Little Green Light is a cloud-based donor management system for fundraisers.
Subscribe to get our latest product updates, best practices and tips to grow your nonprofit.
“After people, data is your most important resource.”
We’re often asked, “How secure will my data be in LGL?” Being in the cloud, we certainly understand where the question is coming from. Typically, assessing risk in relation to data and IT involves working through three major components:
Evaluation and assessment
First, none of the data types that are highly sensitive and highly pursued by those with bad intentions are easily stored in LGL (nor should they be stored there):
Data assets typically stored in LGL (each client may need to add items as necessary; this chart covers the core items) and the level of sensitivity:
| Data asset | Level of sensitivity | LGL comments |
| Name and contact information | Low | Publicly available information (phonebooks, voter rolls, large-scale databases) |
| Date of birth | Low | Also publicly available, though harder to acquire than names and contact information |
| Gift information | Medium | Proprietary to each organization but not secret. NOTE: Any organization that publishes an annual report makes this information public |
| Wealth indicators | Low | Not all clients use this aspect of LGL. If they do, the information is gathered from public records (e.g., scans of annual reports, insider information, etc.) |
Risk assessment
Given that the majority of information stored in LGL by customers is neither highly sensitive nor subject to any federal compliance regulations, assessing the risk can be viewed in context of the nature of the data. Below are a sampling of factors LGL recommends considering in relation to the risk assessment of the data. Certainly clients are free to a) add items appropriate to their circumstances and/or b) make their own assessment.
| Threat/vulnerability | LGL assessment | LGL comments |
| Internet hacking | Low risk | Given the relatively low profile of both LGL and its clients (none have national/international profiles like Walmart, Target, or eBay) |
| Physical theft/attack (equipment) | Very low risk | LGL is in “the cloud” and therefore not prone to this risk. (NOTE: This is the only type of security threat that LGL customers have suffered from and their LGL data was unaffected.) |
| Password sharing | Low risk (IF client implements good practices) | LGL offers unlimited accounts for this very reason, to avoid situations where usernames and passwords are shared. |
| Data loss due to hardware failure, natural disaster, etc. | Low risk | LGL uses top-notch server companies, the primary of which is Liquid Web.[i] Data redundancy and backup routines are maintained at a level unachievable by all but the largest nonprofits and businesses. |
| Unsecure local files | Medium risk | Clients regularly download Excel-friendly files from LGL. These are not password-protected and should be managed carefully on local drives, in email attachments, etc. |
[i] http://www.liquidweb.com/datacenter/ (Datacenter access is strictly limited to technical staff. Electronic security systems control data center access and are accompanied by a full complement of motion-detecting security cameras, which monitor the entire facility. Our DataCenter facility external walls are reinforced poured concrete. We are a fully managed facility, which means we have level 3 technicians on site 24 hours per day, allowing incident response times to be kept to a minimum.)
Risk mitigation
Given all the above, the steps toward mitigating can be outlined as follows:
| Threat/vulnerability | LGL mitigation steps | Client mitigation steps |
| Internet hacking | Use HTTPS[ii] and other best-in-class web security protocols | N/A |
| Physical theft/attack (equipment) | N/A | Ensure computers are in physically secure spaces that ensure access by authorized personnel only. |
| Password sharing | N/A | Provide all those who need access to LGL with their own username/password. Do not distribute this information. Update passwords to be strong. |
| Data loss due to hardware failure, natural disaster, etc. | Maintain/review server provider(s) to ensure they meet highest expectations | N/A |
| Unsecure local files | N/A | Use downloaded files discreetly and delete them when no longer necessary. Store them on secure file servers rather than the local drive or USB drives. Email sparingly. |
[ii] http://en.wikipedia.org/wiki/HTTP_Secure
While there is a lot of media attention paid to high-profile Internet security breakdowns, the vast majority of data stored in “the cloud” is neither interesting nor secret. The reality of today’s world is that “the cloud” gives nonprofits access to levels of IT infrastructure they could never achieve with their limited budgets. Secure facilities, redundant systems, background checks on staff, etc., are typically not available for “servers down the hall” in a nonprofit setting.
Ready to try LGL? Get your first 30 days free. No credit card required.