Throughout 2020, nonprofits shifted their focus to online efforts. While this was a necessary action to keep the doors open throughout the pandemic, it also opened the doors for nonprofits to encounter cybersecurity threats.
During the height of the pandemic, 90% of companies said they had increased cyber attacks. Cyber threats aren’t unique to the for-profit sector either! Any vulnerability in your virtual systems could result in irreversible damage to your organization’s reputation and relationships with your supporters.
As we move forward into a future that continues to prioritize online activities with virtual and hybrid interactions, it’s important for nonprofit organizations to start putting into place the policies and procedures necessary to maintain secure data.
In this guide, we’ll cover some of the reasons that cybersecurity is so important for nonprofits and how it helps maintain relationships with your donors. Then, we’ll take a dive into five actionable tips pulled from Bloomerang’s comprehensive cybersecurity guide that you can use to start building out your own cybersecurity procedures.
Ready to learn more about the importance of cybersecurity and measures that you can take today for a safer system? Let’s get started.
Nonprofits make easy targets for cyber attacks.
Nonprofits are notoriously ineffective when it comes to establishing robust cybersecurity measures. This poor reputation for ensuring the security of online resources has made nonprofits a frequent target for cyber attacks.
In fact, statistics show that nonprofits are generally immensely underprepared to handle the risks associated with cybersecurity breaches:
- 38% of nonprofits don’t have a policy about how the organization handles cybersecurity risk, equipment usage, and data privacy.
- 68% of nonprofits don’t have documented policies to implement in case of cyber attack.
- 56% of nonprofits don’t employ multi-factor authorization to access key data.
Due to the frequent unpreparedness of nonprofit organizations, hackers with malicious intent often find this industry to be an easy target. They can take advantage of the mass amounts of information you save in your donor database, holding information for ransom, publishing private data publicly, stealing identities, or worse.
Unfortunately, there will always be people out there willing and ready to take advantage of others, especially others who have the best intentions. Don’t leave your organization at risk. Your supporters trust you to keep their data safe, so it’s your responsibility to do so.
Security is necessary to build donor trust.
Nonprofits that encounter security breaches often lose the valuable trust that they’ve worked so hard to build with their supporters. Put yourself in a supporter’s shoes for a moment:
You’ve been giving to a nonprofit for several years. Their mission is very close to your heart and you’ve just recently started to volunteer as well! However, one day you get a notification that your credit card has been swiped illegally, which means someone has stolen the information. Now, on top of calling the credit card company, disputing the charge, and getting a new card, you need to track down how someone got ahold of that sensitive information.
It turns out that your beloved nonprofit was hacked and several supporters’ information was stolen. The next time you consider submitting a donation, you’d likely worry about facing the same issue, so you instead choose to support another organization with a similar mission.
You know the incredible value of donor retention for your nonprofit. Why would you put that at risk by ignoring vulnerabilities that could permanently damage relationships with supporters?
Trust is essential to any relationship and relationships with your donors are no different. When they lose trust in your organization, your supporters are way less likely to continue contributing or engaging. Even worse, your organization could gain a reputation as untrustworthy, dissuading new supporters from engaging as well.
The good news is, your organization can take steps right now to help secure your supporters’ information. This shows them that you take their security seriously and helps build the essential trust necessary to foster these valuable relationships.
5 Cybersecurity Tips for Nonprofits
The best way to address cybersecurity concerns at your nonprofit is to proactively take steps to protect your data. There are a lot of security measures you can take, but we’ll cover five of the basic tips that all organizations should follow as they start prioritizing security measures.
Keep in mind that these tips are not the end-all-be-all for cybersecurity. They’re just the beginning to ensure your data is kept secure.
1. Assess your organization’s risk.
Regular security assessments can uncover previously unknown vulnerabilities in your nonprofit’s strategies. These assessments can either be done in-house or outsourced to a privacy professional. If you don’t have someone in-house whose expertise lies in cybersecurity, it might be a good idea to outsource this assessment.
Only by locating the vulnerabilities in your organization’s current systems can you start implementing policies to address those issues and prevent a breach.
2. Review password protocols with your team.
One of the most common vulnerabilities in most of our professional and personal lives is a lack of adequate password security. Do you use the same password for all of your accounts? Does that password contain a spouse’s name, pet’s name, or significant date? Those are some of the common pitfalls that individuals everywhere fall into when creating passwords.
