Today we’re announcing two new security options for Little Green Light customers. We also think it’s a good time to summarize all the ways LGL keeps your data secure, and to provide some best practice suggestions for what you can do to improve your data security.
Since Day 1, Little Green Light has prioritized the safety and security of our customers’ data. Here are the key security measures we employ to ensure the privacy and security of all data stored in LGL:
- We carefully selected Lightcrest to host our servers. As an industry leader, Lightcrest’s servers are fast, reliable, and secure and use leading-edge technologies to preempt threats.
- Our servers (based in the U.S.) are protected by firewalls, and all communications between servers and data centers are encrypted.
- Little Green Light is accessed through SSL (secure socket layer)-encrypted connections—the same level of security used for online banking. You’ll see the padlock and “https” on every URL in your account (the “s” in https stands for “secure”).
- Internal access to Little Green Light servers and customer data is strictly controlled, and all of our employees have signed confidentiality agreements.
- All customer data is backed up daily, and backups are stored on multiple secure servers for redundancy.
Today we’re announcing two new security features in Little Green Light:
With 2-step verification turned on, anyone who logs into your Little Green Light account will be asked not just for a password but also for a unique one-time verification code, which LGL simultaneously emails to the user’s email address. This security feature reduces the ability for fraudsters to log into your Little Green Light account, even if they know one of your passwords.
Administrators can turn this feature on by going to Settings > Subscription settings > General (and then scrolling to the bottom of the page).
Email alerts for logins from new locations
We now also offer a setting that will send you email alerts whenever your user account is logged into from a location that we don’t recognize. If you’re traveling, you’ll probably recognize the new location and can safely ignore this alert. If you have not been traveling, you’ll know that your account may have been compromised and can take steps to secure the account (such as changing your password immediately). To enable this option, go to My Profile > General Information > Edit general info.
Now that you know what we’re doing to help keep your data secure, we’d like to offer some tips on what your organization can do to ensure the security of your data.
What can you do to keep your Little Green Light data secure?
We recommend following these best practices for keeping your data secure:
Make sure that every user in your Little Green Light account has their own unique user name and password.
This will allow you to inactivate any user who no longer needs access to your database, as well as ensure that each user has the appropriate level of access. You’ll also be able to accurately see who most recently edited a constituent record.
All users need to use good passwords, and no one should share their password with others. As this CNBC story says, “The password is by far the weakest link in cybersecurity today.” This advice from Carnegie Mellon School of Computer Science can help you create strong passwords.
Ensure users have access to only the information they need.
Carefully consider what information needs to be accessed by each new team member that you add to your LGL account. Based on that, you can assign them one of LGL’s default roles or a custom-created role that you can request from our support team. Administrators can also request that certain sections of constituent records be restricted from view for Fundraiser- and Volunteer-level users, and you can restrict users so they can view only constituent records that are assigned to them.
Implement a confidentiality policy at your organization, and ask all users to sign it.
You can use one of these templates from the National Council of Nonprofits to create a confidentiality agreement for your nonprofit.
Reduce fraudulent use of your online donation forms.
Online donation forms are prime targets for fraudsters trying to validate stolen credit card information (which can cause chargebacks). Little Green Light has safeguards in place to reduce the likelihood of fraudsters using your forms to test stolen credit cards. Here are a couple of steps you can take to minimize the chance that your forms will be used in this way: .
- Make sure reCaptcha is turned on in your payment forms (LGL turns this on automatically in all new payment-enabled forms).
- Set a minimum amount for your payment field of $5 or more.
Frequently asked questions about Little Green Light’s security, privacy and backup process:
Who “owns” the data customers store in Little Green Light?
Per our Terms of Service, our customers own their own data. All current customers can download a comprehensive export of their data at any time.
Is Little Green Light PCI compliant?
The payment processing functionality in LGL Forms is PCI compliant. Credit card data security is managed by the payment processor you select to use in LGL Forms (i.e., ProPay, PayPal, or Stripe), and they are all PCI compliant. LGL Forms never captures credit card information; that data is sent to the processor instantaneously from the user’s browser, and LGL receives a secure token for use in the case of recurring donations. It is important never to use your Little Green Light account to store credit card numbers.
Can I create a backup of my data and store it locally?
Yes, you can create a zipped file of your data using a Comprehensive Export. You can schedule that report to run as often as you’d like (daily, weekly, or monthly) and automatically have it emailed to you or other members of your team. That said, your data is automatically backed up on secure servers, so there’s no need to keep a backup locally. And note that the format of the comprehensive download is not suitable for uploading back into Little Green Light without some manipulation.
Is Little Green Light HIPAA compliant?
No, Little Green Light is not HIPAA compliant, and we do not expect our customers to store protected health-related information in their LGL database.
Keeping your data secure in the cloud is vital. By being informed about our security protocols and following best practices, you can take important steps to ensure the safety and security of your donor data when using Little Green Light.