Safeguarding Your Donor Data: Best Practices for Nonprofits
The importance of donor data
When collected and managed properly, data can be a huge asset to your organization. Particularly in removing guesswork in decision making since data can help your organization make decisions based on facts and trends. However, when using a data-driven approach to fundraising one of the most important aspects is determining how the data be secured.
Risks associated with collecting donor data
Due to the risk that comes with collecting and managing your donor data, your nonprofit needs to take steps to ensure the security of the information stored in your donor management system. We’re sure that many of you have heard of, or even been personally impacted by a data breach. When there is a data breach, the damage caused by these types of attacks are generally highly publicized and very difficult for any organization to recover from. That’s why it’s so important to implement security measures to keep your donor data safe.
Challenges for nonprofits to secure their data
Safeguarding your supporters' information and protecting it against unauthorized access is one of the most important priorities. Nonprofits collect and store sensitive information such as donor contact information, financial details, and other personal data. This information is worth a great deal to cybercriminals which makes nonprofits a target for cyber attacks. And many times without enough staff, resources, information technology expertise and finances to beef up security, makes organizations vulnerable. Furthermore, many organizations do not have dedicated full-time staff, and there may be many volunteers given access to the data.
Another challenge for organizations is that they may not have a dedicated method to collect their data, or they do not have policies or procedures around data management. Many have a collection of files, forms, and spreadsheets with a variety of details about people that support their organization, but they don’t have the tools to store their data in one central location which also makes it more vulnerable to a data leak.
Best practices to protect your donor data
Even though there are challenges for organizations to protect their data, there are some things that you can do. So even if your organization is a small shop, or new to collecting data, here are some best practices to protect your supporter’s information regardless of how your organization manages and stores your donor data.
Training staff and volunteers. It is important that organizations provide their staff and volunteers with the basic training they need to protect their systems. Even if it is just reviewing how to protect confidential information such as locking your computer if they step away, will help create a safer environment for your organization’s data.
Develop policies and procedures. Your team should establish standards for how the data will be entered, and who will be responsible for entering the data. Policies and procedures will help create consistency throughout the entire organization.
Use strong passwords or two-factor authentication. One of the most common passwords in the world is “password.” And despite many recommendations from IT professionals many people fail to create strong and unique passwords. Even if your team uses spreadsheets, make sure they are encrypted with a secure password, or if you’re using donor management software enabling two-factor authentication, which requires two forms of identification, when logging into the application.
Define user roles and permissions. Everyone in your organization does not need access to all of your data. Some may have access to all the data in the application, while others may only have access to summarized data without any confidential information. These roles can be determined in your policies and procedures. For example, an Executive Director may have access to all confidential information, while certain volunteers may only have permission to generate reports and are not permitted to view donor data.
Collect necessary information. Sometimes it can be tempting to collect as much information as possible about people that support your organization. However, it is best to collect the information that your organization actually needs to reach its fundraising goals.
Use straightforward technology solutions. If an organization is using a tool that is not user friendly, has a steep learning curve, and does not have adequate documentation it will be really challenging to operate and secure.
Backup data regularly. Backing up your data means having a copy of your files in an alternative location. Data loss can happen for any number of reasons. It is imperative that your team is able to restore your organization’s data in the event of data loss.
Data can be one of your organization’s most valuable assets and it must be protected as such. Keeping donor data safe is essential for nonprofits to not only build relationships with their supporters, but keep their trust.
If your organization is interested in learning more about finding a solution to secure your data we can help. Our donor management system Chronicle is secure, user-friendly and developed for small grassroots organizations.