Cybersecurity for Nonprofits: 10 Simple Security Measures Every Organization Should Adopt


Click here to sign up for our upcoming webinar: Fraud Best Practices on 24th of August, 2023 11:00am ET. Hear from Engaging Networks and WorldPay on how to protect your nonprofit organization from fraudulent activities.

Keeping supporter data safe and secure from cyber attacks and unauthorized access is vital when it comes to cybersecurity for nonprofits. At Engaging Networks, we take data security very seriously and are always monitoring and adapting to changing legal requirements and potential threats.

There are many do’s and don’ts in developing a robust cybersecurity strategy for your organization. By following these ten simple security measures, you can help ensure that your nonprofit organization’s data is only accessible by the right people.

1. Manage your user lists

Your users can log on and access supporter data. If you are a ‘Super Admin’ for your account, make sure that you regularly maintain this list, flagging users as inactive who should no longer have access or deleting them altogether if they have left your organization.

2. Consider using permission groups

If certain users should not see certain types of supporter data when they log on, you can use data views to hide it from them. Cybersecurity for nonprofits means delegating data access privileges to the right people.

3. Keep your passwords secure

Never email your passwords or tokens. Email is not a secure method of communication, which makes your organization vulnerable to cyber attacks. Potential risks like phishing emails demonstrate the sort of malicious activity that can occur over email. (Based on all this, we hope it’s obvious that you should never email supporter data either!)

Two additional measures for curbing cyber threats toward your nonprofit’s passwords: You should implement multi-factor authentication and make sure you don’t use weak passwords — strengthen your passwords with numbers and punctuation marks, and don’t repeat your passwords for different accounts. These extra layers of security will go a long way.

4. Use Egnyte to share secure data

If you need to share data with our support team or other members of your team, use Egnyte. If you’re not familiar with this secure file sharing system please contact us and we can get you set up, or let you know who has access already.

5. Supporters’ data should not be stored in Google Analytics

That means you shouldn’t place personal data, such as email addresses, into URLs that might be logged by Google Analytics. For example, be careful when using the Form Dependency Redirect, which redirects as soon as the condition is met and pre-populates the landing page from data it places in the URL.

6. Use a subdomain of your site for your hosted page

If you are using or domains for your Engaging Networks pages, contact us. We can help you get a subdomain for your pages instead (this does not cost you anything), such as

This builds trust from your supporters that they are on a legitimate site and also lets you whitelist your domains (see the next item).

7. Whitelist your domains

This means that your pages can only be displayed using domains you have whitelisted. Some spammers can guess URLs otherwise and submit data or test card numbers.

8. Fraud management

Although not about data security as such, we have lots of other fraud management tools available — take a look at this page for more information. Multi-factor authentication is an effective way to prevent fraudsters from hacking into your accounts.

9. Check your audit log

Super Admins can check the audit log to see when users are logging in, and what they do. It can be useful to check that activity, as well as the job monitor and import logs, so you’re aware of how your account is being used.

10. Be careful when importing and deleting data

Make sure you have robust procedures in place when your users import or alter data in some way. Many of these processes are irreversible, and so mistakes can be hard to correct.

Cybersecurity for nonprofits — an absolute must

Cybersecurity for nonprofits is not just an option — it is a necessity. The risk of cyber threats and attacks has become increasingly prevalent, which makes nonprofit organizations particularly vulnerable targets for cybercriminals. By prioritizing cybersecurity for nonprofits, organizations such as yours can safeguard operations, protect their donors and beneficiaries, and maintain the trust of stakeholders.

For more on how to safely and successfully scale your cause, sign up for our upcoming webinar with WorldPay: Fraud Best Practices on 24th of August, 2023 11:00am ET.

Best Practices

Global Accessibility Awareness Day 2024

Company News

Engaging Networks Achieves SOC 2 Type II Compliance

Company News

Engaging Networks Roadmap 2024