{"id":1,"date":"2025-10-06T16:57:45","date_gmt":"2025-10-06T15:57:45","guid":{"rendered":"https:\/\/actuallydata.net\/craft\/?p=1"},"modified":"2025-11-25T15:26:28","modified_gmt":"2025-11-25T15:26:28","slug":"data-security-models","status":"publish","type":"post","link":"https:\/\/actuallydata.net\/craft\/data-security-models\/","title":{"rendered":"Creating an Effective Security Model for Charities:"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>How to approach it strategically before changing permissions.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one of the most defining.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A well-designed security model protects sensitive supporter data, builds trust, reduces admin load, and sets your team up for scalable growth. A poorly designed one creates confusion, bottlenecks, and risky shortcuts.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Too often, security is treated as a technical setup task at the end of a project. In reality, it\u2019s a <em>strategic design choice<\/em> that shapes how your people work, how data flows, and how your charity demonstrates good governance.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Although this article was sparked by a discussion among charities implementing <strong>Microsoft Dynamics<\/strong>, the principles apply to <em>any<\/em> CRM system eg: Salesforce, Beacon, Raiser\u2019s Edge, ThankQ, or any bespoke database. Whatever platform you use, the thinking is the same: start with people, build around groups, and document your governance clearly.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">1. Start with people, not permissions<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before you look at any security settings, take a step back and ask: <em>who are our users, and what do they need to do?<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Think in terms of <em>groups of responsibility<\/em> rather than individuals. It\u2019s easier to manage, easier to audit, and much more scalable.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Group<\/th><th>Typical Roles<\/th><th>Core Access Needs<\/th><th>Risks if Over-Granted<\/th><\/tr><\/thead><tbody><tr><td><strong>Read-Only Users<\/strong><\/td><td>Trustees, auditors, temporary contractors<\/td><td>View records and dashboards, no editing<\/td><td>Data leaks if export rights remain open<\/td><\/tr><tr><td><strong>Normal Users<\/strong><\/td><td>Fundraisers, service delivery staff, volunteers<\/td><td>Create and update records within their team<\/td><td>Cross-team edits causing errors<\/td><\/tr><tr><td><strong>Super Users<\/strong><\/td><td>Data champions, team leads<\/td><td>Wider access, bulk edits, report creation<\/td><td>Becoming accidental admins<\/td><\/tr><tr><td><strong>Administrators<\/strong><\/td><td>CRM or data managers<\/td><td>Configure system settings, users, integrations<\/td><td>Misconfiguration or data loss<\/td><\/tr><tr><td><strong>Super Administrators<\/strong><\/td><td>IT or external partners<\/td><td>Environment-level control, API keys, backups<\/td><td>Unchecked access, limited oversight<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">This five-tier model works in most systems, but it\u2019s not a rulebook. It\u2019s a framework for understanding <em>trust and responsibility<\/em>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2. Recognise that people wear more than one hat<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">One of the most common misconceptions about CRM security is that every person fits neatly into one role. They don\u2019t.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A fundraiser might also support events. A volunteer coordinator might help process donations. The Head of Fundraising might need both campaign data and financial reports.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Good CRM platforms handle this flexibility, users can belong to <em>multiple groups or roles<\/em>, each layering permissions on top of one another.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That layering allows for hybrid responsibilities, but it demands careful planning:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Be intentional:<\/strong> overlap roles only where it reflects real-world practice.<\/li>\n\n\n\n<li><strong>Document every exception:<\/strong> note why someone sits in more than one group.<\/li>\n\n\n\n<li><strong>Review regularly:<\/strong> as responsibilities change, so should their access.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Think of your security model like an orchestra. Each section (group) plays its part, but some musicians double on instruments when needed. The key is harmony, not chaos.