Over the past two years, nonprofits have had to rely more and more on online donations to meet their budget. Electronic giving is convenient, yes, but it can also be risky—for both your organization and donors. Church Mutual works with many customers who have experienced data breaches, and offers the following tips for increasing your digital security:
- Conduct a risk assessment. The only way to fully understand how vulnerable you are as an organization is to face your weaknesses head-on. It may be beneficial to hire a professional who can audit your security level and identify your biggest risks.
- Find a security vendor. There are many companies that offer data protection technologies, including McAfee and Forcepoint. Do your homework and find a vendor that will work for your individual needs. If you are overwhelmed by all the choices, ask your security auditor for assistance. Your vendor should offer credit card and bank account security, donor fraud protections, multifactor authentication and IP security.
- Limit which staff members can access donor data. Even though you may have thoroughly vetted all staff members before hiring them, it’s still a good idea to restrict donor information to a very small number. The fewer people who can access sensitive data, the better.
- Provide separate credentials for staff. Any staff member who does work with donor information should have their own login information and should not share this information with anyone else. If there is a security breach, it is easier to identify the problem when credentials are different for every user.
- Maintain network security. Do not open your Wi-Fi network to the public. Require guests to your facility to ask for permission before using your network. Do not broadcast your network name. Set your network to lock out accounts after multiple unsuccessful attempts and use firewalls and encryption to restrict access to data.
- Keep a clean machine. Make sure all software on machines that are connected to the Internet is fully updated. If you aren’t using a piece of software, delete it immediately.
- Require strong passwords. Make sure your staff uses a combination of upper- and lowercase letters, numbers, symbols or special characters when they create passwords. Never share passwords or pass phrases, avoid using the same password or pass phrase on multiple accounts and change them at least every three months.
- Acquire cyber liability insurance. Even if you are very careful, cyber criminals may still create problems for you or your donors. Cyber liability insurance protects you and helps you minimize loss.
For more information on cybersecurity, visit Church Mutual’s cybersecurity Risk Management page.