Nonprofits list online security as top concern

Online fundraising tools are crucial to keeping a nonprofit afloat. But when it comes to accepting online donations, cybersecurity is just as important. Many nonprofit organizations list data breaches and hacking among their top concerns, according to the 2015 CohnReznick Not-for-Profit Survey. The accountancy firm polled 470 nonprofit leaders regarding how they govern their organizations, the risks not-for-profits face and how their organizations address those problems. 

Top risk
The survey found a disconnect, however, between the percentage of nonprofits reporting that cybersecurity was a top priority and the number of organizations actually implementing safeguards from breaches, hackers and fraud.

Eighty-one percent of not-for-profit presidents listed online security as one of their top 10 risks, while 24 percent ranked the issue as one of their top three, according to the survey.

But only 11 percent of the same respondents have someone who's knowledgeable about technology risks sitting on their governing boards. Meanwhile, 60 percent said either their finance or executive committee handled issues facing IT, which leaves monitoring of possibly fraudulent activity to untrained and uneducated employees. 

If a nonprofit's website doesn't already have an outside company or professional performing security tests or providing certified payment processing or donation management software, then it could be at risk for hacks or data breaches.

Cybersecurity
The concern over tech safety expands when examining the leaders' write-in answers to the survey, according to The NonProfit Times. Many nonprofit heads remarked to CohnReznick that securing their computer systems, preventing online fraud and safely storing donor information were among their top priorities.

"You can see they are all kind of under security," Kelly Frank, a partner at CohnReznick, told The NonProfit Times. "They took it a step further and wrote it in exactly. They specified it a little bit better."

Of the respondents, the majority - 58 percent - lead not-for-profits with annual revenue streams of $1 million to $25 million and 18 percent lead organizations with $25 million to $50 million in the bank, the survey reported.

Besides frequent password changes, there are steps not-for-profits may take, including setting aside time during board meetings to discuss online risk management strategies, The Huffington Post reported.

According to Eugene Fram, a business professor at the Rochester Institute of Technology, educating board members about cybersecurity issues and using a third-party donation payment system with more secure software can minimize risks. 

Back to News