Take These Easy Steps for Your Most Secure Giving Tuesday Yet
Giving Tuesday is nearly here. For many nonprofits, it's a fundamental part of their fundraising and messaging strategies. You've likely created plans for this year… but have you taken precautions to protect your donors and your organization on Giving Tuesday?
If you haven't, we will walk you through what you need to do. You can lock down your security in a few steps and still have time for an extra slice of pumpkin pie before it's go-time.
Get Serious about Your Social Media
Social media is your organization’s megaphone. It’s a direct, trusted line to your fans, potential donors, and community. If extremists are able gain access or use social media to impersonate staff members, the damage to your organization’s fundraising efforts, reputation, and platforms can be severe and long-lasting.
Securing your social media presence is a maintenance activity that takes just a few minutes. Make sure that your social media accounts are protected and safe by taking these steps:
Review (and scrutinize!) everyone who has access to every platform. It is vital that you remove all former employees, volunteers, and agencies you no longer work with. During your audit, make sure that everyone who does have access has the correct level of permissions. Remove staff members who no longer work at the organization or who do not need direct access in their day-to-day work.
Mandate that everyone with social media access is using their own strong, unique password for every account. Investing in a password manager is key generally, but is especially helpful if your organization is particularly active on social media, has a presence on multiple accounts and platforms, and is accessible by multiple staff members.
Implement Multi-Factor Authentication (MFA). (More on this in a minute.) Make it mandatory for anyone who logs into your organization’s social accounts.
Check each account's settings. Doing a manual check is a good first step. Kick it up a notch by using a tool like Block Party, which can assess your social media's security risks.
Put a Stop to Email Impersonation
Make sure that bad actors aren’t profiting off your organization’s good name and reputation. By enabling these three email security measures, you’ll make it harder for scammers to use your brand to rip off your donors with bogus emails:
Sender Policy Framework (SPF): SPF acts like a permission slip, as it’s a public list of all of the services that you are allowing to send email on your behalf. Using SPF stops scammers from pretending to be you on the “From Field” through email.
DomainKeys Identified Mail (DKIM): DKIM is a digital signature that builds trust with your audience because it proves that your email hasn’t been hacked.
Domain-based Message Authentication, Reporting and Conformance (DMARC): When mail fails SPF and/or DKIM, DMARC is the policy that tells mail servers what to do next. If you set your DMARC to reject fraudulent mail that doesn’t pass security standards, you’ll protect your donors, the trust you’ve built with your audience, and your organization’s reputation.
As a bonus, these three tools will improve your email’s deliverability to your intended recipients. It’s a win-win!
Have a Game Plan for Your Endpoints
In tech terms, endpoints are your team's physical devices, like phones, tablets, laptops, and desktops. These endpoints can be the endgame for hackers who are looking to take advantage of your organization's security gaps.
Updates exist to stop malware and scammers by proactively patching discovered issues and vulnerabilities. Make updating software, apps, and operating systems mandatory and regular for the entire organization by automating it.
Get Your Website in Order
It's likely your organization updates content regularly on your website. But when was the last time you updated the backend of your site?
If you don't regularly update your website, it could be vulnerable to hackers. Keeping your website current reduces security risks in just a few minutes with a few clicks.
Before Giving Tuesday, log into your administrative panel and run updates on all apps, plugins, and themes. If there are any plugins you aren't using anymore, remove them. Just be sure that you've confirmed that any removals will not hinder the site's performance.
Tip: If your org's website is managed by someone outside of the organization, ask these questions to get the conversation going.
Here’s Your Biggest (and Simplest!) Security Win
Our society is awash in security leaks. Passwords, personal information, Social Security numbers -- so much is compromised and available to hackers online. It’s the number one reason why passwords (even the really complicated ones!) are simply not enough to protect your digital assets and platforms.
That’s why it is so vital that you enable Multi-Factor Authentication across the programs that your organizations use. When enabled on a digital product, MFA requires that a password and a second method of proof, like a passkey, a code, or a push notification, is employed before the program opens.
MFAs can be set up in minutes (sometimes just seconds!). It’s one of the simplest and most effective ways to secure your properties. If you’ve joined us for a webinar, you will have heard us emphasize the importance of MFAs for your org.
Set up your MFAs on these platforms now:
Bank accounts
Payment platforms (PayPal, Venmo, etc.)
Social media (Facebook, Instagram, TikTok, etc.)
Financial systems (QuickBooks, FreshBooks, Bill.com, etc.)
Email (Gmail, Microsoft 365, etc.)
Make This Organizational Change
Now that you've made updates, patched endpoints, enabled MFA, secured your email and social media, and are taking preventative steps to mitigate cyber security risks, you've got one thing you still need to do.
Employees need a safe, blame-free method to report suspicious activity. And you need a way to track and work through them. By creating a Reporting Channel, you're achieving both goals.
In Slack or Teams, create a #security channel and invite all staff. Ground rules that encourage no-blame, fear-free reporting of security risks and questionable activity are vital in ensuring employees report issues in a timely fashion with accurate information.
If staff have a judgement-free way to report security missteps, and they will happen, the faster you’ll be able to react in the event of an incident.
By making security an important aspect of your organization's Giving Tuesday, you're setting your organization up for success.
