How does your Nonprofit Organization protect the identity of those you serve?

Whether your business is big or small, data privacy is a concern for everyone – and nonprofits are no exception. By implementing effective cybersecurity, and becoming aware of legal concerns related to protecting sensitive information, you can keep your nonprofit safe and mission-focused.

Data security is an essential area to become familiar with if you're a nonprofit leader and are responsible in part for operations. In fact, research shows that roughly 60% of nonprofits fail to take their staff and volunteers through data protection and storage training. Understanding such data security protocols can save your nonprofit both time and money.

Protecting Donor and Client Data

According to a Forbes article, the protection of donor privacy at every level was reaffirmed by a Supreme Court decision in 2017, when it ruled 6-to-3 that “California cannot force charities to reveal the identities of their major donors because it would be a violation of the freedom of association granted by the First Amendment.” Because of the court ruling in favor of donor privacy, the actual act of protecting “donor privacy now falls to nonprofits,” – making it even more important.

One essential way in which your nonprofit can protect donor information is through a donor privacy policy -a formal, written statement explaining how you use and protect donors’ private data. The Association of Fundraising Professionals (AFP) recommends adoption of a privacy policy for any organization that gathers personal information, including names, addresses, and credit card information from donors and attendees at special events.

But what exactly are you protecting your information from? You may think that your organization won’t be a target for cyber attacks, but the truth is that non-profits hold a vast amount of information that cybercriminals want to get their hands on.

Data security for non-profits

In fact, nonprofits face several types of risks related to cybersecurity. Thankfully, there are a few steps you can take to help prevent your organization from being the victim of cybercriminals.

1.  Identify your weaknesses

By clicking on a link in an email or downloading an attachment to a harmful website, employees or volunteers may fall victim to ransomware on their computers. Establishing information security policies can help ensure that this doesn’t happen – as employees will better understand how to identify phishing emails.

2.  Change passwords regularly

When creating passwords, using a few best practices (like enabling MFA) to ensure safety can help save your organization from any cyber-criminal activity. It is suggested, because non-profit organizations and NGOs regularly have new members or volunteers, to change passwords at least every quarter. 

3.   Keep Technology updated

Being mission-focused is important for your organization, but it may make investing in new technology lower on the to-do list. However, research shows that if innovation isn’t prioritized, an organization can suffer. Nonprofits that choose not to invest in necessary technology tend to face a wide performance gap between their outcomes and the organization.

4.  Make sure you’re covered

Cyber liability insurance can protect your organization from the high costs of a data breach or malicious attack. It covers expenses such as notifying your donors, paying for your credit monitoring, fines and other expenses.

Because your non-profit holds valuable information for a cyber criminal, it’s important to keep data secure. But, more than that, it’s important that your volunteers feel safe with their information in your hands so that, together, you can focus on your organization’s mission at large.

Riverstrong for Nonprofit

At Riverstrong, we understand your organization’s privacy concerns - and strive to protect beneficiaries' personal data above all. Our consultants are experts in confidential data management and implementing encryption across devices, and we have experience in handling and securing sensitive data.

In addition to having deep industry knowledge of the non-profit space, our employees undergo comprehensive HIPAA and privacy training.

To learn more about how Riverstrong can help protect your nonprofit organization and keep your data safe, get in touch with us today!