Your fundraising efforts are driven by the personal and financial data that your organization collects from donors. Whether that’s done through registrations, payments, or communications, your systems are retaining private information. That same data is crucial for retaining donors, fueling your outreach, and building relationships within your community.
However, storing your supporters’ sensitive data comes with inherent risk. Unfortunately, public data leaks and privacy breaches harm all types of organizations, and nonprofits are among the groups frequently targeted.
If personal information, such as addresses and credit card numbers, is compromised, there’s a huge chance you’ll also lose your relationships with those donors, as well as your nonprofit’s good standing. Sadly, once this happens, it’s hard to rebuild trust with supporters.
When you collect donor data, you automatically assume risk. This means your nonprofit needs to be proactive about the data security measures you’re taking.
Data protection is crucial, especially when dealing with financial information in your nonprofit payment processor. Your donors can experience serious harm if something goes wrong. At iATS we’ve identified crucial steps to consider when weighing security measures for your nonprofit’s data assets. These include:
- Implementing a payment processor with high-security measures
- Practicing good data hygiene
- Educating your team about nonprofit cybersecurity
With these simple yet effective actions, your team and your supporters can have peace of mind that donor information is protected.
Implementing a payment processor with high-security measures
Your payment processor is a main point of attack for hackers. Before your team invests in a nonprofit payment processor, you need to make sure all of the payment data collected and stored from your donors is kept safe.
Data privacy should be of paramount concern to your organization. To proactively fight against data leaks, do your research on each payment processor option,its reputation, and itsthe additional security measures. It’s also crucial to look up a record of frequent bug fixes for each processor.
Your processor needs to go the extra mile when it comes to securing against personal and financial data leaks. Protection against hacking is imperative, especially in an age where it’s easy for hackers to find you. Make sure your processor has these protection and security options:
- Tokenization and Encryption Features. This security measure hides card information as it’s used throughout the payment process. This protects the user’s sensitive personal and financial data.
- Payment Card Industry Compliance. Payment Card Industry (PCI) Data Security Standards (DSS) are crucial security guidelines created by credit card companies to ensure that those who take payments meet specific security standards. Because you’re processing donations, your payment processor needs to meet PCI Compliance. For example, our iATS Payments solution is Level 1 PCI Compliant.
- Fraud Protection Tools. Look into additional fraud security tools to further protect your nonprofit donation processing. See which tools your nonprofit can customize to get the most out of your payment software investment.
- GDPR and SHIELD Mandates. Last but not least, for optimal data protection, make sure the software providers you’re considering are up to the standards of these data protection mandates. Educate your organization’s staff on these guidelines to ensure everyone is doing their part to secure your data.
With the checklist mentioned above, your supporters and your staff can rest assured that you’re doing all you can to keep your data secure and private. If your own payment processor doesn’t have these items, it’s urgent to make a switch.
Practicing good data hygiene
Once you have ensured a secure payment process, you should begin to clean your existing data. It’s recommended that you conduct a data privacy audit for the sensitive information already in your system before implementation. The best practices for doing so isare to follow this maxim: only ask for intentional data.
Determine which types of data are crucial for your organization’s benefit. If you find you’re holding onto extraneous sensitive data, it’s a good idea to destroy it properly. Here’s how you can begin to clean up your data:
- Make a list of each category of personal information you have stored.
- Determine a reason for storing each piece of data.
- Figure out where your data is stored across your organization—for example, smartphones, computer files, email, databases, etc. Don’t forget external drives and physical files!
Once you’ve compiled all the information you’ve previously stored, then make a data security plan. Address how long it will be necessary for the pieces of information to be stored. If you don’t foresee using email addresses in a decade, make a plan to reassess as time goes on.
Be sure your team has a contingency plan.
Unfortunately, your team also needs a game plan for how you’ll react in the case of a data hack. It can happen to anyone, even nonprofit organizations with the best security protocols.
Determine how you’ll reach out to those whose information you have on file, and how you’ll work with them to rectify the issue at hand. According to Bloomerang’s nonprofit cybersecurity guide, close to 70% of all nonprofit organizations don’t have documentation on how they’d react to a data breach—you do not want to be a part of this harrowing statistic.
Remain informed about data changes and updates.
We’ll get more into this in the next section. However, it’s a crucial part of maintaining data hygiene. Commit to educating yourself and your team about legal changes and best practices for storage and protection.
Creating a data hygiene plan is not done overnight. Be sure you’re revisiting your methods, as well as doing all that you can to protect your supporters’ sensitive information.
Educating your team about nonprofit cybersecurity
One of the best things your organization can do to protect your clients is to educate yourselves on the topic. However, this does not mean your work stops after a few seminars. Continue to watch for updates, periodically review best practices, and ensure your data is organized and accounted for.
Providing your organization’s team with the necessary tools and resources for a data breach crisis is of the utmost importance. Knowing just how to recognize a breach, assess the damage, and take action will mitigate harm. You can enforce the following:
- Have your staff update their passwords every six months or less
- Create a step-by-step guide of how to react to a CRM hack
- Use reputable payment processors and communications platforms
In addition to these items, there are a number of beneficial resources for your team’s data privacy and security education:
- Hackers for Charity - This resource is a group of people who know about data security. They are skilled hackers working for the greater good by helping nonprofits like yours assess and improve their online security. They can catch faults and strengthen your data protection.
- Elevation’s Free Data Privacy Webinar for Nonprofits - This helpful video can instruct your team on the best practices for evaluating risk. Find out what is needed to achieve data compliance in 2021 for your organization.
There are many ways to learn about data protection and to take stock of where your own organization stands. Don’t let this critical issue slip under the rug, as hackers are getting smarter, and sensitive financial information is always at risk.
In 2021, assessing and updating your data privacy should be one of your top priorities. Your donors count on you to protect their sensitive information and are vulnerable to any steps you may miss in securing your data. Keeping your team updated on best practices for protecting donor data is in your own best interest.