protect your data and reputation.

Note: The below list is not exhaustive and is not intended to replace the need for your organisation's own data protection protection policies and procedures.

  1. Have all admin users who have left the organisation been archived in Funraisin?

  2. Have all admin users been set up with the correct level of access for their role?

  3. Have you checked your admin logins recently? Has anyone logged in recently that doesn't usually log in? Check with them if they've accessed the system.

  4. Avoid using shared inboxes for admin user account access - these are the most vulerable to phishing attacks.

  5. Have you checked your data export logs recently? Has anyone who doesn't usually access reports been downloading data?

  6. If you are having reports emailed to you - ensure you use the password protection option in the data exports module.

  7. Consider if you really need to email reports - best practice would be to log in and download the report from within the admin.

  8. Have you checked your incomplete donations log recently to look for fraudulent activity such as low value card testing?

For further information on cyber security you can access https://www.cyber.gov.au/

If you'd like further help, please pop in a support ticket from your Funraisin admin, and our team will assist you.