Data Breach has always been a cause of concern for various commercial organizations. As the organizations grow, they set practices and procedures to secure their information from external threats. With changing times, information security has also become an integral part for non-profits. Since they handle the data of the most vulnerable population, they also take responsibility of protecting these communities from any kind of data breach. Leaders around tech are coming up with ways to avoid security breaches in non-profit sector with a plethora of new CRM systems.

Salesforce helps non-profits by coming up with innovative and necessary steps that provide a comfortable space for non-profit organizations to centralize their data. With centralizing the data for non-profits, Salesforce also owns the responsibility to protect constituents’ data. With SaaS, Salesforce ensures the security and integrity of the platform, but the non-profit organization also shares the responsibility of allowing the people within their organization with whom they are sharing this data.

What is Nonprofit Data Security in salesforce?

When we talk about nonprofit data security that is provided by salesforce, we discuss it in terms of access to information.

                                          Image Source = Google | Image By – Salesforce

Let’s take an example of a building. To enter the building itself, would be the first step of providing access. This is done through the salesforce initial login page. A person can either be permitted to enter this building or denied access. Once a person is able to enter the building, we decide whether or not he/she has access to certain floors. Floors can be taken as the different types of data that is being stored in the organization. It can be financial data, demographical data of the constituents, etc.

If the person gets access to a floor, then we have to decide what sort of rooms he/she can enter. The room here represents the information of an individual. Within that room comes granular data such as boxes. Boxes represent the attributes of an individual. Do you have access to email of a person, or could you only see their name, address, etc?

What is compliance?

Compliance is a set of practices and procedures that is being kept by the state or a country where you are storing the data. When we talk about compliances, two major ones stand out – GDPR and HIPPA.

The GDPR is a new comprehensive data protection law (in effect May 25, 2018) in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data.

The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. HIPAA is another regulation your nonprofit may encounter, especially if your nonprofit works in human services.

What leads to the loss of data?

Although, we flag major breaches and external parties to be the major cause of such incidents. At ground level, we see that data loss occurs due to smaller errors. Based on our 2020 State of Salesforce Data Protection Survey, human error is the leading cause of data loss within the Salesforce ecosystem, making up just less than half of all incidents.

                                          Image Source = Google | Image By – Salesforce

Data security practices for nonprofits to avoid security breaches in nonprofit sector:

1. Enable multifactor authentication: Multi-factor authentication (or MFA) adds an extra layer of protection against common threats like phishing attacks, credential stuffing, and account takeovers. Implementing MFA is one of the most effective ways your company can increase the security of your Salesforce data.

2. Set Login IP Ranges: With Login IP ranges you can stop unauthorized access to your system. You can make it mandatory for a user to login only from designated IP addresses – company network.

3. Decrease session timeouts: Users sometimes leave their computers unattended or they don’t log off. You can protect your applications against unauthorized access by automatically closing sessions when there is no session activity for a period of time.

4. Password policies: Strong password security is an important step in protecting your Salesforce accounts and Salesforce recommends these best practices:

• Password expiration – Salesforce recommends no more than 90 days to force users to reset their passwords
• Password length – Salesforce suggestions minimum password length of 8-10 characters
• Password complexity – Admins should require users to include a mix of alpha, numeric, and special characters in their Salesforce password

5. Auditing and logging: Audit logs provide a chronological record of all activities in your system, such as logins, permissions changes, and addition/deletion of records. They are used to detect anomalous use of the system, and are critical in diagnosing potential or actual security issues.

We recommend that you set up audit trails for your Salesforce instance, and perform regular audits to monitor for unexpected changes or usage trends.

To read more about the said practices and for more informative blogs around salesforce, reach out to us at https://www.mirketa.com/blog/