When you think of online fraud and security breaches, your nonprofit website is probably not the first target that comes to mind. However, nonprofit organizations typically store a lot of data that can be at risk for security breaches. While donor management and fundraising is a top priority for non-profit organizations, another important priority that ranks just as high is protecting confidential information about your donors and your organization.
What kind of security breaches and risks exist for nonprofit organizations?
Nonprofits and businesses face a number of potential online fraud and security risks. These can include:
Breaching of Confidential Information
Non-profit organizations rely on donations to support their causes and efforts. With donations comes the collection of highly confidential information, which includes personal contact information (name, address, phone) and credit card information. Having access to such information would be a prime target for malicious activity and experiencing security leaks or breaches would be a public relations nightmare. However, breaches and leaks can be prevented when security protocols are proactively implemented.
Passwords are the key to everything important on the web. While best security practices dictate that passwords should vary for each log-in that we have, this practice is often overlooked. That means if hackers steal passwords for administrative access to non-profit or fundraising websites, the password can be used for other possible log-ins that access much more than just website content or email lists. With websites being stored on browser history, a stolen password is just the beginning of many potential problems.
Corruption of Website Content
Websites are one of the mediums where potential donors and supporters can learn about a non-profit organization. It may seem that having access to publicly available information is not a big deal, but that’s not what malicious hacker activity is after. Hackers and viruses can gain access to website content from the back-end, which can lead to website content corruption. Having a corrupt website can lead to loss of donors, potential donors and credibility of your non-profit organization.
Viruses that Spam and Hold Computer Contents Hostage
E-mail viruses are a common security risk for individuals as well as organizations. Once a digital intruder has a hold of your computer contents (potentially through a virus from an e-mail), your computer and e-mail contents are at their beck and call. This can range from spamming your email address book to further infect other contacts, stealing passwords, or even holding certain digital contents hostage until a ransom is paid.
Credit Card Harvesting
Since most nonprofit websites include forms for submitting credit card information, hackers and harvesters may target your website. Here’s how it works – they or their bots run multiple (sometimes hundreds of) credit cards through your system to see which ones work. When a completed donation or order is received, they know that they can use this credit card to make purchases on other websites.
- To limit this practice require CAPTCHA and address verification (AVS) on your website forms.
How does a non-profit organization avoid these security risks?
All of these risks are frightening to experience and detrimental to the reputation, progress and credibility of your non-profit organization. With all of the scary consequences that can come from poor security protocols, what can be done? Here are some steps that can be taken to assure that your non-profit organization is protected and utilizes best practices in nonprofit website security.
Install SSL Certificates & Use Only HTTPS Websites
An SSL (secure sockets layer) certificate insures a secure connection is established between a website user and the server where the website data originates. It is signified in a website’s URL by the use of HTTPS (instead of just HTTP). Secure sessions use encryption methods to ensure that data can be more safely transferred and more difficult for hackers to intercept. It also indicates to website visitors that your website is authentic and belongs to your organization. This is probably the easiest and most important tactic in your nonprofit website security toolkit.
Ensure Software Is Automatically Updated
Website hosts should implement updates on a regular basis. This is important because outdated code that do not constantly patch-in bugs can leave room for hackers to breach information through the website. Good website hosts understand that fixes need to be applied on a regular basis as new bugs are discovered, so maintaining regularly automated updates is part of the preventative measures of security risks.
- DoJiggy managed nonprofit hosting includes automatic updates that generic hosting providers cannot.
Install Antivirus Software
Antivirus software checks for such malicious activity within your computer and takes proactive steps to block viruses from infecting your computer. The software also allows for regularly screening your computer so that your computer continues to be virus-free.
Backup Servers and Data
Website contents and data should regularly be backed up in the case of data loss. For example, if your computer contents are held ransom because of a virus, the only way to get rid of it is to wipe the entire computer clean. That means if your data isn’t backed up, it can potentially be permanently lost. Data can be wiped clean in some security breach incidents, as well, and instead of starting over because the contents and data were stored only in one place, having a back-up can save time, money and resources.
Establish PCI Compliance for Credit Card Processing
Credit card processing comes with its own set of compliance guidelines and standards. All organizations that accept credit cards must abide by Payment Card Industry (PCI) standards. When choosing a credit card processor for your donations, be sure to ask about how they comply. Some guidelines should include encryption of transmitted data and maintaining that all network connections are secure during the transmission. Request their security information policy so that it is clear that the processor is truly compliant.
- All DoJiggy payment platforms are PCI compliant.
Be Sure to Use Secure Passwords
While it’s tempting to lazily use “password123” as your password, hackers often crack passwords because of how easy they are to guess. A secure password includes a combination of lowercase letters, upper case letters, numbers and special characters (if the password requirements permit). Once you have a password, also be mindful not to share it with others or even other websites. Follow the rule that you should share your passwords as you would share your toothbrush.
- To automatically store and manage passwords, try using a secure password tool such as RoboForm.
Utilize E-mail Safety Precautions
While we’ve focused mainly on nonprofit website security, safety precautions for your organization don’t just stop at your website. After all, all of your staff members are communicating daily via email, right? These are some steps to take to avoid getting a virus through emails:
- Don’t even open emails that look suspicious
- Don’t click on links or downloads that are not verified or look like suspicious URLs
- If you receive a spam email, notify the owner of the email that their email has been hacked so that they can change their password
- If you have personally had your email hacked, immediately change your password and notify your IT department of the incident
Conclusions on Nonprofit Website Security
Following these guidelines on how to maximize your nonprofit website and data security, taking the steps to become more secure will come seamlessly. DoJiggy offers a comprehensive non-profit website package that includes secure website hosting, automatic updates and credit card processing that is PCI compliant. Trusting your non-profit website to DoJiggy will offer your donors and supporters a trusted experience which relates to more donations for your organization. Now that’s something that we can all get behind!