How to Keep Donor Data Safe With Your Nonprofit CRM

November 6, 2023

As a nonprofit leader, you know the importance of donor data. It guides your fundraising efforts, drives marketing decisions, and largely impacts your ability to engage supporters

But your data collection contains sensitive information about your supporters, and they trust you to handle that data carefully. Thankfully, your nonprofit constituent relationship management (CRM) system can help keep donor data safe. Let’s take a closer look at how you can leverage this software to not only gain valuable donor insights but also protect your nonprofit’s supporters.

Invest in secure software

First and foremost, the CRM itself must be secure. But what does secure software look like? Your nonprofit must know the right safety features to look for when evaluating your CRM or looking for a new one.

Consider the following security measures to ensure you invest in secure software:

  • PCI certification: If your CRM offers a payment processor, check to see if it’s PCI-certified. CharityEngine’s guide to payment processing explains that PCI compliance is the bare minimum of secure software. Compliance simply means that the software follows basic standards set by the PCI industry, whereas PCI-certified software is regularly audited by a third party to ensure the software is safe.
  • Data encryption: This is a safety standard you can’t ignore. It is a way of translating data from plaintext, which is unencrypted, to ciphertext, which is encrypted. It is essentially a lock on your data, and users need a key to access it.
  • Breach protocol: No one wants to consider the worst-case scenario, but burying your head in the sand isn’t a good idea. In the event of a fraud attack or a data breach, what is the protocol with your CRM vendor? Ensure the safety of data, but also ensure you’re okay with the breach protocol.

Also, make sure your CRM has basic security measures in place, like two-factor identification and fraud prevention software.

Your nonprofit will collect donations in various ways, which means there are several sources and massive amounts of data that your organization must protect. Whether your supporters donate to your text fundraiser or simply sign up for your email newsletter, their information should be protected by the database it’s stored in.

Enforce password protocols

Although your nonprofit reaches out to donors about giving opportunities and volunteer positions, you should also pass along helpful information for interacting with your software. Once donors understand their role in keeping data safe, they’re usually very willing to help!

While you likely won’t have the time or resources to fully educate donors on in-depth security measures, such as data encryption, an important place to start is password security.

Did you know that more than 80% of security breaches are related to stolen, weak, or reused passwords? Helping your donors protect themselves by enforcing strong passwords is an easy way to shore up your defenses.

Some password rules you might require include:

  • A required character length
  • A combination of uppercase and lowercase letters
  • At least one number and symbol or special character

Remind your donors to create passwords that are unique to them, such as an inside joke with a friend or a memorable number combination. Sometimes it’s easiest to remember a phrase, such as “ILikeCatsIn2023!”

Also, encourage donors to create a password that is uniquely meant for their engagement with your CRM. This means they’ll need to create a password that isn’t used for any other account login.

Educate your staff

Your efforts to find the best nonprofit CRM is just the first step in using this software to keep donor data safe. Training your staff members to use it properly is crucial if you actually want to put the CRM’s features to use!

Staff member training can help your team ensure they’re making the most of your tool, but is also extremely important when it comes to handling sensitive information. Some training policies you might enforce include:

  • Software use: Many mistakes can be made if staff members simply don’t know how to use your software. Host general training to walk through the software and ensure all staff members know how to use it.
  • Cybersecurity measures: Train your team on identifying fraudulent activities, like phishing emails or ransomware. Many organizations send test emails to keep team members on their toes! A good rule of thumb is to stay away from clicking links unless you know the sender.
  • Data access controls: Protect data by limiting staff access to it. Data should only be accessible by authorized personnel and in relevant scenarios. For example, be sure that authorized staff members can only access donor data from organization-owned software during work hours to limit access to work-related needs.

Create a standardized plan for handling donor information and hold a staff-wide meeting to go over the procedures. Provide resources complete with data safety training materials for your staff to access whenever they need it. That way, staff members can get answers to questions and guidance on how to handle a situation without having to schedule a meeting with an organization leader.

You should also incorporate the protocol into onboarding for new employees so that everyone is on the same page. Just make sure your organization’s leaders are well-versed in how to handle the software and sensitive information. The right CRM will also offer access to a helpful support team so that you can get assistance as you learn how to leverage the software.

Donors are priceless to nonprofits, and your donors trust your organization to make a difference with their contributions. They should be able to trust you to protect their information, too.

A team-wide focus on security, combined with the right software and best practices, will start you off well. Remember, the right tools will support your security efforts, and the right practices can take them even further!

Comments on this entry are closed.

Previous post:

Next post: