Security is important to all of us - but when you're managing the data of donors, fundraisers and volunteers for your charity, ensuring constant data safety is of the utmost importance.
With encrypted data, daily data backups, and PCI Compliant Payment Processing, we know that Beacon offers an incredibly high rate of security as a CRM, but what should you do if you feel that your account has been compromised?
Take Precautions
Data breaches are a pain - stressful, exhausting, and likely costly too. So you'll want to do everything you can to avoid them - we've got a few tips to help you there:
Set up Two-Factor Authentication on your email account if possible, and most definitely on your Beacon account
Do not share passwords. Beacon's pricing structure allows companies to have people using Beacon part time, so there should never be a reason for you to share your Beacon account details with anyone else - it's a security risk and is not something we allow. Additionally, Beacon only allows your account to be logged into one device at once, so if you do share your account details with someone and they try to log on whilst you're in the middle of doing something, you run the risk of losing work and sparking security alerts. If you need a new user account - contact us using the button in the right hand corner.
Following the above steps should ensure that any chance of a data breach is incredibly low, but, if you believe you may have had one, then...
Don't Panic
Good advice for life, managing a group of Home Guard volunteers, and for hitchhiking round the Galaxy, but especially important in a situation like this. It's okay to feel stressed about a data breach - but remember that you're not alone - the team at Beacon are here to guide you through this and get this resolved swiftly.
Firstly, get in touch with our support team (use the in-app chat or email [email protected]). We can lock down your account, and ensure that no-one is able to access your data until your security breach has been resolved. We take data breaches incredibly seriously, and will be able to guide you on what to do next.
If you believe that your email account has been compromised, the first step should be to go to your email provider, and follow the security steps they provide for you to regain access to your account. Many will allow you to check any suspicious activity on your account, and enable you to set up Two-Factor Authentication. This, along with setting a unique and secure password, will ensure you lessen the chances of any kind of account breach. Beacon has some handy tips for setting up secure passwords, which you can view here.
We'd also recommend taking this time to update all of your passwords, and ensure that you utilise a unique password for each.
Tip: Worried you'll forget your passwords? Well, don't - whatever you do - write them down; use a password storage system like 1Password instead.
Reset your Account
Once you've established that your email is secure, contact Support at Beacon again. We'll be able to unblock your account, and send a reset password email through to you.
You should also use this as an opportunity to set up Two-Factor authentication (if you haven't already) for Beacon. This will greatly increase your account security and massively lessen the chances of anything like this occurring again.
Look at Your Data
Check your data, and think about who may have tried to access it. If you think they'll have tried to export any of your data, check your export logs in your sidebar: Export data > Export logs
Don't forget that all of your records have timelines, and that you can sort records by the date that they were last modified - so checking for any changes should be straightforward
Speak to your in-house Data Controller. If it does look like a third party has got hold of your data without your permission, they'll need to think about your compliance with GDPR, and establish the likelihood and severity of the resulting risk to people’s rights and freedoms. If it’s likely that there will be a risk then they must notify the ICO; if it’s unlikely then they may not have to report it, but they will still need to document it fully.
Prevention is better than the Cure
It's an old adage, but, when it comes to data breaches, it is one that is unquestionably true.
Unique Passwords, Two-Factor Authentication and ensuring only you have access to your account will massively lessen any chance of you having your email or Beacon account compromised.
Follow those steps, and, all being well, this is the last time you'll need to visit this page!