Swoop’s password authentication guide provides the following password “do’s and don’ts” that can help guide protocols for setting passwords at your organization:
Proactively ensure your team is doing their part to secure the system by reviewing proper password protocols. Put policies in place to make sure that all team passwords:
- Are long enough. All passwords should be at least eight characters, but longer is always better. Randomized lists of characters are the most challenging to guess, but some people prefer passphrases or entire sentences for security.
- Don’t contain personal information. The above guide suggests not using dictionary words, but there is some debate in the industry about the security of passphrases. Either way, it’s always best to use a mix of uppercase and lowercase characters, numbers, and symbols rather than significant names, dates, or keyboard patterns.
- Are unique to the account. When you use the same password for every account, it greatly decreases the level of security for all of those accounts. If you’re worried about people losing or forgetting passwords, do some research about secure password managers that you can invest in for your staff members.
Clearly define the protocols and policies for your organization’s expectations regarding passwords. Then, review those protocols with your team, setting the expectation that everyone will follow your set best practices.
3. Update software ASAP.
When you receive a notification that it’s time to update your cell phone, do you make sure to update it as soon as possible or do you hit “ignore” until it’s convenient for you? The majority of people fall into the latter category. However, this is a poor practice for your personal devices as well as your nonprofit’s software.
Software updates often contain bug fixes and security patches necessary to maintain a secure system. The longer you avoid updates, the longer you leave your system vulnerable.
You likely have several software solutions in your arsenal of tools. This guide provides a sample of just some of the software solutions nonprofits invest in. When all of them require updates at various times, it can be incredibly tempting to hit “ignore” just as you might do with your phone.
Try assigning a single person at your organization to handle updates when they come up. That way, whenever anyone sees a potential update, they know who to contact to conduct it and you can ensure it’s done in a timely manner.
4. Get your SSL certificate.
You collect a lot of sensitive information via your organization’s website. Between event registration forms, donation pages, surveys, and newsletter subscriptions, those interested and engaged with your organization end up leveraging your website to contact and provide you with vital information.
Make sure that your website is a secure collecting ground for all of this vital information by obtaining your SSL certificate for the site.
This security measure is fairly inexpensive, providing encryption security measures on your site. You can tell when a website is secured by an SSL certificate because the URL will begin with “https” rather than “http.”
Not only is your SSL certificate an important security measure, but it can actually also help your nonprofit with your online presence in other ways. The Google algorithm prioritizes websites with the SSL certificate, making it more likely that your organization will perform well in SEO initiatives if you have this security element.
5. Manage user permissions for data access.
When you invest in nonprofit software, one of the features you likely saw when exploring various options is “user permissions” that allow you to restrict access to certain content among your team members.
Often, this might feel like a distrustful practice to implement at your organization. After all, you trust all of your staff members and should grant them equal access, right? However, user permissions are not necessarily about distrusting your organization’s staff. They are a security measure that all nonprofits should consider when they’re available.
Think about all of the important data you house in your organization’s system. In your donor database alone, you have donor names, contact information, addresses, and even their payment information. By restricting access to some of this sensitive information to only those who need it for their positions, you can ensure a greater level of security just in case something were to happen.
If someone hacks your system due to a weaker password among one of your teammates, and you don’t have user permissions, that hacker would have access to all of that vital information. On the other hand, if you have permissions set up, they would only have access to some of the data, allowing you to identify the issue and re-secure your system before irreparable damage is done.
Unfortunately, nonprofits have traditionally been easy targets for malicious cyber attacks. As organizations continue to rely more and more heavily on technology to maintain their various activities, cybersecurity becomes increasingly important in the industry.
A security breach can cause irreparable damage to your nonprofit as supporters lose trust in your organization to securely maintain their precious data. Start taking steps today to protect the important information you keep in your organization’s software system.
Author: Jay Love
Co-Founder and current Chief Relationship Officer at Bloomerang
He has served this sector for 33 years and is considered the most well-known senior statesman whose advice is sought constantly. He is a graduate of Butler University with a B.S. in Business Administration. Over the years, he has given more than 2,500 speeches around the world for the charity sector and is often the voice of new technology for fundraisers.