Protecting Your Nonprofit from Online Fundraising Risks
Online fundraising technology is a critical part of your organization, enabling online donations and managing crucial donor data. But like all technology, your online fundraising platforms can present risks if not properly managed. Taking proactive steps to identify and mitigate these risks is essential for protecting your organization and donors.
Of course, every nonprofit organization has a different technology stack. The systems that support online fundraising vary from nonprofit to nonprofit.
TIP: Our free resource, The Ultimate Checklist for Selecting Software for Your Nonprofit, can help you learn more about choosing the right stack for your organization.
With this in mind, let’s focus on two key platforms that are common to most nonprofits’ online fundraising tech systems: online fundraising software and content management systems (CMS), or the software used to build and manage the organization’s website.
Mitigating risks to your online fundraising software
Your online fundraising software typically manages your online donation forms and houses sensitive donor data. Here’s how you can reduce risks to this critical technology:
-
Understand vendor liability and security compliance.
If your software vendor is like many, it’s responsible for storing and encrypting donor data. Review your service agreement to understand your vendor’s liability for data breaches and confirm they comply with security standards like the Payment Card Industry Security Standards Council (PCI SSC) and SOC, a set of security standards developed by the American Institute of CPAs (AICPA). It’s also important to remember that custom code can affect compliance, so work with your vendor to run regular compliance checks.
-
Simplify your forms.
Keep your forms as simple as possible, collecting only the essential information needed for a donation. This practice minimizes the amount of data exposed to potential breaches.
-
Monitor for suspicious activity.
While nonprofits see less fraudulent activity due to the lack of goods, credit card testing is a common concern. Set a minimum donation threshold and review all transactions daily to catch any suspicious activity.
Mitigating risks to your website
Because your website is the gateway to your online donation forms, it’s important to keep your CMS secure. Some tips:
-
Run the latest CMS version.
One of the most effective ways to reduce risks is to always run the latest version of your CMS software. This ensures that you have the most recent security updates from your vendor. Consider signing up for managed hosting with your CMS vendor so that they are responsible for regular updates.
-
Secure all webpages.
All transactional pages and forms — and any pages that collect information, like newsletter sign-ups — should be secure.
-
Implement reCAPTCHA.
Use reCAPTCHA or a similar feature to protect your website from spam and bots. While some CMS platforms have this functionality built in, you may need to explicitly enable it or add it through a customization or plugin.
Finally, it’s important to consider that even with strong vendor agreements and internal security measures, liability limits may not be sufficient. If you believe your current coverage isn’t enough, consider obtaining additional liability insurance to protect your organization from unforeseen risks.
Don’t let technology risks put your nonprofit in a vulnerable position. The tips above are a great place to start, but sometimes, an expert partner can help you get the most out of your technology while ensuring it’s optimized for security.
In these cases, Cathexis Partners is ready to help: Contact us to get started.
—
by Kishore “Kish” Hiranand, Developer, Cathexis Partners
Kish is a seasoned digital veteran with expertise in multiple technology systems and diverse industries. He has been focused on the nonprofit space since 2018.
