Don't be left in the dark.

Little Green Light is a cloud-based donor management system for fundraisers.
Subscribe to get our latest product updates, best practices and tips to grow your nonprofit.

Little Green Light security overview and best practices

Posted March 3, 2021 by Timi Paccioretti

Database security and best practices

This article was originally posted in December 2017. It has recently been updated with new information. 

Since Day 1, Little Green Light has prioritized the safety and security of our customers’ data. In this article, we summarize all the ways LGL keeps your data secure and provide some best practice suggestions for what you can do to improve your data security.

Key security measures we employ to ensure the privacy and security of all data stored in LGL

  • We carefully selected Lightcrest to host our servers. As an industry leader, Lightcrest’s servers are fast, reliable, and secure and use leading-edge technologies to preempt threats.
  • Our servers (based in the U.S.) are protected by firewalls, and all communications between servers and data centers are encrypted.
  • Little Green Light is accessed only through SSL (secure socket layer)-encrypted connections—the same level of security used for online banking. You’ll see the padlock and “https” on every URL in your account (the “s” in https stands for “secure”).
  • Internal access to Little Green Light servers and customer data is strictly controlled, and all of our employees have signed confidentiality agreements.
  • All customer data is backed up daily, and backups are stored on multiple secure servers for redundancy.
  • We require all new users to set complex passwords for their Little Green Light user accounts.

You can read more about our system’s Security and our Privacy Policy on our website.

Now that you know what we’re doing to help keep your data secure, we’d like to offer some tips on what your organization can do to ensure the security of your data.

What can you do to keep your Little Green Light data secure?

We recommend following these best practices for keeping your data secure:

  • Ensure strong passwords and manage team member access
  • Use 2-step verification and get notified of unusual logins
  • Train staff to be on the lookout for phishing emails
  • Make sure your organization has a proper confidentiality policy
  • Use ReCaptcha and “minimum amounts” on your donation forms

 

Ensure strong passwords and manage team member access

Make sure that every user in your Little Green Light account has their own unique user name and password. This will allow you to inactivate any user who no longer needs access to your database, as well as ensure that each user has the appropriate level of access. All users need to use good passwords, and no one should share their password with others. 

Password managers are an excellent way to improve your password security. They help users create a unique and strong password for every site. This article from PC Magazine reviews password managers and why they are so important. 

Carefully consider what information needs to be accessed by each team member in your LGL account. Based on that, you can assign them one of the four roles available for users in LGL. 

Use 2-step verification and get notified of unusual logins

LGL offers 2-step verification. Administrators can turn this on for their account in Subscription Settings. When enabled, it requires all users in your account to use a newly generated code when logging in.

Individual users can choose to receive notifications when their user account is logged into from a new geographic location. Users can set this option in the My Profile area.

Train staff to be on the lookout for phishing emails

The number of phishing emails being sent out is staggering. The reason you see so many of them is because they work. According to the 2020 Verizon Data Breach Investigations Report,Phishing is the biggest threat for small organizations, accounting for over 30 percent of breaches.” Share with your staff how to spot a phishing email. Above all, ensure they make a habit of carefully examining the full “from” email address and the full URL of all links in emails to verify that they are legitimate.

These articles provide some additional tips:

 

Make sure your organization has a proper confidentiality policy

Because users in your LGL account have access to private information, it’s a good idea to implement a confidentiality policy at your organization and ask all users to sign it. You can use one of these templates from the National Council of Nonprofits to create a confidentiality agreement for your nonprofit.

Use ReCaptcha and minimum amounts on your donation forms

Online donation forms are prime targets for fraudsters trying to validate stolen credit card information (which can cause chargebacks). Little Green Light has safeguards in place to reduce the likelihood of fraudsters using your forms to test stolen credit cards. Here are a couple of steps you can take to minimize the chance that your forms will be used in this way:  

  • Make sure reCaptcha is turned on in your payment forms.
  • Set a minimum amount for your payment field of $5 or more.

Frequently asked questions about Little Green Light’s security, privacy and backup process

 

Who “owns” the data customers store in Little Green Light?

Per our Terms of Service, our customers own their own data. All current customers can download a comprehensive export of their data at any time.

Is Little Green Light PCI compliant?

The payment processing functionality in LGL forms is PCI compliant. Credit card data security is managed by the payment processor you select to use in LGL forms (i.e., ProPay, PayPal, or Stripe), and they are all PCI compliant. LGL forms never captures credit card information; that data is sent to the processor instantaneously from the user’s browser, and LGL receives a secure token for use in the case of recurring donations. It is important never to use your Little Green Light account to store credit card numbers.

Can I create a backup of my data and store it locally?

Yes, you can create a zipped file of your data using a Comprehensive Export. You can schedule that report to run as often as you’d like (daily, weekly, or monthly) and automatically have it emailed to you or other members of your team. Your data is also automatically backed up on secure servers, so there’s no need to keep a backup locally. And note that the format of the comprehensive download is not suitable for uploading back into Little Green Light without some manipulation.

Is Little Green Light HIPAA compliant?

No, Little Green Light is not HIPAA compliant, and we do not expect our customers to store protected health-related information in their LGL database.

Conclusion

Keeping your data secure in the cloud is vital. By being informed about our security protocols and following best practices, you can take important steps to ensure the safety and security of your donor data when using Little Green Light.

One thought on “Little Green Light security overview and best practices

Leave a Reply

Your email address will not be published. Required fields are marked *

Ready to try LGL? Get your first 30 days free. No credit card required.