Your nonprofit organization’s site is secure, and you have measures in place for data privacy. Now it’s time to put procedures in action so that your website and servers are protected today and in the future. Reduce the risk of your organization being vulnerable due to social engineering.

Routines and Training to Establish for Your Website’s Ongoing Security

By now, you put security measures in place for your website and did your job to make sure your site protects user privacy. The next step is to put routines and tasks into place for your staff to make sure your prior efforts will be supported moving forward.

 The human element of a secure website is often overlooked. You can have the most secure site in the world, but if you or your volunteers take unnecessary risks or are careless about maintaining the site’s security, all that work was for nothing.

 Social engineering runs rampant and is designed to tap into the hearts of your employees and volunteers to get them to share sensitive information over the internet. Physical devices such as laptops, tablets, and phones also need to be taken into account; a device left open and alone is at risk for being hacked.

Train every person involved in your organization to choose secure measures. Put routines in place to minimize risk for your nonprofit’s website.

Choose an Employee to Maintain Your Site

It’s important the three tasks outlined below are assigned to someone on your team who can complete them on a regular basis. 

Keep Your Site’s Software Up To Date

As I mentioned in the first post of this series, you need to build your site with the most up-to-date software. In addition, you also need to maintain your website’s software and keep it updated.

Your website runs on software that needs to be updated regularly, just like the applications on your computer or phone. Without these updates, that software becomes out-of-date and will leave your site vulnerable to hackers. When you get prompted to update your site, don’t push off the task for later!

Sometimes, software becomes abandoned by its creators and doesn’t receive regular maintenance. This means you won’t get notified for an update. Make it a priority to regularly comb through your third-party apps to check to see if they’re still supported. If you’re using software or a plugin that hasn’t been updated by its developers in a year or more, find an alternative that is maintained routinely. This also reduces the risk that something might break when you update a different part of your site.

Schedule Regular Backups For Your Site

With any project, it’s important to capture progress so you don’t lose your work if something happens. Schedule regular backups for your website so you always have a recent copy you can use while you work to fix an issue.

There are tools to help you manage your website’s database backups. Check with your site host to see how often backups are made, and how long they keep the versions. You can also use a plugin or extension on your site to manage backups yourself. Either way, it’s important to store these backups in the cloud (with a service like Dropbox or pCloud) as opposed to your computer, so that your site’s information is stored safely even in the event that your computer or server becomes inoperable.

Set Up Automation for Uptime Monitoring

With an uptime monitoring tool, you will get automatic notifications when something goes awry. That way, you’ll know immediately when your nonprofit’s website goes down so you can work to fix the issue fast.

Without this monitoring, you may be unaware that your site is down, which could result in a lot of downtime. Not only will this affect your supporters who are trying to reach your site, but it can also affect your site’s SEO.

Choose Strong Passwords and Manage Them Safely

Any passwords used to gain access to your site, your hosting, or other third party apps should be strong. Secure passwords are alphanumeric, meaning they use both letters and numbers, and preferably symbols, too. The people who have access to your site need to choose strong passwords and keep track of them in a secure, encrypted way.

Because complex passwords can be difficult to remember, it’s best to store them in a password management service like 1Password.

Volunteers, staff, or anyone else who logs into your site needs to create strong passwords. Require their password to:

  • Be unique (don’t reuse passwords between sites or services)
  • Be a certain length
  • Utilize uppercase and lowercase letters
  • Contain numbers, and
  • Contain special characters.

Use Unique Logins and Minimize Access to Sensitive Information

It’s important to manage the logins for your site in order to decrease the risk of donor or volunteer information getting used inappropriately. You can do this by:

  • Minimizing the number of people who have access.
  • Creating a unique login for every person; do not share the same account username and password between people.
  • Keeping track of who has access to what.
  • Revoking access when someone moves to a different role or leaves the organization.

Stay on top of these logins to protect your data.

Use Secure Messaging to Communicate With Your Team

Messaging apps like Signal keeps all of your conversations encrypted. It’s important to use an encrypted messaging app within your team, especially when discussing private data.

As in the above tip, using an encrypted app means that the data will appear scrambled to anyone else besides your team. Your sensitive conversations are guarded from hackers.

Signal is especially useful because both calls and written messages are protected.

Invest in Anti-Phishing Training for Your Employees

Anti-phishing training involves teaching your staff how to use email safely. There are many phishing scams out there, and they are ever-evolving. Most times, phishing attempts will:

  • Try to fake the identity of the sender, posing as a higher-up in the organization.
  • Pretend to know the inner-workings of the company in order to express familiarity.
  • Request sensitive information from the email recipient.

With proper knowledge, your employees will be able to recognize common red flags associated with phishing or hacking techniques. This will help protect your organization from putting important information into the wrong hands.

Teach Staff and Volunteers to Take Security Seriously

Finally, educate everyone involved with your organization to take security seriously. Online tech trainings are widely available to companies for a good reason—an open laptop at a conference, a tablet left on a car seat, or a phone without the right level of password protection all make an organization vulnerable.

A lot of these measures can seem overkill, especially for a small organization. But when it comes down to it, it’s not worth taking the chance of being hacked. If your mission works with at-risk groups such as minors or domestic violence survivors, you need to keep that sensitive information private. And no matter what, you don’t want to risk losing all of your organization’s data, period.

Routine maintenance for your organization’s security is essential, whether it takes the form of administrative tasks, encryption, or training. Make sure to prioritize it.


There’s a lot to keep in mind with ongoing maintenance of the security and privacy of your website and organization’s data. It’s important to consult experts when it comes to technical issues that are outside of your comfort zone. We can help you with ongoing site maintenance to establish security routines to keep your organization safe: schedule a free consultation today.

You might also like...

A man uses a braille writer to input information into a computer.