Last Thursday, I turned my computer on and started preparing to write my daily blog, when suddenly my virus software sprang into action. A pop-up window told me that my computer was infected with a trojan virus and asked if I wanted it removed. Of course, I said ‘YES’. In a blink of an eye, I was staring at the dreaded “blue screen of death,”and I was obviously out of commission. It was for this reason you did not see any blog posts from me on Thursday or Friday.
During my unplanned time down, I started thinking about how non-profit organizations probably deal with this on a daily basis and how in some instances it could even impact donors who routinely feed us their personal information (e.g. name, address, phone, email, credit card and banking info, etc).
Upon further investigation, did you know that the Obama team, who has collected tons of donor information at donate.barackobama.com, had to dealt with hackers as recently as a year ago? And “Twitter hacking” has been in the news recently for reasons I refuse to go into.
Non-profit organizations are constantly collecting information on their donors and storing it in their donor database. In fact, with the social media revolution in full swing, non-profits are pushing further by “friending” donors on Facebook, following donors on Twitter, and linking with donors on LinkedIn. All of these activities are intended to help deepen our relationships with donors and get to know them even better.
It is a brave new world and non-profit organizations need to make sure they are ready to deal with these issue. If you don’t think spyware, computer viruses, phishing and hackers are an issue, then go talk to our resource development friends at the University of Notre Dame or Maine Public Broadcasting.
Put yourself in a donor’s shoes after being informed that your systems were compromised? Where is your confidence level? What is running through your mind the next time you’re asked to make a contribution?
Of course, the answer is not to unplug your donor database or shutdown the organization’s Facebook or Twitter accounts. However, you might consider the following:
- Use the Association of Fundraising Professional’s (AFP) Code of Ethical Principles & Standards and The Donor Bill of Rights as a foundation to develop your resource development policies.
- Develop a crisis management plan like the one United Way of Marion County in Florida has posted to the internet and consider involving donors in the policy development process so you can capture their point of view on how they’d like to be informed on certain matters.
- Develop a documentation retention policies so you know what you need to keep and how to securely keep it. Blue Avocado has done a nice job getting you started down this road, but you definitely need to involve your board volunteers, Finance Committee, auditors, and possibly even your donors in developing your own policies.
- Use virus software and spyware software routinely. Check out Tech Soup’s “virus protection toolkit”.
- Don’t ever email donor data or information.
If you really want to scare yourself, spend a few moments with this PowerPoint presentation from our friends at NTEN. Scared yet?
So, how do you protect your donor data? If your systems got hacked or compromised, how would you go about informing your donors and dealing with the crisis? Please weigh-in and share so we can all learn together!
Here is to your health!Erik Anderson Owner, The Healthy Non-Profit LLC firstname.lastname@example.org http://twitter.com/#!/eanderson847 http://www.facebook.com/home.php#!/profile.php?id=1021153653 http://www.linkedin.com/in/erikanderson847