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Ask the right questions early<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before building your first permission set, gather your project team and ask:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Theme<\/th><th>Strategic Questions<\/th><\/tr><\/thead><tbody><tr><td><strong>Governance<\/strong><\/td><td>Who owns data quality? Who approves access changes?<\/td><\/tr><tr><td><strong>Segmentation<\/strong><\/td><td>Should fundraising, volunteering, and service teams see the same contacts?<\/td><\/tr><tr><td><strong>Compliance<\/strong><\/td><td>How will you manage right-to-be-forgotten or access requests?<\/td><\/tr><tr><td><strong>Support<\/strong><\/td><td>Who trains new users and removes leavers?<\/td><\/tr><tr><td><strong>Auditability<\/strong><\/td><td>How will you track who changed what and when?<\/td><\/tr><tr><td><strong>Scalability<\/strong><\/td><td>What happens when the team doubles or restructures?<\/td><\/tr><tr><td><strong>External Access<\/strong><\/td><td>Will agencies or partners need temporary access, and how will you manage that safely?<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">These questions are not about software configuration they\u2019re about your <em>operating model<\/em> and <em>data culture<\/em>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Use groups and teams rather than individuals<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Whatever CRM you use, permissions can usually be grouped by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Role-based access<\/strong> (what someone can do)<\/li>\n\n\n\n<li><strong>Team or department access<\/strong> (where they can do it)<\/li>\n\n\n\n<li><strong>Record ownership<\/strong> (whose data it is)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019s tempting to fine-tune individuals. Resist that urge. Assign access via <strong>roles and teams<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>The benefits:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Consistency:<\/strong> people doing the same job have the same rights.<\/li>\n\n\n\n<li><strong>Efficiency:<\/strong> onboarding and offboarding are quick and reliable.<\/li>\n\n\n\n<li><strong>Audit clarity:<\/strong> reviewing five roles is easier than reviewing fifty users.<\/li>\n\n\n\n<li><strong>Future-proofing:<\/strong> structures can evolve without manual rebuilds.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Working with groups also supports your GDPR accountability, it\u2019s much easier to demonstrate that permissions are \u201cappropriate and proportionate\u201d when they\u2019re structured and documented.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<div class=\"wp-block-uagb-image uagb-block-02804f88 wp-block-uagb-image--layout-default wp-block-uagb-image--effect-static wp-block-uagb-image--align-none\"><figure class=\"wp-block-uagb-image__figure\"><img decoding=\"async\" srcset=\"https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/pexels-photo-7947842-7947842-1024x683.jpg ,https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/pexels-photo-7947842-7947842-scaled.jpg 780w, https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/pexels-photo-7947842-7947842-scaled.jpg 360w\" sizes=\"auto, (max-width: 480px) 150px\" src=\"https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/pexels-photo-7947842-7947842-1024x683.jpg\" alt=\"Close-up image of a business strategy chart on paper showing stages and feasibility.\" class=\"uag-image-1826\" width=\"1024\" height=\"683\" title=\"pexels photo 7947842 7947842\" loading=\"lazy\" role=\"img\"\/><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">5. Document, document, document<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Security design decisions need to be written down not left in emails or memory.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Document Type<\/th><th>Purpose<\/th><th>Maintained By<\/th><\/tr><\/thead><tbody><tr><td><strong>Security Model Overview<\/strong><\/td><td>Summary of groups, roles, and their hierarchy.<\/td><td>CRM Manager<\/td><\/tr><tr><td><strong>Access Matrix<\/strong><\/td><td>Which group can perform which action (create, read, update, delete).<\/td><td>Data or System Admin<\/td><\/tr><tr><td><strong>Role Assignment Log<\/strong><\/td><td>Who belongs to which group(s) and why.<\/td><td>HR or IT<\/td><\/tr><tr><td><strong>Access Request Workflow<\/strong><\/td><td>Defines how access is requested, approved, and removed.<\/td><td>Governance Lead<\/td><\/tr><tr><td><strong>Audit &amp; Review Schedule<\/strong><\/td><td>Specifies how often access is reviewed (quarterly or bi-annually).<\/td><td>DPO or Data Governance Lead<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">You don\u2019t need complex tooling. Even a shared spreadsheet or Confluence page can provide essential traceability.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Decision-making and audit<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Every change in access should leave a <strong>decision trail<\/strong>:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Request<\/strong> \u2014 logged through a form or ticket.