Data security and your in-house CiviCRM expert

Security-related topics have been coming up in my coaching sessions quite a lot recently.

I'm really not sure why. Has there been something in the news that I've just missed?

Regardless, here's something worth thinking about:

Have you designated one person in your organization as the primary in-house administrator for CiviCRM?

If not, how can you be sure about security concerns like the following?

• Identifying sensitive personal information that's tracked your CRM.

• Ensuring that information is only accessible to the people who really need it.

• Configuring rules and permissions as tightly as possible without limiting your staff members' ability to get their work done.

• Defining and enforcing policies for password strength, multi-factor authentication, and data sharing.

• Adhering to legal requirements such as GDPR or equivalents for your jurisdiction.

• Disabling user accounts that are no longer needed.

• Defining a standardized data breach response plan, so you know when and how to act in case of possible unauthorized data disclosure.

These are not small things, but they're not to be avoided.

They're also pretty hard to outsource. The most effective approach is for someone within your organization to be responsible for covering all these bases.

Remember, your constituents are counting on you to protect their data.

It's just one more reason to designate an in-house CiviCRM system administrator.

All the best,
A.