Security, Configuration, and Customization

Recent high-profile incidents have served to emphasize the importance of security for any system that stores personal or sensitive information about individuals and organizations. Fundraising systems are a particularly appealing target for hackers due to the extensive donor profile and contact information and financial and credit card/bank account data storage. Security begins with the login process. At the very least, the system you select should have password complexity requirements, such as requiring a certain number of characters and a mix of characters, numbers, and symbols. More secure systems will allow you to turn on two-step verification or Multi-Factor Authentication (MFA) for logins to require users to enter a code that is texted or emailed to them. A few systems allow Single Sign On (SSO) so that users can be authenticated with the credentials they use to access their organization’s network. You should also ask if the system automatically logs users off after a period of inactivity. How does the system handle data encryption? Does it encrypt data at rest and/or in transit? Are credit card numbers stored in the system or are they tokenized and stored in a PCI-compliant vault. How often do system backups run? It’s also important to…