Building Trust: 4 Nonprofit Website Security Strategies

Online giving grew by a whopping 20.7% in 2020, and 12.9% of all money raised came from online giving, which is the highest percentage ever for digital giving, according to the Blackbaud Institute’s most recent report on charitable giving. Clearly, maintaining your nonprofit’s online presence is crucial if you want to benefit from this rise in online donations. And one of the best things you can do to inspire your donors to give online is to ensure your website is secure. 

After all, one of the biggest challenges in recruiting and retaining donors for your nonprofit is maintaining their trust, and website security is a big concern for donors who want to be sure they can trust your website with their sensitive personal information. 

To help you maintain your reputation with your supporters, here are four nonprofit website security strategies you can easily implement.

1. Create a Password-Protected Intranet Network 

Some nonprofits have exclusive resources they wish to reserve for members, volunteers or staff. With a password-protected intranet network, you can control who has access to them. 

Make sure you maintain the security of your intranet network by monitoring registration requests, weeding out any suspicious-looking login attempts, encouraging users to update their passwords regularly and adding a two-factor authentication sign-in process. 

2. Maintain Your Website’s HTTPS Status 

Hypertext Transfer Protocol (HTTP) is essentially a communications protocol that allows internet users to send and receive web pages. When you see a website with “HTTPS,” it stands for Hypertext Transfer Protocol Secure. That “S” makes a big difference, as an HTTPS status helps your nonprofit ensure that when donors give you their contact or payment information, their data will be more protected. 

You’ll need to take action to maintain your website’s HTTPS status (or migrate from HTTP). Google Search Central recommends a number of steps, including using reliable security certificates and ensuring your site tells browsers to request HTTPS pages automatically.

3. Ensure Your Payment Processor Is PCI-Compliant 

No donor wants their credit card information stolen when giving to your nonprofit. PCI compliance, or the Payment Industry Data Security Standard (PCI DSS), are standards set forth with the intention to protect credit card users when they give their information to organizations that accept, process, store or transmit their card information.  

According to Digital Guardian, there are 12 requirements for PCI compliance: 

1. Use firewalls to prevent unauthorized users attempting to access private data.
2. Keep an inventory of all passwords and change those passwords often. 
3. Encrypt credit card data when you receive it. 
4. Encrypt credit card data whenever it is transmitted, and never send it to unknown locations. 
5. Use antivirus software and update it regularly. 
6. Update all software on a regular basis to take advantage of new security features. 
7. Only give cardholder data access to staff members who need it to do their jobs. 
8. For staff members who work with cardholder data, make sure they have their own unique credentials to access it. 
9. Keep physical cardholder data in a secure location. 
10. Create an access log to keep track of when data is accessed and by whom. 
11. Regularly test for oversights in your PCI compliance efforts. 
12. Document how data flows into your organization and how it is used. 

Note that while PCI compliance is not required by law in the United States, putting in the extra work to ensure your payment processor is PCI-compliant and that you’re being careful with your donors’ payment information will go a long way in helping you retain your supporters. 

4. Brand Your Donation Page 

Though branding doesn’t have a direct impact on how secure your website is, strategic branding can send positive signals to your donors about your organization. Your donation page’s branding should be consistent with the rest of your website. All of the visual elements you use on your website — such as your organization’s logo, color schemes and typography —  should be reflected on your donation page. 

This will ensure that donors see your donation page as connected with the rest of your website. Too many nonprofits overlook the importance of branding their donation pages, leaving supporters questioning the security of the website, even if it is trustworthy. 

Since your nonprofit relies on the generosity of others, you need to maintain your supporters’ trust, and focusing on website security is one of the best ways to do so. As you follow these nonprofit website security strategies, don’t forget to communicate to your donors how much you value security so they know your website and your organization as a whole can be trusted with their support.