Have you ever had your personal data compromised?
You probably have. Earlier this year, millions of people had their social security numbers and other personal information compromised in a massive data breach. There have been dozens of other similar breaches over the years and, even though each is different, they all share one thing in common—they’re a huge pain for everyone involved.
Your nonprofit won’t have millions of social security numbers or stored credit cards in your CRM. But you do still have information about your supporters in there, and it needs to be kept safe. That’s why data security for nonprofits is such an important topic.
If you’ve never really thought about data security for your nonprofit—or data security in general, honestly—this article is for you. We’ll cover the basics of securing your organization’s data, explain why it’s important, and look at some practical steps you can take to keep you (and your supporters!) safe from data leaks.
Why Is Data Security So Important for Nonprofits?
You need your community to trust you. That’s why you focus on good communication—publishing your financial information on your website, sharing regular updates, and generally keeping your supporters in the know about what their support has helped accomplish.
Along with transparency around your finances and how you use them, keeping supporter information safe is another important way to build trust.
A data breach can damage people’s faith in your organization. If they don’t feel safe giving you their personal information or payment details, that can—very understandably!—lead to a drop in fundraising, an increase in your donor churn, and a tarnished reputation.
But no matter how much that data breach harms your organizations, it will harm your supporters even more. If sensitive data like peoples’ contact information, financial details, and maybe even health records falls into the wrong hands, it can lead to identity theft, fraud, and other massive headaches.
You need to protect your supporters’ data—it keeps you safe, it keeps them safe, and it saves everybody a whole lot of hassle.
But what steps can you take to get started?
7 Ways to Improve Data Security at Your Nonprofit
First, take a deep breath. “Data security” can sound intimidating, especially if you’ve never really had to think about it before.
Luckily, there are some practical steps you can take to start protecting your data right away. Here are some basic measures you can put in place today:
1. Educate Your Team
Bad news first: One of the most common reasons for data leaks are weak or stolen passwords. Lots of breaches come down to human error, like clicking on phishing emails or using passwords that are easily guessed.
The good news is that this means you can prevent a lot of issues with some simple staff education and training. Finding and sharing resources around cybersecurity and some simple best practices can help you and your team recognize potential threats and learn to avoid them.
You’ve got options here. There are paid services out there—at Neon One, for example, we use a dedicated platform for annual training on cybersecurity and how to keep our clients’ data safe—but you may not need a full-blown data security tool.
Even sharing videos about how to spot a phishing attack or encouraging voice-to-voice communication when someone gets a strange text message can help.
2. Set Strong Password Policies
Knowing how to choose a good password is an invaluable skill. Passwords are compromised all the time, and it can be shockingly easy for someone to guess them.
To protect your data, you’ll want to set (and enforce!) strong password policies for your staff and anyone else who can access your data. Examples of these policies include:
- Creating complex passwords that combine letters, numbers, and symbols
- Using two-factor authentication whenever possible
- Updating passwords regularly
- Not reusing passwords
- Never writing down passwords
Now, we get it—that’s complicated. How are you going to remember long, complex passwords if you have to change them all the time and can’t write them down?
Use a password manager! Services like LastPass, Bitwarden, or Google Password Manager let you store and manage your passwords in a single place using a single master password. You can have dozens of the strongest passwords imaginable, but you only have to remember one.
3. Encrypt Your Data When You Can
This is less something you have to do actively and more something to keep in mind when you’re evaluating the tools and services you use.
If you’re not familiar with the term, encryption refers to a process that can protect your data from unauthorized access.
We won’t get into the specifics but, when your data is encrypted, it is converted into a code that can only be deciphered with a specific key. Think of a very fancy digital decoder ring. This means that even if a hacker gains access to your data, they won’t be able to read it without the encryption key.
Many cloud storage providers and email services offer built-in encryption options. Take a look at the platforms you use and see if you can opt to encrypt your data. This is possible for nonprofit websites, Microsoft Office files, emails, texts, and even Facebook messages!
4. Keep Your Software Updated
Software companies push security updates for a reason. Don’t ignore them!
Whether you’re updating your computer, making sure you’ve got the latest version of Chrome, or installing updates to your website, keeping your software up to date is a huge part of protecting against cyber threats.
Those software updates often include patches for security vulnerabilities that could be exploited by hackers. Make sure all of your operating systems (your computers and phones), applications and plugins (this can cover everything from your WordPress site to apps on your phone), and antivirus programs are up to date.
If you haven’t already, you may want to consider setting up automatic updates to reduce the risk of missing important patches.
You’ll want to check, but you might not have to do this with each and every piece of software you use. Some tools and applications (like Neon One’s products—not that we’re bragging, obviously) will automatically keep themselves updated.
5. Back Up Your Data
If you maintain your own servers, this is an especially important point. Regularly backing up your data is absolutely essential if you ever have to recover from a cyberattack or data loss.
Ensure that all of your important data is backed up regularly and that those backups are stored securely. Test your backup system periodically to ensure that you can quickly restore your data if needed.
This probably isn’t a huge concern to you if you’re mostly relying on cloud-based tools or services. But if you’re one of the many nonprofits that relies on locally-stored data, this is definitely something to consider and plan for.
6. Limit Access to Sensitive Information
Not everyone in your organization needs access to all your data.
That event volunteer doesn’t need to be able to get into your donor histories. Your website administrator doesn’t need access to your bookkeeping software. Your marketing manager may need to get into your nonprofit CRM but doesn’t need to be able to make changes to your payment processing account.
Try to limit everyone’s access only to what they actually need to do their job. This will help you reduce the risk of data breaches, and it will minimize the damage if someone’s password or account information is compromised.
If someone manages to get ahold of your marketing manager’s CRM login, for example, at least they won’t be able to tamper with your ability to process donations.
7. Use Trusted Vendors
If you use third-party services for things like cloud storage, payment processing, managing donor data, or email marketing, make sure your vendors follow strong security practices.
Ask about their security measures, including how they protect data, their encryption methods, and their compliance with relevant legal regulations.
Data Security for Nonprofits Doesn’t Have to be Overwhelming
Improving your data security practices isn’t a one-time thing. It’s an ongoing process!
People are tricky, and there are always new threats emerging. We don’t tell you that to freak you out—we just want you to remember that this is an important part of keeping yourself, your organization, and your community safe.
Start by assessing what you’re currently doing to keep your data safe and identifying areas for improvement.
Can you do something simple, like setting a calendar reminder to have staff check for computer updates? If remembering complex passwords is hard, can you get people set up with a password manager? Those little steps can make a big difference!
Remember, data security doesn’t just help protect your nonprofit’s information—it also protects the trust and confidence of your donors, your volunteers, your clients, and everyone else who interacts with you.
When you take steps to keep your data safe, you’re protecting your organization and the people who work with you to make a difference.
Data Security Is Built into Neon CRM
If your brain shuts down when you read the phrase “Payment Card Industry Data Security Standard Compliance,” we have two pieces of good news for you.
The first is that you’re not alone—very few people get excited about PCI compliance. The second is that Neon CRM handles PCI compliance for you so you never have to think about it.
Put simply, we follow a whole host of requirements that keep you, your donors, and your community safe so you can focus on other things.
Here’s a rundown of what PCI compliance is and how Neon CRM simplifies it for you.
Join the discussion in our Slack channel on connected fundraising