|11 Nov 2022|
|Written by Ella Bennett|
1. Choose a secure server host to store your data
Cloud servers offer a secure means for your data to be stored, as they automatically encrypt your data when it is uploaded to the cloud as well as regularly back up your data. It’s also useful to know that cloud server operators must comply with a whole host of regulatory mandates, frameworks and laws of the countries in which they operate, meaning that they are highly secure. ToucanTech uses dedicated cloud servers hosted by Amazon Web Services (AWS) to store all of our data, which has the most extensive, reliable and secure global cloud infrastructure, as well as backing up data to a separate Google Cloud Platform (GCP) server in a separate location for disaster recovery purposes.
2. Constantly check for viruses and malware
The best way to prevent your website from being attacked, and to protect your data, is to install antivirus software and malware protection. Don’t wait too long between each scan for database security threats - try to run your malware protection every day to identify and detect potential vulnerabilities. Firewalls are also a great way to restrict internet traffic and protect from website attacks. ToucanTech uses both virtual network firewalls and web application firewalls to automatically protect against various website attacks, alongside running automatic antivirus scans on a regular basis.
3. Beware the dangers of using unsecured wifi to access data
Now that remote working is more common, it’s important to keep in mind the danger of accessing data from unsecured wifi. This could include connecting to public wifi or even using home wifi, which is not regularly updated. To avoid this, you should educate on and remind team members of the dangers of connecting to unsecured wifi and implement internal security policies to ensure staff are conscious of this when working with data. If you travel a lot and access particularly sensitive data, you may consider using a virtual private network (VPN) to add a layer of security when using unsecure wifi.
4. Pick a passphrase
Encourage your new users to sign up to your online community using a strong password, in particular, a passphrase. Passphrases are made up of four or more random words, making them more difficult to crack. In theory, they should be easier to remember too - think Chicken2nightinParis! Bonus points if you encourage your users to add a second point of identification called multi-factor authentication, as this will add an extra layer of security to the account, and is another feature supported by ToucanTech. Keep in mind that passwords of less than 8 letters could be cracked in less than an hour, so the best passwords are those that are long, unique and regularly updated.
5. Limit who can access your data
Have you taken a look at who has access to your organisation’s data? Rather than giving everyone in the team access to your system, think about their specific role and what data, information or applications must be made available for them to do the job. Consider reviewing your admin accounts and assign different levels of access accordingly. Make sure you add in a default admin logout time for inactivity - here at ToucanTech, main admins are able to choose a default admin logout time of 30 minutes, 2 hours or 12 hours of no activity. To make sure no unauthorised personnel are able to access your data, have an admin manually approve each new member to your online site before they are able to use your site.
6. Use a secure encryption to import, export and transfer data
Never send personal data via an unencrypted email. Email is not a secure method of data transfer, and does not guarantee an encrypted transfer end to end, making the information more vulnerable to a hack along the way. Instead, upload all data directly to your online portal using a secure file-sharing device, encrypted USB or a partner integration service. At ToucanTech, all customers are able to securely upload data directly into or from their ToucanTech admin portal, and only the highest-level customer admins should be allowed to export fixed CSV lists of records from various sections of the admin portal, with a full audit log of exports captured.
7. Ask your suppliers about their policies for handling your data
Is your supplier a data controller or processor? If the answer is yes, find out whether they are registered. Ask about the regulatory code they abide by and if they have policies in place for their employees. At ToucanTech, we are acutely aware of the responsibility that comes with handling your data, and are registered with the UK’s Information Commissioner's Office (ICO) to handle all of our customer databases, as well as adhering to the privacy policies of multiple global jurisdictions, including the EU's GDPR and Australian, UK and US data privacy laws. Make sure you are familiar with your data processor’s data breach process and what cyber and data insurance cover they have.
8. Be transparent about your data protection policy
9. Manage your users’ consent appropriately
Consent management is the practice of giving customers control over the data you collect and how you use it. It’s therefore important to make sure your users are able to edit and update their own consent options. ToucanTech has a full consent management system inbuilt to help customers comply with the EU’s GDPR and other international privacy laws. This allows you to track and manage users who have opted-in, out or remain unspecified accordingly.
10. Safeguard your younger members
The best way to safeguard your younger members and users is to have locked down content visible only to logged-in members of your community - that way, only verified users will have access to all the content displayed on the site. Community admins should also monitor internal messages and posts, blocking or muting anyone they are worried about on the online community - users can support admins with this by reporting ‘spam’ messages from others. Parents can also help younger users with adjusting their online privacy settings so that their profiles are only visible to connections on the online portal.
ToucanTech publishes regular up-to-date guides about consent management, data and privacy law and other related topics. To learn more about how you can manage your organisation’s data safely and securely, get in touch with the ToucanTech team.
Having a database full of dirty data can be a CRM nightmare. Read ToucanTech's tips to find out how you can declutter your database to ensure your analytics are accurate. More...
Find out how we protect and store data at ToucanTech as we answer some of our most frequently asked questions. More...
We caught up with this New York high school about their recent switch from Raiser's Edge to an all-in-one integrated CRM… More...
How to consolidate your email, events, and alumni engagement data into one system More...
Driving growth and engagement in your community using insights from your database More...
Rodean successfully beats its fundraising target for its Ukrainian Bursary Appeal, raising almost £70,000 to support the school's Ukrainian students. More...
Take a look at how this independent girls' school incentivized their alumnae to log into the alumnae portal and populate their profiles. More...
Find out how to tackle the key challenges facing membership clubs, from handling data to personalising your members' experiences More...