<\/li>\n\n\n\n<li><strong>Approval<\/strong> \u2014 authorised by a role owner, not the requester.<\/li>\n\n\n\n<li><strong>Implementation<\/strong> \u2014 applied by a system admin.<\/li>\n\n\n\n<li><strong>Verification<\/strong> \u2014 checked for accuracy and logged.<\/li>\n\n\n\n<li><strong>Review<\/strong> \u2014 included in your regular audit cycle.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Enable your CRM\u2019s <strong>audit logging<\/strong> or <strong>change history<\/strong> for high-risk entities (contacts, donations, consents).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Key tips:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Apply the <strong>principle of least privilege<\/strong>, grant only what\u2019s necessary.<\/li>\n\n\n\n<li>Use role rotation or multi-approval for administrator rights.<\/li>\n\n\n\n<li>Keep a quarterly \u201caccess attestation\u201d process where managers confirm team permissions.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Auditing isn\u2019t about suspicion. It\u2019s about building trust and stewardship.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">7. When staff are multifaceted just like your supporters<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Just as supporters can be donors, volunteers, and campaigners, staff also cross boundaries.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Your security model should reflect this overlap without overcomplicating it.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Use additive roles:<\/strong> a user in <em>Fundraising Member<\/em> and <em>Events Coordinator<\/em> groups inherits both sets of permissions.<\/li>\n\n\n\n<li><strong>Define ownership clearly:<\/strong> which department owns which data?<\/li>\n\n\n\n<li><strong>Communicate boundaries:<\/strong> help staff understand where their visibility ends.<\/li>\n\n\n\n<li><strong>Automate transitions:<\/strong> link HR joiner-mover-leaver processes to your CRM if possible.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Test scenarios that mirror real life:<br>\u201cWhat can Jane see if she\u2019s both Fundraising and Comms?\u201d<br>\u201cWhat happens when the CEO joins Leadership and Finance groups?\u201d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Good systems handle these overlaps, great governance makes them intentional.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Best practice and further reading<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Whether you\u2019re using Dynamics, Salesforce, Beacon, or anything else, these resources provide useful guidance:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Source<\/th><th>Focus<\/th><th>Link<\/th><\/tr><\/thead><tbody><tr><td><strong>Microsoft Learn: Security Model Overview<\/strong><\/td><td>Clear explanation of roles, teams, and layered permissions.<\/td><td><a href=\"https:\/\/learn.microsoft.com\/en-us\/dynamics365\/get-started\/security\">https:\/\/learn.microsoft.com\/en-us\/dynamics365\/get-started\/security<\/a><\/td><\/tr><tr><td><strong>Salesforce Role Hierarchies Guide<\/strong><\/td><td>Explains layered and team-based security.<\/td><td><a href=\"http:\/\/help.salesforce.com\">help.salesforce.com<\/a><\/td><\/tr><tr><td><strong>NCVO Digital Guides<\/strong><\/td><td>Practical and step-by-step guidance to make the best use of digital tools and processes to help your charity, organisation or community group<\/td><td><a href=\"https:\/\/www.ncvo.org.uk\/help-and-guidance\/digital-technology\/\">https:\/\/www.ncvo.org.uk\/help-and-guidance\/digital-technology\/<\/a><\/td><\/tr><tr><td><strong>Information Commissioner\u2019s Office (ICO)<\/strong><\/td><td>GDPR guidance on access control and data minimisation.<\/td><td><a href=\"http:\/\/ico.org.uk\">ico.org.uk<\/a><\/td><\/tr><tr><td><strong>Actually Data Analytics \u2013 Data Quality Framework<\/strong><\/td><td>Six dimensions of data quality to underpin governance and audit.<\/td><td><a href=\"https:\/\/actuallydata.net\/craft\/resource\/data-quality-audit-checklist\/\" data-type=\"resource\" data-id=\"1698\">actuallydata.net<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Each reinforces the same truth: a strong security model is as much about <em>culture and clarity<\/em> as it is about configuration.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">9. The benefits of getting this right<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When your security model is group-based, documented, and layered, you gain:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Confidence and compliance<\/strong> \u2014 roles are auditable and easy to review.<\/li>\n\n\n\n<li><strong>Reduced admin load<\/strong> \u2014 access changes are quick and repeatable.<\/li>\n\n\n\n<li><strong>Cleaner data<\/strong> \u2014 people only edit what they\u2019re responsible for.