Fundraising is a high priority for many charities and nonprofits, as it provides the vital resources needed to support their causes and make a positive impact on communities and people’s lives. More nonprofit organisations are turning to online platforms to fundraise, allowing them to reach wider audiences, streamline processes, and engage supporters in new ways. However, as the shift to online fundraising continues to grow, so do the risks associated with cyber security.
A recent study from Double the Donation showed that UK charities lost nearly £8.6 million to fraud in 2021 alone while 56% experienced non-financial issues as a result of fraud. With nearly half of all UK charities now using online fundraising, ensuring your platforms are secure has never been more important. Cyber attacks and data breaches can compromise donor information, damage trust, and divert funds from your cause.
Understanding and implementing online fundraising best practices is crucial to keeping your supporters’ data safe and securing your organisation’s online presence. In this blog, we’ll explore the best cyber security practices for charities fundraising online, from understanding cyber threats and how to safeguard donor data to ensuring secure online transactions.
What is Online Fundraising and Why It’s Important
Online fundraising refers to the use of digital platforms and tools to raise funds for causes. It encompasses a variety of activities, such as crowdfunding campaigns, peer-to-peer fundraising campaigns, matching gifts, and engaging social media posts to drive donations. Online fundraising allows charities to connect with supporters and donors in new and innovative ways.
While traditional fundraising events and in-person activities are still important, online fundraising enables nonprofits to adapt to the changing habits of supporters. To ensure your organisation has a competitive edge, it’s important to diversify your approach and include online fundraising in your charity’s digital transformation strategy. From online fundraising campaigns to the use of social media and email campaigns, going digital offers charities the opportunity to reach new donors, increase efficiency, and maximise their marketing efforts.
Below are some of the key benefits of integrating online fundraising into your charity’s digital strategy:
Accessibility
One of the biggest advantages of online fundraising is accessibility. Digital fundraising platforms allow donations from anywhere in the world, with no geographical barriers and provide access to a global audience. Online giving is also particularly appealing to younger generations, who are more likely to respond to digital communications and prefer interacting and donating through social media, campaign pages, or other online platforms. By diversifying your strategy to include online fundraising, your charity can engage young leaders, directors, and new supporters who are eager to make a difference.
Efficiency
Organising an online fundraising campaign can often be more time-efficient than in-person fundraising. Without the need to coordinate venues, materials, or logistics, an online campaign allows your team member to organise the fundraiser remotely and effectively. Peer-to-peer campaigns and crowdfunding efforts can be easily managed and tracked online, providing a seamless way to raise funds and keep supporters engaged without the added burden of in-person coordination.
Cost-Effective
Fundraising in-person events can come with high costs, from venue hire to event materials. However, online fundraising is typically more cost-effective as charities can reduce the need for physical materials, travel expenses, and other associated costs. Running a crowdfunding campaign or managing matching gifts online provides a greater return on investment and ensures that more of the funds raised go directly towards your cause.
Measurable
One of the significant advantages of online fundraising is the ability to measure and track results. Digital platforms provide analytics that can help charities evaluate the success of their fundraising campaigns. Whether it’s tracking the number of donations received, the demographics of donors, or the engagement levels of social media posts, these insights are all available with online fundraising platforms. This allows charities to make informed decisions about future campaigns and improve tactics.
It Shows Innovation
Show your charity’s unique ability to adapt, innovate, and inspire confidence. Moving fundraising efforts online is a sign that your charity is modern, forward-thinking, and responsive to changing times. By maintaining a strong online presence and leveraging digital tools to engage your audience, your charity can build trust, stand out, and make a lasting impression on supporters.
The Dangers of Fundraising Online: Cybers Security Threats
As more charities embrace online fundraising strategies, the landscape of cyber threats becomes a large concern. Using online platforms presents risks that can have serious consequences for a nonprofit organisation’s security and financial health. From collecting donors’ data through online platforms to processing payments for a crowdfunding campaign, you must be vigilant against any sign of charity cyber attacks. Understanding the dangers is crucial to safeguarding your charity’s online presence and donor trust.
Below are some cyber threats your charity should be aware of when using online platforms.
Data Breaches
A data breach occurs when sensitive information is accessed without authorisation, this exposes donors’ credentials such as names, email addresses, and financial information. The consequences of a data breach can be severe, leading to a loss of donor trust, financial penalties, and reputational damage. Make sure to secure all information for donations, information should pass through encryption and have payment gateways.
Phishing Attacks
Phishing is a cyber attack where criminals impersonate a trusted entity to steal sensitive information like usernames, passwords, and credit card numbers. For charities engaged in online fundraising, phishing often comes in the form of fake emails, social media messages, or fake website pages. Donors may be tricked into providing personal details, and once the information is stolen, attackers can use it for fraudulent transactions, identity theft, or other malicious activities.
Social Engineering Attacks
Social engineering is a broader form of cyber attack that involves manipulating individuals to gain access to confidential information. Several types of social engineering attacks can target charities, including:
– Spear Phishing is a targeted phishing attempt where attackers tailor their message to a specific person within the charity, making it more convincing.
– Pretexting is when an attacker fabricates a scenario to gain access to sensitive data, often by impersonating a trusted individual or organisation.
– Deepfakes is the use of manipulated videos or audio recordings to create fraudulent messages from donors, executives, or charity leaders.
These highly sophisticated tactics can lead to significant financial and is a charity fraud example you should watch out for.
