Your nonprofit holds an important place in society. While it operates in much the same way as a commercial entity, your mission has the potential to make a significant impact on lives. However, to remain functional, your organization has to interact with the personal information of your donors. You’ll collect, use, and store everything from financial data to contact preferences.
Make no mistake, this data is as valuable as the funds you raise for your cause. Your donors trust you to respect their privacy and protect their data from unscrupulous actors while it's in your possession. Unfortunately, the more sensitive information your nonprofit holds, the more attractive a target it is to cybercriminals. This can not only leave your donors exposed, it also seriously damages their trust in your organization and potentially their willingness to keep supporting you.
We’re going to take a closer look at how your nonprofit can best secure donor information.
Tailor Your Security
Nonprofits experience some unique challenges that require agile solutions. The same applies to your approach to protecting donor data. To be most effective, you have to be prepared to tailor your protections to the needs of your organization.
This begins with gaining an in-depth understanding of how data is being used in your nonprofit. This can be an overwhelming area if you don’t personally have any expertise in the field. After all, donor data in nonprofits is sourced and utilized everywhere from representatives on the street speaking to the public to your marketing department building personas for your campaigns. It’s wise, therefore, to consult with a data analytics professional who has been trained in using data science to help organizations to optimize their operations. They will be able to gain a thorough overview of the various types of raw donor data being captured at specific points of your nonprofit. They’ll then categorize these in terms of what data is most sensitive and what it is currently being used for. From there, you can use this report as a guide to direct your cybersecurity priorities.
Wherever possible, you should also have a cybersecurity expert on staff full-time. This can help to ensure your efforts to protect donor data are agile and can be adapted as the needs and actions of your organization change. You’re unlikely to be successful in your efforts to secure this valuable information if you just apply a firewall and carry on as normal. The threats to your data will keep developing. Whenever new campaigns begin, new payment processing technology is adopted, or you hold a gala at a new venue, novel points of vulnerability will occur. Tailored security has to be a constant consideration.
Alongside common cybersecurity mistakes, one of the errors nonprofits make with donor data is there isn’t always enough clarity about how it should be handled. Much of the focus of operations in this regard is toward what it can be used for — do you have bank details for recurring donations, is the email address provided an up-to-date target for your newsletter? Making sure the data remains safe is too often an afterthought. You can be more effective if you create and communicate protocols that keep protection efforts an integrated part of all activities.
Often the most effective way to do this is through auditing all the actions of your nonprofit. Gather a team to pursue this — entry-level staff can be just as valuable as department heads here as they’ll have working knowledge on how donor data plays into their everyday roles. Go through the step-by-step process of all actions and identify the points at which data is collected, used, and stored. You can then start to formalize protocols around this. Clarify what type of data is appropriate to collect and store for each action. Elaborate on what information is to be kept for the long term, and what extraneous data should be safely disposed of. Build these into staff training so your workers can be empowered to understand and lock down any points of vulnerability.
The main cause of data breaches tends to be the fact that there is a lack of knowledge among leadership and staff about what the risks are and how to prevent them. Startlingly, a recent survey of nonprofits and NGOs found 43% said they did not give their staff routine cybersecurity training. As such, one of the best ways you can secure donor information is by educating your staff.
The main focus here is on your staff’s behavior. Guide them about what the common types of data-targeted attacks look like — how ransomware appears in their emails and what constitutes a strong device and software password. Give staff training on social engineering and the techniques criminals can use to persuade them that there is a legitimate reason to hand over data — posing as police and tax officials or a security employee of a donor’s bank.
It’s also important to just talk to your workers about other security tools you may be using. While you have a legal right to monitor your workers’ activities, it's equally important to do so without compromising their privacy. This is easier to do on business tools such as email and internet accounts. However, this can get tricky if staff are using their personal devices to work from home or at fundraising events that might require the installation of monitoring software. Your best approach is to talk openly about this with staff members. Discuss how the software will be used, why it is being used, and how to ensure it is not in use during their personal activities. This helps employees to feel more comfortable with the process and better able to support its use to strengthen security.
While donations are a valuable part of your nonprofit, donor data should be treated as equally vital. Take the time to develop cybersecurity that suits your needs and to craft clear handling protocols. Perhaps most importantly, a commitment to educating your staff can be key to making certain you can keep donors’ information secure and maintain their trust for years to come.
For more information on fundraising best practices please consider one of our educational fundraising webinars Tuesdays @ 11AM and Thursdays @ 1PM PT at Register Here.