How does CFP secure my data?
At Church Finance Pros, we take the security of our clients’ financial information seriously. While the list is not exhaustive, below are some key security protocols we have in place to protect your financial data. Because we don’t want to lay out our whole infrastructure in a public environment, we’ll highlight key points and omit specific details. However, we are happy to share further detail on a call with any client as appropriate.
Email – we retain a third party email security service who configures our policies for emails, specifically for quarantine, safe-attachments, anti-spam, anti-phishing, and anti-malware policies. We use international spam filters and DKIM and DMARC security protocols. Our emails also include a header that shows us if an email is external to avoid internal spoofing scams.
Restricted Team Access – our team uses a credentialing solution to manage and cloak passwords which are set securely by select team leaders. Other team members use the access manager which pre-fills login information and tracks employee activity. Team member access to client data can be turned off with one click in the event a compromise is detected. The login for each team member is also geo-locked to their location so attempts to login from somewhere else will be blocked.
Secure Passwords – we use secure/complex passwords generated by our password management tool when setting up credentials. Our single-sign-on logins used by our team are updated at regular intervals and give us the ability to seamless update passwords to client accounts without any disruption to our team.
Client Access – when we request logins to client data, we always request view-only access to accounts where money can be moved without a clear audit trail (such as online banking). This helps give clients peace of mind that their financial information belongs to them and limits the impact a unlikely compromise could have.
Audit Trail – many of the systems we use have a built-in audit trail so we can see everyone’s activity. For those systems where our team uses a central login, our credentialing solution provides an internal audit log so we can still see (within a reasonable time frame) who used any particular account.
Client Requests – don’t be offended if our team asks you to submit a request through another protocol or reaches out through another communication method to confirm a request is really from you. We rely on these steps to ensure requests are really coming from you.
Team Training – our team undergoes training on our security protocols during onboarding and has refreshers at least annually to protect client data. When we identify a scam attempt with one of our clients or internally, other team members are also notified to serve as reminders and be on the lookout.
What can you do to help?
Here are the top three ways you can help us protect your financial and confidential data.
- Use existing processes – we design our processes with specific protection points in mind. Following protocols on submissions helps us identify strange activity and catch problems before they arise. Once a process is laid out for how we’ll work with your church, use that process exclusively. If someone on our team asks you to do something outside of that process, feel free to double check with us (even using an alternative method of communication or checking in with another team member). Don’t reply back to the person asking you to do that and then trust their confirmation alone (at least copy another team member).
- Upload secure files properly – avoid emailing documents with sensitive data such as social security numbers. Upload those files through Karbon or using the link in the email signature of our team members to “Upload a secure file.” We will be notified a file is available and can download it securely.
- Train your internal team on common scams – we have the ability to help clean-up some messes, but many times once a scam is complete, there is no way to recover the lost funds. Training your team will help them understand how to interact with us and our processes and together we can keep your church finances secure.
For more details on our security protocols or for more training, please feel free to reach out to Jake Douglas (firstname.lastname@example.org).