<\/li>\n\n\n\n<li><strong>Empowered teams<\/strong> \u2014 clarity builds confidence, not constraint.<\/li>\n\n\n\n<li><strong>Scalability<\/strong> \u2014 new functions or systems can slot into the same model.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Most importantly, your CRM reflects your charity\u2019s values: trust, transparency, and good stewardship.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Practical next steps<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You don\u2019t need a huge project to get started. Begin today with:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>List your user groups<\/strong> using the five-tier model as a foundation.<\/li>\n\n\n\n<li><strong>Identify overlaps<\/strong> where staff hold more than one hat.<\/li>\n\n\n\n<li><strong>Document permissions<\/strong> in a simple matrix.<\/li>\n\n\n\n<li><strong>Create an approval workflow<\/strong> for new access requests.<\/li>\n\n\n\n<li><strong>Pilot the structure<\/strong> in a test or sandbox environment.<\/li>\n\n\n\n<li><strong>Train and communicate<\/strong> so everyone understands <em>why<\/em> as well as <em>what<\/em>.<\/li>\n\n\n\n<li><strong>Schedule reviews<\/strong>  your structure should evolve with your people.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Closing reflection<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Security isn\u2019t about locking people out. It\u2019s about letting the right people in! With the right tools, to do the right work, safely.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Charities that design security as a <em>strategic enabler<\/em> build CRMs that work <em>with<\/em> people, not against them.<br>They protect supporter trust, empower staff, and make governance visible.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Whether you use Dynamics, Salesforce, Beacon, or anything else, start with people, define clear groups, and document your decisions. Your future self and your auditors will thank you.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Can we help?<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019re reviewing your CRM security model or planning a system change, Actually Data Analytics can help you build frameworks that balance access, governance, and agility.<br>Explore our <strong><a data-type=\"category\" data-id=\"16\" href=\"https:\/\/actuallydata.net\/craft\/category\/governance\/\">Data Quality and Governance<\/a><\/strong> posts, or sign up for <strong><a data-type=\"page\" data-id=\"1653\" href=\"https:\/\/actuallydata.net\/craft\/resources\/\">CRAFT Signals<\/a><\/strong> to gain access to templates and checklists that strengthen your data foundations for free.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>How to approach it strategically before changing permissions. Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1818,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","pmpro_default_level":"","_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[16],"tags":[19,18,17],"class_list":["post-1","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-governance","tag-crm","tag-ms-dynamcis","tag-security","pmpro-has-access"],"acf":[],"aioseo_notices":[],"uagb_featured_image_src":{"full":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-scaled.jpg",2560,1707,false],"thumbnail":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-150x150.jpg",150,150,true],"medium":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-300x200.jpg",300,200,true],"medium_large":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-768x512.jpg",768,512,true],"large":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-1024x683.jpg",1024,683,true],"1536x1536":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-1536x1024.jpg",1536,1024,true],"2048x2048":["https:\/\/actuallydata.net\/craft\/wp-content\/uploads\/2025\/10\/security-protection-anti-virus-software-60504-60504-2048x1365.jpg",2048,1365,true]},"uagb_author_info":{"display_name":"Ant","author_link":"https:\/\/actuallydata.net\/craft\/author\/oxnwcv\/"},"uagb_comment_info":0,"uagb_excerpt":"How to approach it strategically before changing permissions. Security isn\u2019t the glamorous part of a CRM implementation. But it\u2019s one [&hellip;]","_links":{"self":[{"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/posts\/1","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/comments?post=1"}],"version-history":[{"count":0,"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/posts\/1\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/media\/1818"}],"wp:attachment":[{"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/media?parent=1"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/categories?post=1"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/actuallydata.net\/craft\/wp-json\/wp\/v2\/tags?post=1"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}