Today we’re continuing in our series of the Top 10 Questions You Must Ask Your Agency (or Consultant)!
If you use a consultant or an agency to help with your fundraising or marketing you have to ask these 10 questions…and be happy with the answers you hear back.
Number 6 on the list of Top 10 Questions You Must Ask Your Agency:
“Is my data secure?”
One of the most important assets you have is your donor information. This includes everything from names and addresses to giving history to credit card information. Hopefully your internal processes ensure security of that data.
Too often agencies and their vendors transmit data and ask you to transmit donor data via insecure methods.
If your agency says “just email us an excel file of your top 100 donors including name, address and most recent giving information” your data may be at risk.
If your agency instructs you to upload your mailing file to vendor’s ftp, but gives you a login like “guest” and no password, your data may be at risk.
If your agency regularly downloads your data so they can process selects and reports on your behalf, is the data only zipped in the transfer process? If so, your data may be at risk.
To keep your data safe, your agency must offer you a secure way to transfer your data.
-If you have ftps or https in the url where you upload your data, that’s a good sign your data will be secure.
-If you have a unique login and password, that’s a good sign your data will be secure.
-If, when you login, you cannot see anyone else’s data but yours, that’s a good sign your data will be secure.
-If your agency provides you with a PGP public key*, that’s a good sign your data will be secure.
*The best tool to securely encrypt large or very important data files for transfer is called PGP. It stands for “Pretty good privacy” but it’s without question the best protection out there. It’s virtually unhackable. Click here if you want to learn more about PGP. (Zipped files have no encryption and password-zipped files, while better than nothing, have still been hacked.)
Bottom line: If you are transferring data using public tools, like email or ftp, you must make sure your data is secure.
Oneicity uses a combination of security measures and always communicates donor data to vendors securely.
There are a host of good options. Be sure you don’t make the mistake of thinking that it isn’t a big deal. It is.
Just ask. If your agency says “don’t worry about” or “it isn’t a problem” but they can’t tell you how they are securing your data, you have a data security issue. Don’t put your organization and your donors at risk.
So how about how…how do you keep your donor data secure?
Here’s the list of our “Ask Your Agency/Consultant” questions so far:
Question 1: (not announced yet)
Question 2: (not announced yet)
Question 3: Have you disclosed all commissions?
Question 4: How do you integrate fundraising and marketing?
Question 5: Have you worked in a ministry?
Question 6: Is my data secure?
Question 7: (not announced yet)
Question 8: How will the new 990 requirements effect me?
Question 9: Do you walk the walk?
Question 10: Are you a real expert?
Steve Thomas
Partner, Oneicity
(photo credits: rpongsaj)
2 thoughts on “ask your agency #6”
Where can I learn more about this? I haven’t heard anything about the stuff you’re talking about. Is there a resource you can point me to? (We send files to our printer all the time and I’d never thought about it).
@Jim–First, do the fair thing and ask your printer/vendor/agency first.
Here’s another link to look at: http://en.wikipedia.org/wiki/Public-key_cryptography
If you’re still not getting help, shoot me an email and I’ll hook you up with the Oneicity security guru.