The safest place for your valuable data is in a locked vault behind a steel door. However, if you can't access your data then it is no longer very valuable!
When organizing, it is important to strike a balance between availability and privacy. Both PTP and each organization using PowerBase have a role to play in striking this balance.
We at PTP do our part by storing your database only on servers with encrypted disks, using state-of-the-art https settings to ensure all data is encrypted between our servers and your computer, carefully auditing which administrators have access to our servers, and ensuring your database receives prompt security updates.
To ensure availability, we maintain copies of your database going back a full year on at least 3 servers in at least two cities in two countries (all the while ensuring they never get stored on an un-encrypted disk).
In addition, when providing access to your data, we either enable you to download it directly from your database while logged in or we provide a dump via our secure https://files.ourpowerbase.net/ site, which provides for one-time downloads.
The first questions to ask yourself are: how bad would it be if our database was downloaded by the wrong person? Would you be responsible for notifying the people in your database that your data was breached? Would you put anyone in danger? Would it damage your reputation or make it harder to organize?
Some common mistake organizations make when managing their data that can lead to a compromise include:
- Using the same password for multiple people, particularly volunteers or interns. This habit often leads to passwords being written down on post it notes, people who have left the organization retaining access to the database, and making it difficult to change a password that may be compromised.
- Always use a different password for each user
- Discourage anyone from disclosing their password
- Actively audit and purge users that no longer need access to the database
- Saving passwords in your browser on un-secured devices, especially cell phones. We strongly encourage using hard-to-guess passwords, and saving those passwords in your browser is one of the only ways to make that possible. You should do it! But, if you do...
- On your desktop or laptop, use a master password
- On your cell phone - ensure you have a strong pin number (at least 6 digits, not a swipe pattern) and preferably encrypt your device.
- Downloading copies of data onto computers, particularly lap top computer that may be stolen.
- Delete CSV or other downloads after you have used them
- Save downloads on local area network file servers (assuming they are secured) rather than on your laptop
- Encrypt your computer's hard disk
- Saving data on remote services, like Dropbox. If you are subpoenaed for data on one of our servers, you may fight the subpoena, and PTP will fight the subpoena, but will other services holding your data?