Even before the coronavirus (COVID-19) global pandemic put a hold on large gatherings, many organizations were starting to embrace virtual and do-it-yourself fundraising events. These kinds of events are appealing because they allow fundraisers to reach people who otherwise might not have time to attend an event. They also provide organizations with an opportunity to reach out to potential donors individually—something that’s just not possible at an event with hundreds or thousands of people.
Now, any nonprofit that hopes to survive the current economic downturn must shift to virtual. That includes relying on online donations, rather than on checks or even cash. However, increasing your online donations also increases your organization’s liability exposure. Because you store a large amount of sensitive information about your donors, you become a prime target for identity thieves and hackers. At CM Select, we’ve assembled some tips for keeping your process secure:
- Keep your software upgraded and up to date. Not only is older software slower, but it also is more susceptible to hackers. Stay current with all the latest updates in your software so you don’t inadvertently leave an opening for someone who’s trying to steal your donors’ information.
- Train your staff on how to spot phishing scams and malicious emails. Staff members should never give out any important information about your organization or a donor via email. They should also carefully examine the email addresses of suspicious emails—often, these messages appear to be from one of your contacts, but in reality, the name of the contact is misspelled in the address, which signals it’s part of a phishing scam.
- Update your state charity registrations. When you accept donations online, it’s likely you will receive funds from multiple states. Because some states require prior approval under charity registration laws, you will need to register there before going live with your “Donate Now” button. However, if your organization is small and you only accept donations from a few states, add that disclaimer on your donation page. That way, you don’t have to register in any other states.
- Make sure you have the right cyber liability and data breach response insurance. No matter how many precautions you take, you and your donors are still at risk for cybercrime. Most cyber crimes involve multiple areas of damage to both your organization and your donors. That’s why you need to make sure you have the right insurance, with coverages including data and network liability, regulatory defense and penalties, eCrime, cyber extortion loss, data recovery costs, network business interruption loss and breach response services.
Learn more about how you can protect yourself on CM Select’s website.
The information contained in these materials is intended solely to provide general guidance on topics that may be of interest to you. While we have made reasonable efforts to present accurate and reliable information, Church Mutual Insurance Company, S.I. disclaims all liability for any errors or omissions, or for any actions you take or fail to take based on these materials. The information provided may not apply to your particular facts or circumstances; therefore, you should seek professional advice prior to relying on any information that may be found in these materials.