Securing your CRM Donor & Client Data

Sep 10, 2014 | Blog

There are several common CRMs that are available for nonprofit organizations. Your needs as an organization – and how you need to manage your data – should come first. The technology (whatever software platform you choose to use) should support those needs. In other words, as my co-presenter in a workshop given last year on “Data Management for Nonprofits” pointed out, CRM is a process that is not necessarily tied to technology.

But an important point is how your organization actually uses your donor (and/or client) data, and how to properly keep that data secure. In this post, I will write about some do’s and a don’t in managing your CRM data.

untitled-design-101. DO make sure your data is stored behind an encrypted (HTTPS) connection.
SSL certificates are necessary to internet security. They encrypt traffic (data) that is passed between the web server and an individual in a way that prevents others from being able to intercept, or read, any of that data. They are required by law for websites such as banks, and they are required by any website that handles financial transactions. I also highly recommend SSL certificates for any website that implements a user login system. Here’s another blog post I’ve written, on “Securing your Website,” which goes into SSL certificates in more detail.

2. Do keep your server, and the CRM that resides on the server, up-to-date.
As we discovered earlier this year, a critical bug that affected the integrity of SSL certificates appeared, making all websites that implemented SSL certificates vulnerable to confidential data leakage. It was up to the systems administrators of web servers to update the software (OpenSSL) affected by the Heartbleed bug. Additionally, bugs are found in CRMs all the time, which prompts the software maintainers to issue an update. Here’s an example of a recent security update provided by CiviCRM. While WordPress is not necessarily a CRM (it is a CMS, or Content Management System), many CRM systems can interface with WordPress websites. Thus, not only is it important to keep your CRM systems up-to-date, but its also vital to keep your CMS system (like WordPress or Drupal, to name a few) up-to-date! Here’s an example of a recent WordPress security update. The fact is, if you do not keep your systems and software up-to-date, your websites and CRM systems will be vulnerable.

3. DO NOT copy, migrate, or share your data insecurely.
We once had a client, who was in the process of migrating their CRM data off of a local Microsoft Access database into a cloud-based CRM, tell us that they were confused about migrating their data. So they decided to take the entire Microsoft Access database (which contained clients’ Social Security Numbers), and email the document to their their contact at the new cloud CRM provider and asked the new provider if they could help import the data.

This is a huge violation of data privacy (and it could, in some circumstances, be illegal). By emailing that unencrypted data, this nonprofit opened themselves up to a huge liability: What if that data had been intercepted (or given or sold by the person receiving the email) to a person or organization with malicious intent? Hundreds, if not thousands, of individuals private information could have been compromised, and once the leak had been traced back to the nonprofit organization, they would have been liable for the data breach.

In summary, remember to keep your systems and software up-to-date, use common security practices (including implementing SSL certificates), and be sure to protect your clients’ (and/or donor) data.

To learn more about our services, visit our home page, or read about our services.

Why Choose Barred Owl Web?

We have worked with David at Barred Owl for several years. The experience has been great. He is very knowledgeable and serves us well with prompt help and utmost professionalism. The price we pay is very competitive and a great value for the products we receive. I would recommend without reservation that you explore Barred Owl as a solution for your server and managed web-hosting needs.
Mark Morgenstern, Senior Director, Grow2Serve

Barred Owl has hosted our websites for many years with consistently great uptime. David & his team have always been responsive when the sites experience high traffic issues. They have been creative in thinking about ways to improve server performance and proactive about security updates. They have always been a great value, and we will continue to use them for all our hosting needs.
Evan Donovan, City Vision University

Top-notch service from start to finish! Friendly, responsive, and completed my website migration and hosting project with little to no input on my part - which was exactly what I was looking for. I imagined a months-long headache of problems and they nailed it in just one business day. Very reasonable priced as well so my small budget could afford them. My professional advice: Do Not Hesitate to hire Barred Owl Web!
Fern Bertch, Great Favors

A Few of Our Clients:

Bakke Graduate University (BGU)
Bethel Bible Village
Chattanooga Room in the Inn
Great Favors
Grow2Serve
International Peace Initiatives
Law Office of Daniel J. White
Metropolitan Ministries (MetMin)

Midwest Tread
Mission Data International
NET Institute
Rogue River Counseling
City Vision University
Tranco Logistics
Yoko Consulting

Contact Us

P.O. Box 21514
Chattanooga, TN 37424