Little Green Light is a cloud-based donor management system for fundraisers.
Subscribe to get our latest product updates, best practices and tips to grow your nonprofit.
This article was originally posted in December 2017. It has recently been updated with new information.
Since Day 1, Little Green Light has prioritized the safety and security of our customers’ data. In this article, we summarize all the ways LGL keeps your data secure and provide some best practice suggestions for what you can do to improve your data security.
Now that you know what we’re doing to help keep your data secure, we’d like to offer some tips on what your organization can do to ensure the security of your data.
We recommend following these best practices for keeping your data secure:
Make sure that every user in your Little Green Light account has their own unique user name and password. This will allow you to inactivate any user who no longer needs access to your database, as well as ensure that each user has the appropriate level of access. All users need to use good passwords, and no one should share their password with others.
Password managers are an excellent way to improve your password security. They help users create a unique and strong password for every site. This article from PC Magazine reviews password managers and why they are so important.
Carefully consider what information needs to be accessed by each team member in your LGL account. Based on that, you can assign them one of the four roles available for users in LGL.
LGL offers 2-step verification. Administrators can turn this on for their account in Subscription Settings. When enabled, it requires all users in your account to use a newly generated code when logging in.
Individual users can choose to receive notifications when their user account is logged into from a new geographic location. Users can set this option in the My Profile area.
The number of phishing emails being sent out is staggering. The reason you see so many of them is because they work. According to the 2020 Verizon Data Breach Investigations Report, “Phishing is the biggest threat for small organizations, accounting for over 30 percent of breaches.” Share with your staff how to spot a phishing email. Above all, ensure they make a habit of carefully examining the full “from” email address and the full URL of all links in emails to verify that they are legitimate.
These articles provide some additional tips:
Because users in your LGL account have access to private information, it’s a good idea to implement a confidentiality policy at your organization and ask all users to sign it. You can use one of these templates from the National Council of Nonprofits to create a confidentiality agreement for your nonprofit.
Online donation forms are prime targets for fraudsters trying to validate stolen credit card information (which can cause chargebacks). Little Green Light has safeguards in place to reduce the likelihood of fraudsters using your forms to test stolen credit cards. Here are a couple of steps you can take to minimize the chance that your forms will be used in this way:
Per our Terms of Service, our customers own their own data. All current customers can download a comprehensive export of their data at any time.
The payment processing functionality in LGL forms is PCI compliant. Credit card data security is managed by the payment processor you select to use in LGL forms (i.e., ProPay, PayPal, or Stripe), and they are all PCI compliant. LGL forms never captures credit card information; that data is sent to the processor instantaneously from the user’s browser, and LGL receives a secure token for use in the case of recurring donations. It is important never to use your Little Green Light account to store credit card numbers.
Yes, you can create a zipped file of your data using a Comprehensive Export. You can schedule that report to run as often as you’d like (daily, weekly, or monthly) and automatically have it emailed to you or other members of your team. Your data is also automatically backed up on secure servers, so there’s no need to keep a backup locally. And note that the format of the comprehensive download is not suitable for uploading back into Little Green Light without some manipulation.
No, Little Green Light is not HIPAA compliant, and we do not expect our customers to store protected health-related information in their LGL database.
Keeping your data secure in the cloud is vital. By being informed about our security protocols and following best practices, you can take important steps to ensure the safety and security of your donor data when using Little Green Light.
Ready to try LGL? Get your first 30 days free. No credit card required.