Keep Your Donor Data Safe: Cybersecurity Best Practices for Nonprofits

3 questions nonprofits should ask about cybersecurity

From Phil Stolberg, Chief Operating Officer 

Read Time: 6 minutes 

Data privacy and security risks are rapidly increasing… making cybersecurity best practices for nonprofits more important than ever before. Just Google “cybersecurity,” and you will quickly find enough alarming articles to fill a multitude of Saturday afternoon reading sessions:

  • What’s Next in Cybersecurity?
  • Behaviors that Indicate Insider Data Threats.
  • How Well Do You Know the Risks Posed with Third Party Data?
  • Is Data Exposure Threatening Your Organization?

It can seem like sophisticated “data bad guys” are attacking, from all directions, targeting our systems and networks, seeking, finding and stealing sensitive data. Further, complicating these data compromising risks, are efforts to achieve an industry consensus defining sensitive data.  

Cybersecurity Best Practice #1: Define “sensitive data”

Of course, your social security number, credit card number, bank accounts and personal health are examples of sensitive data.  But, is your citizenship, age, ethnicity, religious preference, home address, hobbies, favorite vacation spot and shoe size sensitive data? (I asked my wife if her shoe size is sensitive data. She said, “Nope, but my dress size is.”)  

Caring about and protecting personal data must not be taken for granted, and yet, this task is becoming more and more complicated as the volume of personal data increases and becomes available from so many different sources. Which leads me to Cybersecurity Best Practice #2, and some questions you should consider. 

Cybersecurity Best Practice #2: Assess risks

Over the last several years there have been enormous advancements designed to capture and maintain all kinds of data about each of us. AI and machine learning marketers (and fundraisers) have gained incredible insights into consumer and donor behaviors. In fact, nonprofits often rely on commercial third party data companies to maintain and secure their donor data… tools that are supposed to offer security best practices at affordable rates.

In the fundraising world, data privacy and security questions and risks must be responsibly addressed. As you develop cybersecurity best practices for your nonprofit, ask yourself these questions:  

  1. Are an individual donor’s characteristics confidential?  
  2. Should a donor’s charitable gifts be confidential? 
  3. What are the practical and ethical privacy issues surrounding donor giving in the nonprofit world? 

Nonprofit leaders, along with our state and federal legislators are wrestling with these and many other related questions. There are many political, ethical and practical issues surrounding all of these questions – and the collective discourse seems to change all of the time. Cybersecurity Best Practice #3 can help you navigate these uncharted waters.

Cybersecurity Best Practice #3: Research, research, research

As you consider your nonprofit’s cybersecurity best practices, I want to share a resource that will help you. The Association of National Advertisers (ANA) has actively tracked, studied and provided helpful counsel to marketers, consumer and nonprofit organizations and legislators offering a balanced, informed and thoughtful perspective on how to:

  • define what is and is not private data information, 
  • the ethical use of private data, 
  • and expectations and best practices for protecting the legitimate use of data.  

I have attached an ANA white paper titled “Privacy and the Consumer… A Market Research Overview.” Make yourself a pot of coffee and set aside an hour or more to study this paper – it’s worth the investment. 

Cybersecurity Best Practices for Nonprofits: Final Thoughts

Donor trust is foundational to every nonprofit’s ability to secure the resources necessary for mission advancement. While use of personal and consumer data can help a nonprofit ensure delivery of their messages and fundraising offers to those most likely to donate, this must be done thoughtfully. 

As you read ANA’s report and develop cybersecurity best practices for your nonprofit, please don’t hesitate to reach out to me or BDI’s account and data teams. We’re always taking steps to better protect our own and our clients’ data – and we’re here to help you as you protect and secure your donor data in this ever-changing data privacy world. Happy reading!

Click here to read more “Inside Philanthropy” on our website.  

  • Chief Operating Officer

    Phil Stolberg, Chief Operating Officer

    With over 40 years of experience in marketing and communications, BDI’s Chief Operating Officer, Phil Stolberg, has dedicated his career to working with not-for-profit organizations. He has held a variety of leadership positions, both with nonprofit organizations and with agencies that consult with the not-for-profit world, allowing him extensive experience with marketing, major donor and capital campaigns, special event and foundation fundraising.

More fuel for more impact.

Let's talk.