Beyond the Basics: Protecting Your Donors’ Records

March 3, 2016       The NonProfit Times      

Looking for a few extra measures you can take to protect your data? Here are a few common practices that might or might not be right for your particular needs. You need to think about two-factor authentication, information rights management, password management and network security monitoring.

 Two-Factor Authentication: Many software applications — especially Cloud-based software — allow you to add a second layer of authorization. Typically, this means you would enter your password as a first layer, and then answer a question such as “What is the name of your pet?” or “What school did you attend in first grade?” as a second layer.

The theory behind this approach is simple — someone guessing login information is not likely to know or be able to guess autobiographical authentication information. Additional methods of two-factor authentication include PINs texted to mobile devices or delivered by audio recording to telephones.

 Information Rights Management: Word documents, PDFs, and even emails can be “locked.” This security feature usually requires that the user open the document only on a specific network or enter a password before viewing the content.

Very few nonprofits are likely to need such protection, but if you’re working with information that you need to share but can’t let fall into the wrong hands, you might consider this measure, with the caveat that password discipline and secure communications about shared passwords are necessary and could significantly complicate the simple act of opening a document.

Password Management: Password services are emerging as a popular way to manage all the different passwords a person might need, as much out of convenience as for security reasons. These services typically require you to use one long, complex password to unlock all your other passwords.

Many offer plug-ins that allow you to access your password and apply it without leaving your browser. While many services and features (such as automated password changing and the ability to handoff your password information to an emergency contact after your death) can make life more convenient and secure, there can be big consequences to a breach of this service. If a hacker — or even someone you know — gets their hands on your master password, then every online service you use could be compromised.

 Network Security Monitoring: Larger organizations, especially those that feel they have a lot of sensitive data to protect and face a high risk of being targeted by hackers, might consider hiring a service to monitor traffic on their network and vigilantly defend in real time against cyber attacks. A number of different organizations offer these services, but they are expensive and are still no guarantee. Threats tend to move faster than any efforts to thwart them.