Is your nonprofit under a cloud of doubt or still at that final consideration phase of choosing which brand is the best at cloud security? We will answer that question in this article.  

Before, please be aware to some of the regulations that applied to Australian Non Profit such as:  

Privacy Act

• The Privacy Act 1988 (Cth) (Privacy Act) is the national law which regulates how private organisations in Australia must collect, use, disclose, secure and dispose of personal information. 

Security of Critical Infrastructure Act

• Charities involved in the supply or provision of critical infrastructure, which includes matters such as health, transport, energy, communications, food and water, are regulated by the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act). The SOCI Act includes significant cyber risk management and reporting obligations. 

ACNC Governance Standards

• Governance Standard 3, which requires a charity to comply with Australian laws; and 
• Governance Standard 5, which outlines the duties of a charity’s directors, including the requirement to act: with reasonable care and diligence; and honestly and fairly in the best interests of the charity and for its charitable purposes. 

ACNC External Conduct Standards

• Charities that operate overseas, including charities that just send money overseas, are required to take reasonable steps to comply with the ACNC’s External Conduct Standards (ECS).   

First, let's talk about the risks that can potentially harm your organisation. Your data can be compromised by two categories of people:

• External Hackers: Mostly, it’s by finding vulnerabilities in any internet–connected machine to gain access to internal systems with end – goals of Ransom the data back to you, sell the data off for identity theft purposes, or publish embarrassing data.  

• Internal Staff: Often staff members are the source of your organisation’s biggest data breaches, either from their own negligence or they purposefully breach the system, especially staff who has bad personal history with the company.  

Therefore, nonprofit organisation must apply a fundamental cloud security principle called Principle of Least Privilege. It’s an information security concept which maintains that a user or entity should only have access to the specific data, resources and applications needed to complete a required task. Simply, users can’t have more access than they supposed to.  

By adopting cloud technology, you can mitigate the risk of your data being lost or stolen. Strong cloud security and high – level encryption minimise the likelihood of any incidents occuring.

Single Sign – On (SSO) is a time – saving and highly secure user authentication process. SSO lets users access multiple applications with a single account and sign out instantly with one click.  

With SSO, users can access all needed applications without being required to authenticate using different credentials. Microsoft security and compliance is one of the best in the world and they are ensuring customers that their data is stored in a safe location.  

Microsoft allows different single sign–in options for different non profit settings. Cloud applications can use federation – based options, such as OpenID Connect, OAuth, and SAML. The application can also use password – based SSO, linked – based SSO, or SSO can be disabled. Read more about the options here in Microsoft Active Directory documentation page.  

Another security layer is to set up two – factor authentication or Multi – Factor Authentication (MFA). MFA helps to ensure that only authorised users can log in to your organisation accounts. MFA also makes single sign – on even more secure.  

If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, an attacker could be using it to gain access. When you require a second form of authentication, security is increased because this additional factor isn’t something that’s easy for an attacker to obtain or duplicate.  

Microsoft Multi – Factor Authentication has following authentication methods:  

• Something you know, typically a password 

• Something you have, such as trusted device that’s not easily duplicated, like a phone or hardware key 
• Something you are like biometrics like a fingerprint or face scan 

Azure AD Multi-Factor Authentication can also further secure password reset. When users register themselves for Azure AD Multi-Factor Authentication, they can also register for self-service password reset in one step. Administrators can choose forms of secondary authentication and configure challenges for MFA based on configuration decisions. So, there is another reason Microsoft Cloud Can Help Increase Your Non Profit Data Security & Protection.  

It’s a sophisticated feature built natively in Microsoft Azure Cloud solution that acts as intelligent detection and control of sensitive information across Office 365, OneDrive, SharePoint, Microsoft Teams and on the endpoint (user devices).  

This solution helps organisations protect their sensitive data stored on cloud, laptops, workstations, and other portable storage devices. These solutions safeguard data regardless of endpoint’s physical location, offer content discovery capabilities as well as different remediation actions.  

With Microsoft’s Enterprise Mobility + Security (EMS) offer organisations can manage and protect their users, devices, apps and data. The tools will allow you to:  

• Simplify management of apps and devices for your employees and volunteers 

• Protect your organisation’s information across phones, tablets, and PCs 
• Identify suspicious activities and advanced threats to your organisation in near real time 

EMS is incredibly valuable when employees are using multiple devices to access data, where volunteers may be bringing in their own devices, or where field workers need access to certain applications or data when they are out on visits. This suite is now available as a donation for up to 50 licenses. 

Yeah, there's a lot built into this, and it's helpful to know what you're getting out of the box and what you need to expect to have a partner deliver for you. Here's a breakdown of the key functionalities that you can expect across the Microsoft Cloud for Nonprofit solution. 

• Fundraising and Engagement – Microsoft Dynamics 365 for Sales  
• Constituent Marketing Journeys – Microsoft Dynamics 365 for Marketing 
• Volunteer Management – Microsoft PowerApps platform for various cloud computing task and resources 

• Volunteer Engagement – Also Microsoft PowerApps platform for different portal services 
• Volunteer Intranet – Microsoft SharePoint 
• Volunteer Collaboration – Microsoft Teams 
• Program Impact Dashboard – Microsoft Power BI 

Microsoft for Non Profit is built for non – profit organisations, with huge range of functionality to manage constituent information and build complex, highly customised workflows. There are a large variety of add – ons for anything you could think of, including HR processes, different layouts for different teams, data visualisations, volunteer management, text message fundraising … you name it.