Malware and Ransomware
Malware is malicious software designed to harm or exploit a device or network. In the context of online fundraising, malware can corrupt data, steal donors’ data, or take over computer systems. For example, a cyber criminal might infect a charity’s campaign landing page or online donation form with malware, causing it to redirect visitors to fraudulent sites to steal credit card details.
Ransomware is a specific type of malware that encrypts the files of a device or network, locking out users until a ransom is paid. This type of attack can cripple an organisation’s operations and result in loss of data and funds. Charities must have robust security solutions to detect and prevent malware and ransomware threats.
Payment Diversion Fraud
Payment diversion fraud is where legitimate payments intended for the charity are intercepted and diverted to an unauthorised account. This type of fraud typically involves cyber criminals gaining access to emails or payment systems, changing bank account details on invoices or online donation pages, and redirecting funds to their own accounts. Implementing secure payment processing systems and verifying any changes in bank account details can help mitigate this risk.
Bank Mandate Fraud
Bank mandate fraud is similar to payment diversion fraud but targets the payment instructions directly. Cyber criminals, often operating through a technique like business email compromise (BEC) or invoice fraud, convince a charity to change its bank account details by pretending to be a trusted partner. Once the details are altered, payments are sent to the attacker’s account. Charities need to verify payment instructions through secure communication channels and perform due diligence before making any changes to their banking details.
Cyber Security Best Practices for Nonprofits
Cyber security plays a crucial role in safeguarding the operations of charities and nonprofits. Cyber threats can disrupt online fundraising activities, damage reputation, and compromise donor privacy. Therefore, ensuring secure systems for data protection, online payments, and communication is vital for maintaining trust and staying secure.
Here are some ways to secure your charity’s online activities.
Secure Your Website
A secure website is the foundation of any charity’s online presence. It is important to use SSL (Secure Sockets Layer) certificates to encrypt sensitive information transferred between the website and the user’s browser. This ensures that personal details and payment information is transmitted securely. If your charity processes online donations, make sure that your payment gateways are PCI DSS (Payment Card Industry Data Security Standard) compliant, as this ensures the payment data is handled securely.
Choose the Right Fundraising Platform
Selecting the right fundraising platform is critical for maximising your efforts and staying compliant with data protection regulations. It’s crucial to verify that your fundraising platform adheres to online fundraising best practices and maintains robust safety standards. Only 9% of charities assess the risks associated with their direct suppliers. Remember that any vendor handling donor data should have strong cybersecurity protocols in place to ensure data protection.
Train Your Staff on the Latest Cyber Security Trends
Regular cyber security training is essential for your staff and volunteers. With cyber threats constantly evolving, staff need to stay aware of the trends and fraud tactics to identify suspicious activities effectively. This training should be part of an ongoing effort, including recognising and rewarding employees who help prevent potential breaches. You can also share valuable best practices from reputable cyber security organisations, such as the National Cyber Security Centre (NCSC).
Use Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is a security process that requires users to verify their identity through multiple methods before accessing sensitive systems. Your charity can significantly reduce the risk of unauthorised access to fundraising platforms and donor databases.
Regular Software and Security Updates
Keeping your software up-to-date is essential for maintaining your security setup. Regularly update your fundraising and management software to patch vulnerabilities and improve security features. Running frequent scans for viruses and suspicious activities helps to identify and address risks early on. Your charity can use a suite of security tools, such as antivirus software, firewalls, and monitoring tools, to protect systems. Your organisation should also consider adopting comprehensive cyber security and cloud solutions tailored to your specific needs. This approach could offer you peace of mind regarding your overall cyber security stance.
Implement Strong Password Policies
Strong password policies are one of the simplest yet most effective ways to secure your systems. Encourage staff and volunteers to use complex, unique passwords and to change them regularly. Password management tools like Keeper can help store and manage these passwords securely, reducing the likelihood of password reuse and cyber criminals guessing your passwords.
Safeguarding Donor Information
Protecting donor information should be a top priority for charities. To securely collect and manage donor data, employ data encryption methods and consider using cloud storage solutions. Cloud storage offers high levels of security, including built-in encryption, regular data backups, and access controls, making it an ideal choice for charities looking to safeguard sensitive information. It’s also important to ensure compliance with data protection regulations like GDPR and to maintain transparent privacy policies that donors can trust.
Implement Strong Access Controls
Managing access to sensitive information is crucial for preventing data breaches. By implementing user roles and permissions, you can limit access to fundraising platforms, donor databases, and other sensitive data. Only authorised personnel should be able to view sensitive information and permissions should be regularly reviewed to ensure that access is still necessary.
Review Payment Processes
Reviewing payment processes is essential for identifying potential vulnerabilities in your financial transactions. Ensure that your payment methods are secure, that donor information is protected, and that all transactions are handled in compliance with financial regulations. By proactively assessing and updating your payment procedures, you can minimise risks and ensure that donations are processed safely and securely.
Closing Thoughts
Ensuring your charity has the correct online fundraising best practices is essential to protect donor data, secure financial transactions, and build a trusted reputation. By securing your website, choosing safe fundraising platforms, having staff training, and implementing security measures like Multi-Factor Authentication, you can significantly reduce the risks of cyber threats.
Creating a secure fundraising platform fosters trust and confidence among your donors and stakeholders. When supporters know their contributions are handled safely, they are more likely to continue giving, engage in peer-to-peer campaigns, and advocate for your cause, By prioritising cyber security as well as online fundraising, it builds a foundation for a resilient nonprofit that is well-equipped to make a lasting impact.
Get in Touch
Would your charity like to learn more about enhancing your cyber security for fundraising online? Book your FREE consultation with our IT experts at Qlic by clicking the button below.