In addition to their many other duties, nonprofit leaders have a critical responsibility to protect the donor data they obtain during their fundraising efforts.
Donor data protection has become a key priority for today’s nonprofit leader. In addition to the day-to-day roles and responsibilities of shepherding their organization’s strategic vision, interfacing with the board, and managing teams and culture, executive directors and other nonprofit leaders often have a requirement to focus on fundraising. As individuals responsible for the fiscal health of their organizations, these leaders work diligently to raise funds from foundations, individual donors, and government sources. This enables them to gather key resources for their organization that subsequently enable them to pursue and accomplish their mission.
While the process of identifying sources for funding and ultimately cultivating donor relationships is the primary focus of an organization’s development strategy, donor data protection is also a component that requires attention.
Nonprofits store significant amounts of donor information, some of which are sensitive.
Storing donor data is not implicitly an issue. It’s actually a sound practice for nonprofits to collect and analyze donor information. When used effectively, these data can inform changes and improvements to fundraising strategy and approaches. Of course, contact information and demographic data are important to collect. Additionally, nonprofits that collect data on donor preferences, giving capacity, and affinity are able to use these philanthropic indicators to obtain a fuller understanding of their donors and the history and motivations for their giving. This allows fundraising professionals and nonprofit leaders the opportunity and means to stay connected to donor audiences and to strategically cultivate relationships and long-term sustainable giving.
Unfortunately, cybercriminals have set their sights on nonprofits and their data.
Similar to educational institutions like schools and districts, many nonprofit organizations have a treasure trove of valuable, and sometimes sensitive, data. Similarly, they also often lack the staffing or infrastructure that many corporations have to protect these assets. Because of this, cybercriminals are targeting nonprofits more and more because they have easier access to data that they can steal, sell, or hold for ransom.
The risks and impact of a data breach are high. In addition to the risk of a donor’s personal and financial information falling into the wrong hands, there is also a reputational risk that could potentially decrease an organization’s future philanthropic receivables if donors cannot trust that their information will be safeguarded.
Even as cybercriminals diversify their tactics, it is still possible for nonprofits to improve their security posture and better secure and protect their donor data. Here are four actions nonprofit leaders can take to do so:
- Enable multi-factor authentification whenever possible. Multi-factor authentification is a process by which users verify their identity multiple times before being able to access an account. Common options for additional identity verification, in addition to a username and password, include texts, emails, or phone calls containing an access code. Most staff will already be familiar with this process based on managing their own personal accounts. For example, most online banking platforms require two-factor authentification. While text, phone, and email verification can be effective, the use of an authenticator app is even more secure. Authenticator apps establish a secure connection between the app and the user’s account. From there, the app continuously generates new passcodes, sometimes as often as every 30 seconds.
- Use a password manager. Using a weak password, frequently re-using the same password, or sharing passwords in an unsecured manner increases the risk of data breaches. Creating a policy of using a password manager for securely sharing passwords and/or for generating complex, random passwords (and saving them) can increase account security in a relatively quick and easy manner.
- Update malware prevention and antivirus software. Computers and other devices are constantly being threatened by new viruses and malware. Ensuring that your organization’s devices have the most up-to-date software offers your accounts and ultimately your data the best protection possible.
- Host cybersecurity training for staff. Hosting clear, frequent, and engaging staff training is an essential component of securing your organization’s data. One point of entry is all a cybercriminal needs to gain access to your most sensitive information. Helping your staff understand the stakes of keeping data secure and their role in the process will give them the buy-in and the knowledge necessary to be a great first line of defense.
At CTS, we help nonprofit leaders prioritize donor data protection.
Executive directors, fundraising professionals, and other nonprofit leaders have a wide array of programmatic and operational responsibilities. When it comes to donor relationships, they are tasked with devising and executing a fundraising strategy, cultivating relationships, and sharing comprehensive and compelling stories and reports of their work. Our talented team of IT professionals can help with the strategies, actions, and training necessary to improve your organization’s security posture and protect your donors’ data so that you can focus on strategy and relationships. Contact us today to learn more about our services and how we can help your nonprofit accomplish its unique mission.