Data breaches are an unfortunate part of doing business these days. It seems like every day we hear of a new and increasingly serious cyber-attack, like the recent Marriott breach. While bigger companies certainly make bigger targets, smaller businesses and nonprofit organizations are no less vulnerable.
Keeping your donors’ personal data safe is critical to maintaining good relationships, but few nonprofits have a bottomless budget for security. How can you help your donors feel safe and confident without spending all your funds on data protection? It’s simpler than it sounds.
Software updates are one of the most fundamental parts of a good security strategy. Unfortunately, they’re also one of the most frequently skipped. Many people view updates as inconvenient time-wasters, without realizing that they often contain critical patches for security holes.
Updates are especially important if your site is built on WordPress. WordPress is a very popular platform—for all types of nonprofit organizations—which makes it a very popular target for hackers. They will find a way to take advantage of an out-of-date installation. And, perhaps not surprisingly, nearly a third of WordPress-powered sites use an outdated and vulnerable version of the platform.
Make sure any financial or otherwise sensitive information, including donor names, is stored in an encrypted database. Financial numbers, passwords and all other information should never be stored in plain text. With encryption, if your other security measures fail and an attacker does get access to your records, they (hopefully) won’t be able to do anything with them.
This is both your last line of defense and the single most important thing you can do to protect the privacy of your donors. If your organization can’t afford to store and maintain customer data onsite, plenty of cloud-based storage sites offer high-level security at reasonable prices.
Make sure your office network is encrypted and secure, and never use public networks to access business materials. If you aren’t sure where to start, an encrypted Virtual Private Network (VPN) is one of the most secure ways to access your nonprofit’s network.
A VPN is a cloud-based network that allows employees in your nonprofit to access a secure connection no matter where they are. This helps ensure that information sent to and from the company servers is safe from prying eyes. It’s also a great productivity boost. Workers can securely access company resources from any location, enabling remote work with the same privacy and security features you’d have at the office.
Many people default to extremely insecure passwords—and who can blame them? When you have dozens of accounts, it seems like a great idea to either use the same password for all accounts or use simple, easy-to-remember passwords. While you can’t have a say in what your donors use as passwords elsewhere on the web, you can still do your part by requiring strong passwords on your site to help protect your donor from identity theft. Passwords that require numerals and symbols in addition to letters are good, as are longer passwords, so set these as requirements when users set up their accounts.
One thing you don’t want to do is require regular password changes. Surprisingly, this can cause users to choose less-secure passwords due to the perceived nuisance of constantly changing them. There’s a fine line to walk between secure and inconvenient, of course, but with major cybercrimes as common as they are, it’s probably best to be overly cautious.
Whether you’ve been doing this work for years or you’re new to the nonprofit game, protecting your donors is paramount to building trust. Implement these tips and you’ll be well on your way.