Shadow databases, risky business

By Laura Haight
This is the third article in a multi-part series on fraud and cyber risks for nonprofits. Click here to get each post emailed to you in the Digital Thinking newsletter. 

It's a love-hate relationship, this co-dependency we have with technology. When it works the way we think it should work, we love it. But when it doesn't, we spend countless hours figuring out ways to subvert it. 

At it's most basic, that's a waste of productive time that could better be spent learning how to actually use new technology and move forward. But sometimes, it can be a dangerous practice.

This is often the case with shadow databases - the existence of which can be everything from frustrating and inefficient to downright dangerous. 

What's a shadow database? Shadow databases are information maintained by individuals outside of a centralized, shared system. It may be information that your IT department (if you have one) doesn't even know you have; or it could be data pulled out of an existing database so it can be worked on independently. For example, a company uses a CRM system to keep track of clients and contacts, but individual employees maintain their own client lists separately that are not shared with others. Or, as in the case of many nonprofits, an organization uses a central donor/client management system but provides subsets of data to volunteers who do not have access to the primary software program.

And why not? We have willing volunteers and employees who are anxious to help, and who have a legitimate reason to need access to database information about members, customers, suppliers, or partners. We trust them and believe them to be well meaning. In the case of employees who take work home (how common is that?), the company benefits from the extra effort. So why squash it?

There are several reasons:

  • Data pulled out of an internal company system, like Sales Force or Donor Perfect, is now subject to be changed or corrupted. 
  • Individuals may change a spreadsheet to make it easier for them, eliminating fields or changing field names, entering data incorrectly. Any number of small changes could make it impossible for the data to be read back into the primary system automatically. At best, it could require manual effort to identify and update changes; at worst, the organization may never be aware of updates that are maintained by an individual employee or volunteer.
  • Most egregious, however, is security. Internal systems are protected with passwords, network security, permissioned-user authority levels and other control. Once extracted, that client/customer/member/partner data is now "in the wild" and protected by nothing more than the knowledge and willingness of the individual. As well meaning as they may be, most are not security specialists.

This is a lesson the Easter Seal Society of Superior California learned the hard way. The organization lost the health care information, date of birth, notes and other sensitive data for more than 3,000 clients in 2013 when thieves stole a laptop from the backseat of an employee's car. 

In cases like this, the nonprofit was probably not being targeted. They were just easy. The likely scenario is that thugs saw the laptop as a target of opportunity. Once they had it, they may not even have realized they had a valuable commodity to sell. But, whether the data was sold or the not, doesn't change the way the nonprofit must respond: Notify those whose records were exposed, potentially offer compensation such a fraud monitoring, and take the hit. 

The average cost of a data breach in 2014 was $145,000. Regardless of the underlying cause of the data breach, the odds are against your organization surviving one. Experian reports that 60 percent of businesses fail within six months of a data breach. For nonprofits, the loss of donor confidence can be unsurmountable. 

Don't think you can keep a data breach on the down low, either. Aside from being grossly unethical, in most states it's also illegal. There are both state and federal requirements that govern this as well as significant fines and potentially prosecution for failure to comply. 

What are your options?

Use cloud-based services that provide strong layers of security, permission-based access levels, dual-factor authentication and encryption. Running these critical applications on local servers if you don't have dedicated IT staff checking logs, updating virus descriptions, reading error files, and monitoring access, is actually less secure than having them securely online.

Whether locally or in the cloud, prevent the ability for even an authenticated user to download copies of the database.

Spend money where it matters. We always find ways to buy what we need. But when it comes to technology, we often scrimp, subvert and even cheat to avoid an expense. This is not the place to save. Get the licenses you need to do business securely. 

Don't give into what is easy. Standing your ground on security is often a tough sell: strong passwords that change every 60 days, limiting access to files, multiple layers of authentication to deal with. But employees who want to impress and volunteers who really want to help the organization, will also want to play their part in protecting you and in helping you do the right thing. 


Are you well-positioned to protect your sensitive data? Do you have a plan to remain secure but also to handle a breach or fraud situation when it arises? We can help.

Photo Source: cuteimage /123RF Stock Photo