Estimated Reading Time: 3 minutes
By the NRMC Team
Your nonprofit works hard to build trust with the people and communities you serve. To maintain that trust, you must safeguard the data that clients, constituents, partners, website users, and others share with you. Many nonprofits don’t have an on-site cybersecurity expert, but creating and applying some simple data security principles can make a big difference. With that foundation, your nonprofit can continue to improve its data security as best practices change. Here’s how to get started.
Take inventory. What personal or confidential data does your nonprofit currently have? Whether it’s Personally Identifiable Information (PII), Protected Health Information (PHI), or confidential information, where and how do you store it? What user data does your organization possess that it needs to keep private? Who do you need to protect that data from? What are the consequences if you fail? What safeguards do you have in place, and are they sufficient? The Electronic Frontier Foundation has a guide that can help your nonprofit explore these questions in detail.
Limit data collection. Don’t collect data your organization doesn’t need or use. Hackers can’t steal data your organization doesn’t possess.
Nail the basics. Require strong passwords for internal and external system and site users. Set up multi-factor authentication, which requires additional information beyond a login and password (like a code sent to your cell phone) to access systems. Require your nonprofit’s vendors to take steps to protect data.
Get encryption. Make sure your office’s network is encrypted and secure. Never use public networks to access your nonprofit’s data. Store any financial information or other sensitive data, including donor and client names, in an encrypted database. Never store data like financial details or passwords in plain text.
Limit internal access to sensitive data. Give employees access only to the data they need to perform their jobs, and make sure only authorized users can access sensitive data. Limiting access allows you to spot any unusual activity more easily.
Don’t snooze software updates. Updates often contain critical patches for security issues. Regular updates are especially important if your organization’s website is built on WordPress, as many nonprofit sites are. WordPress’s popularity makes it a frequent hacker target.
Be transparent. Clearly and prominently describe what data your nonprofit stores and what you do with it. Create privacy policies covering all your services that show what donor, participant or site visitor information you record and why. Allow website users to opt in to data collection, rather than requiring them to opt out. Give them the opportunity to request a copy of their data. If your nonprofit uses algorithms to make decisions, explain how and when you do so.
Consider limiting or turning off user tracking on your website. If you don’t know what tracking your site uses, the Electronic Frontier Foundation’s Privacy Badger browser extension can show you.
Avoid data sharing whenever you can, and limit it in all cases. Before your organization shares data with anyone, set guidelines on how the data can be handled. Create a policy on what kinds of data you will share and with whom.
Think about data retention. Your organization may want to automatically delete data as often as it is reasonable.
“First let me congratulate you on a conference well done. I had a great time at the Nonprofit Employee Benefits Conference and walked away with some valuable tools and questions that we’ll need to be addressing in both the short and long term. Thanks to you and your staff for all you do to provide us with quality resources in support of our missions.”
“BBYO’s engagement of the Center to conduct a risk assessment was one of the most valuable processes undertaken over the past five years. Numerous programmatic and procedural changes were recommended and have since been implemented. Additionally, dozens (literally) of insurance coverage gaps were identified that would never have been without the work of the Center. This assessment led to a broker bidding process that resulted in BBYO’s selection of a new broker that we have been extremely satisfied with. I unconditionally recommend the Center for their consultative services.
“Melanie Herman has provided expert, insightful, timely and well resourced information to our Executive Team and Board of Directors. Our corporation recently experienced massive growth through merger and the Board has been working to better integrate their expanded set of roles and responsibilities. Melanie presented at our Annual Board of Director’s Retreat and captured the interest of our Board members. As a result of her excellent presentation the Board has engaged in focused review which is having immediate effects on governance.”
“The Nonprofit Risk Management Center has been an outstanding partner for us. They are attentive to our needs, and work hard to successfully meet our requests for information. Being an Affiliate member gave us access to so many time- and money-saving resources that it easily paid for itself! Nonprofit Risk Management Center is truly a valued partner of The Community Foundation of Elkhart County and we are continuously able to optimize staff time with the support given by their team.”
“The board and staff of the Prince George’s Child Resource Center are extremely pleased with the results of the risk assessment conducted by the Nonprofit Risk Management Center. A thorough scan revealed that while we are a well run organization, we had risks that we never imagined. We are grateful to know that we have now minimized our organizational risks and we recommend the Center to other nonprofits.”
Great American Insurance Group’s Specialty Human Services is committed to protecting those who improve your communities. The Center team has committed to delivering dynamic risk management solutions tailored to nonprofit organizations. These organizations have many and varied risk issues, hence the need for specialized coverage and expert knowledge for their protection. We’ve had Melanie speak on several occasions to employees and our agents. She is always on point and delivers such great value. Thank you for the terrific partnership and allowing our nonprofits to focus on their mission!