Data security and management tips

1. Manage your user lists. Your users can log on and access supporter data. If you are a ‘Super Admin’ for your account, make sure that you regularly maintain this list, making users inactive that should no longer have access or deleting them altogether if they have left your organisation. 
2. Consider using permission groups. For example, if some users should not see certain types of supporter data when they log on, you can use data views to hide it from them.
3. Keep your passwords secure. Do not email your passwords or tokens. Email is not a secure method of communication (do not email supporter data either!)
4. Use Egnyte to share secure data. If you need to share data with our support team, or other members of your team use Egnyte. Never send data (or passwords or tokens) via email! If you’re not familiar with this secure file sharing system please contact us and we can get you set up, or let you know who has access already.
5. Supporters’ data should not be stored in Google Analytics. That means you shouldn’t place personal data, such as email addresses, into URLs that might be logged by Google Analytics. For example, be careful when using the Form Dependency Redirect, which redirects as soon as the condition is met and pre-populates the landing page from data it places in the URL.
6. Use a subdomain of your site for your hosted page. If you are using e-activist.com or netdonor.net domains for your Engaging Networks pages, contact us. We can help you get a subdomain for your pages instead (this does not cost you anything), such as action.your-charity.org. This builds trust from your supporters that they are on a legitimate site and also lets you whitelist your domains (see the next item).
7. Specify your allowed domains. This means that your pages can only be displayed using domains you have allowed. Some spammers can guess URLs otherwise and submit data or test card numbers.
8. Fraud management. Although not about data security as such, we have lots of other fraud management tools available – take a look at this page for more information.
9. Check your audit log. Super Admins can check the audit log to see when users are logging in, and what they do. It can be useful to check that activity, as well as the job monitor and import logs, so you’re aware of how your account is being used.
10. Be careful when importing and deleting data. Make sure you have robust procedures in place when your users import or alter data in some way. Many of these processes are irreversible, and so mistakes can be hard to correct. 

Please contact Support with any questions about implementing these tips. Also, if you’re doing other things to help secure your data on Engaging Networks, let us know as we’ll turn this email into a blog post. The more we can share the better.