Do you think non profit organizations are safe from cyber attacks? You don’t believe that defense breaches and hacking can be a threat for your charity? The truth is that NGOs are among the top targets for hackers, as they often store large amounts of sensitive personal and financial data, without having properly secured their system from outside threats.

In this article we are going to share the reasons why cyber security must be a top priority for charities, the importance of developing a holistic security strategy and the best practices to keep your data, privacy and payments safe.

Why should you care about cyber security?

First, FUNDRAISING IS ABOUT TRUST and if this trust is broken, because personal data or bank details have been lost, destroyed, or stolen and used by a third party, the donor may never again make a donation to your organization or any other for that matter. It will consequently hurt your cause, fundraising efforts, and overall image.

An organization must constantly nurture their donor relationships and protecting their donors’ data requires time, specialized skills, as well as substantial and continuous investment.
Since almost 80% of funding for non profit organizations comes from individual donors, it is essential to create an environment of trust for them.

Keeping this in mind, here are a few basic recommandations you should be aware of:

  1. Devote at least 5% of your annual IT budget to security in order to make sure you have the appropriate resources, because security is an investment but far cheaper than a cost of a breach.
  2. Invest time in training your staff. Aim to organize a workshop every six months where you review their level of knowledge (password, firewall, malware, download and use of add-ons or usb key and others external memory disks), share the latest threats, discuss best practices and procedures to follow when a threat is identified, and give your team the opportunity for specific Q&A. (Most security issues come from human mistakes).
  3. Control, monitor and update who has access to what data, and make sure each individual has their own personal login and does not share it with anyone else. This includes employees, but also different collaborators and third parties such as consultants or former employees who might have a temporary login. It’s important to restrict access only to what’s necessary, and remember to deactivate it when the job is complete. Updating passwords every few months, or when someone loses their electronic device or have the feeling their password may have been compromised, is also an evident point to keep in mind. If you’re not able to monitor this, it will be much more challenging to identify the actions and damage done by a ill-intentioned user.
  4. Set up a strong password policy with a multi-factor authentication.
  1. Make sure all computers and phones have a password that gets automatically enabled after 5 min of being idle.
  2. Control and check as frequently as possible that your IT environment has been updated to the latest LTS version (long term support guarantee).
  3. Install, enable, and update an anti-virus & anti-malware on every employees’ computer.
  4. Audit your IT environment through external & professional experts like Yes We Hack, the leading bug bounty company in Europe.
  5. Use a VPN (Virtual Private Network) to make sure your connection inside or outside your office is secure, encrypted and hidden.
  6. Restrain your IT environment to only be accessible from a dedicated IP address (the IP address of your VPN) that will significantly reduce vulnerability to attacks.
  7. Set up an adequate insurance policy with the appropriate coverage to make sure you can get the support needed.

Security is a ongoing and never-ending task. It is advisable to outsource professional suppliers and solutions that provide a highly secure environment to process payments and information. It is indeed safer and easier to be supported by a specialist who works hard on cyber security rather than creating everything from scratch.

cyber security
cyber security

With over 500 clients in 18 countries, iRaiser has helped charities raise over 900 million euros since its creation in 2012, always complying to three truths: relationship, trust and security. After 14 external security audits, we provide all the key elements and services that help building strong and long-lasting donor relationships, with data protection, confidentiality and security at the heart of our technology. We invest continuously on cyber security following the best practices to prevent attacks and creating a secure environment for our clients by: 

  • Being fully GDPR compliant. With opt-in consent options, an editable privacy policy section, and exclusive hosting in Europe, we offer user-friendly fundraising solutions to meet those needs.
  • Taking particular care in respecting the laws of all the markets we work in, especially those that concern the protection of personal data.
  • And ensuring that our clients are the exclusive owners of the data collected by our different solutions.

Every year, through Yes We Hack, the leading bug bounty company in Europe, we test our solution for security vulnerabilities and assess the efficiency of our cyber security system. 

Because of our attention and constant investment to this area, we have been able to prevent any breach into our security system, even though we constantly face attempts of cyber attacks or fraud on our online fundraising solutions.
For example, during the fundraising campaigns for Notre-Dame de Paris we saw up to fifteen thousand connections per second and faced more than a hundred attempted computer attacks in a week. 

We are continually working on improving and updating our security systems in order to provide the most secure fundraising platform for our clients and the safest environment for their donors.

cyber security

By taking into account these best practices, & understanding the importance of investing time and resources on cyber security, your organisation will pave a strong and durable path towards a fruitful future.

Putting into practice these lessons and making them part of your organisation’s DNA is essential. But if you don’t have the knowledge or resources to form an IT team of your own, remember that relying on a reputable & trustworthy supplier to take care of this for you can save you time and money, and make life a whole lot easier.
Because in the end, preserving your donors’ trust and establishing long-term relationships will not only benefit your fundraising and the cause you are fighting but are the basis for your organisation’s survival.