Skip to Main Content

What You Need to Know About Data Security for Nonprofits

9 min read
August 29, 2024
Abby Jarvis

Have you ever had your personal data compromised?

You probably have. Earlier this year, millions of people had their social security numbers and other personal information compromised in a massive data breach. There have been dozens of other similar breaches over the years and, even though each is different, they all share one thing in common—they’re a huge pain for everyone involved.

Your nonprofit won’t have millions of social security numbers or stored credit cards in your CRM. But you do still have information about your supporters in there, and it needs to be kept safe. That’s why data security for nonprofits is such an important topic.

If you’ve never really thought about data security for your nonprofit—or data security in general, honestly—this article is for you. We’ll cover the basics of securing your organization’s data, explain why it’s important, and look at some practical steps you can take to keep you (and your supporters!) safe from data leaks.

Why Is Data Security So Important for Nonprofits?

You need your community to trust you. That’s why you  focus on good communication—publishing your financial information on your website, sharing regular updates, and generally keeping your supporters in the know about what their support has helped accomplish.

Along with transparency around your finances and how you use them, keeping supporter information safe is another important way to build trust.

A data breach can damage people’s faith in your organization. If they don’t feel safe giving you their personal information or payment details, that can—very understandably!—lead to a drop in fundraising, an increase in your donor churn, and a tarnished reputation. 

But no matter how much that data breach harms your organizations, it will harm your supporters even more. If sensitive data like peoples’ contact information, financial details, and maybe even health records falls into the wrong hands, it can lead to identity theft, fraud, and other massive headaches.

You need to protect your supporters’ data—it keeps you safe, it keeps them safe, and it saves everybody a whole lot of hassle. 

But what steps can you take to get started?

7 Ways to Improve Data Security at Your Nonprofit

First, take a deep breath. “Data security” can sound intimidating, especially if you’ve never really had to think about it before.

Luckily, there are some practical steps you can take to start protecting your data right away. Here are some basic measures you can put in place today:

1. Educate Your Team

Bad news first: One of the most common reasons for data leaks are weak or stolen passwords. Lots of breaches come down to human error, like clicking on phishing emails or using passwords that are easily guessed.

The good news is that this means you can prevent a lot of issues with some simple staff education and training. Finding and sharing resources around cybersecurity and some simple best practices can help you and your team recognize potential threats and learn to avoid them. 

You’ve got options here. There are paid services out there—at Neon One, for example, we use a dedicated platform for annual training on cybersecurity and how to keep our clients’ data safe—but you may not need a full-blown data security tool. 

Even sharing videos about how to spot a phishing attack or encouraging voice-to-voice communication when someone gets a strange text message can help.

This is a screenshot of a phishing text message. It seems to be from the U.S. Post Office, but it includes a request to update the recipient’s address at a suspicious-looking URL.
Data security for nonprofits isn’t all about complicated technology requirements. Sometimes it can be as simple as raising awareness about password safety and how to spot phishing attempts, like this suspicious text message.

2. Set Strong Password Policies

Knowing how to choose a good password is an invaluable skill. Passwords are compromised all the time, and it can be shockingly easy for someone to guess them. 

To protect your data, you’ll want to set (and enforce!) strong password policies for your staff and anyone else who can access your data. Examples of these policies include:

  • Creating complex passwords that combine letters, numbers, and symbols
  • Using two-factor authentication whenever possible
  • Updating passwords regularly
  • Not reusing passwords
  • Never writing down passwords

Now, we get it—that’s complicated. How are you going to remember long, complex passwords if you have to change them all the time and can’t write them down?

Use a password manager! Services like LastPass, Bitwarden, or Google Password Manager let you store and manage your passwords in a single place using a single master password. You can have dozens of the strongest passwords imaginable, but you only have to remember one.

3. Encrypt Your Data When You Can

This is less something you have to do actively and more something to keep in mind when you’re evaluating the tools and services you use. 

If you’re not familiar with the term, encryption refers to a process that can protect your data from unauthorized access.

Data security for nonprofits is exceptionally important on things like your donation form. This is a screenshot of the final step of a donation process and, at the bottom of the interface, there appears a lock icon and the words “Secure Payment.” This is evidence that the payment process is encrypted, which keeps the donor’s payment information safe.
See that lock icon and the words “Secure Payment” at the bottom of this donation form? That’s a signal to the donor that their data will be encrypted, which prevents hackers and other bad actors from seeing their payment information.

We won’t get into the specifics but, when your data is encrypted, it is converted into a code that can only be deciphered with a specific key. Think of a very fancy digital decoder ring. This means that even if a hacker gains access to your data, they won’t be able to read it without the encryption key. 

Many cloud storage providers and email services offer built-in encryption options. Take a look at the platforms you use and see if you can opt to encrypt your data. This is possible for nonprofit websites, Microsoft Office files, emails, texts, and even Facebook messages!

4. Keep Your Software Updated

Software companies push security updates for a reason. Don’t ignore them! 

Whether you’re updating your computer, making sure you’ve got the latest version of Chrome, or installing updates to your website, keeping your software up to date is a huge part of protecting against cyber threats. 

Those software updates often include patches for security vulnerabilities that could be exploited by hackers. Make sure all of your operating systems (your computers and phones), applications and plugins (this can cover everything from your WordPress site to apps on your phone), and antivirus programs are up to date.

If you haven’t already, you may want to consider setting up automatic updates to reduce the risk of missing important patches.

You’ll want to check, but you might not have to do this with each and every piece of software you use. Some tools and applications (like Neon One’s products—not that we’re bragging, obviously) will automatically keep themselves updated.

5. Back Up Your Data

If you maintain your own servers, this is an especially important point. Regularly backing up your data is absolutely essential if you ever have to recover from a cyberattack or data loss. 

Ensure that all of your important data is backed up regularly and that those backups are stored securely. Test your backup system periodically to ensure that you can quickly restore your data if needed.

This probably isn’t a huge concern to you if you’re mostly relying on cloud-based tools or services. But if you’re one of the many nonprofits that relies on locally-stored data, this is definitely something to consider and plan for.

6. Limit Access to Sensitive Information

Not everyone in your organization needs access to all your data. 

That event volunteer doesn’t need to be able to get into your donor histories. Your website administrator doesn’t need access to your bookkeeping software. Your marketing manager may need to get into your nonprofit CRM but doesn’t need to be able to make changes to your payment processing account.

Try to limit everyone’s access only to what they actually need to do their job. This will help you reduce the risk of data breaches, and it will minimize the damage if someone’s password or account information is compromised. 

If someone manages to get ahold of your marketing manager’s CRM login, for example, at least they won’t be able to tamper with your ability to process donations.

Another important part of data security for nonprofits is limiting who can access your data, as is depicted in this screenshot of the Neon CRM interface. Here, someone is adding a new system user and choosing whether they should be an administrator, a user, or a limited user. They can also decide whether or not the new user should have API access.
When you give someone access to your nonprofit’s different tools and platforms, double-check their permissions. Not everyone should be an administrator, for example—you may want to limit which parts of the system they can access, view, or change.

7. Use Trusted Vendors

If you use third-party services for things like cloud storage, payment processing, managing donor data, or email marketing, make sure your vendors follow strong security practices. 

Ask about their security measures, including how they protect data, their encryption methods, and their compliance with relevant legal regulations. 

Data Security for Nonprofits Doesn’t Have to be Overwhelming

Improving your data security practices isn’t a one-time thing. It’s an ongoing process! 

People are tricky, and there are always new threats emerging. We don’t tell you that to freak you out—we just want you to remember that this is an important part of keeping yourself, your organization, and your community safe.

Start by assessing what you’re currently doing to keep your data safe and identifying areas for improvement. 

Can you do something simple, like setting a calendar reminder to have staff check for computer updates? If remembering complex passwords is hard, can you get people set up with a password manager? Those little steps can make a big difference! 

Remember, data security doesn’t just help protect your nonprofit’s information—it also protects the trust and confidence of your donors, your volunteers, your clients, and everyone else who interacts with you. 

When you take steps to keep your data safe, you’re protecting your organization and the people who work with you to make a difference.

Data Security Is Built into Neon CRM

If your brain shuts down when you read the phrase “Payment Card Industry Data Security Standard Compliance,” we have two pieces of good news for you. 

The first is that you’re not alone—very few people get excited about PCI compliance. The second is that Neon CRM handles PCI compliance for you so you never have to think about it.

Put simply, we follow a whole host of requirements that keep you, your donors, and your community safe so you can focus on other things.

Here’s a rundown of what PCI compliance is and how Neon CRM simplifies it for you.

Join the discussion in our Slack channel on connected fundraising

Looking to become a more connected nonprofit leader?

Join 73,000+ of your peers getting industry news, tips, and resources straight to their inbox.