No matter how your organisation stores their data, whether it is on a simple spreadsheet or a complex database, one of the most important things to consider is who has the rights to view, add, update and delete information.
Not-for-Profit organisations regularly have an array of different users logging into their CRM systems, and all of them have different roles and needs when it comes to accessing data.
For example: A person in charge of Gift Processing will require access to all areas relating to gift data entry, but probably not to exporting or mass update features. A phone-a-thon volunteer, on the other hand, requires only minimal viewing rights to contact details and has no need to see gift information, communication logs or personal data.
When you give users more access than they need you are not only opening up your data to potential threats, you are also putting unnecessary pressure on your colleagues by entrusting them with access privileges that they may not understand. In a lot of cases it is simple, honest mistakes which are the biggest threat to your data.
For example: If you have a bulk update feature and an untrained user accidentally makes a change without realising, it can be weeks before the error is picked up. Once it is identified generally the two options are either manually correcting the records (if you can find them!) OR restoring from a back-up, resulting in weeks of lost work.
The Golden Rule is to give users enough access to do their job, and nothing more. When a user has appropriate access rights they can work in confidence that they are only making updates where they are supposed to, and they also benefit from not being distracted by information or functionality that is not relevant to them.
By following this simple rule you will help maintain data quality, improve productivity and, most importantly, enhance your data security.