Blog Archives
Creating secure passwords protects you, your non-profit and your donors
These days, it seems like every few months we are hearing of another password breach at a website. Just a few weeks ago one of the world’s largest online gaming companies, Blizzard, suffered a digital security breach and thousands of passwords were compromised. A month before that, the popular social networking site, LinkedIn was also hacked.
While there is not much that can be done when those things happen, you can take action to ensure your online identity and the identity of your agency remain secure. The first line of defense is coming up with a secure password.
Every site you sign onto will ask for a password. Furthermore, some people might need a password to sign into your computer. That can be a lot of passwords to try to remember. Here are a few tips on how to create memorable and secure passwords:
- The longer the password, the better. While creating short but extremely random passwords might be a great strategy if you only have a few passwords to remember, chances are you have quite a few sites that require a password. This is why creating a long password is best. One idea is to think of a story you will never forget and put together a phrase with a few numbers based on that story. That phrase with a few numbers provides you with much better security.
- Complex over simple. While you do not want a random collection of numbers and letters, you do want your password to have some complexity. This can be accomplished through the use of upper and lowercase letters, numbers and special characters. A general rule is to have at least one of each in your password.
- No personal information. Do not include things such as your address, phone number, birthdate, social security number, etc in your passwords. If for some reason a site that you are subscribed to is hacked, the hacker can use this information to link together other information on the web and find out who you are. In no time, your identity theft has your credit card numbers and other personal information.
It is best to have a different password for each site to which you are subscribed. If you are concerned about remembering a bunch of passwords, then there are password managers available to help you. Google Chrome and other browsers offer a password managers that save an encrypted version of your password for you, which will auto-complete the next visit that site. There are also independent password managers such as KeePass that also will save your passwords for you.
Your non-profit organization might already have a policy on creating passwords. So, before following any of the advice in this post, make sure you check with your IT Department and make sure your passwords are compliant. Also, remember to change your passwords often. A good rule of thumb is to change them every three months to keep accounts secure.
These best practices aren’t just necessary for your online activity. They also applies to internal software such as password protected donor databases.
Anyone else have some great password creation tips? What password manager do you use? Does your agency have a password creation policy? If so, would you be willing to share it with other readers? Let’s talk about all of this in the comment section!
Does your non-profit cell phone policy and apps violate clients’ privacy?
Apps. There’s a ton of them. Need to track your most recent run? There’s an app for that. Want to keep track of your expenses? There’s an app for that. Need to go to the bathroom in the middle of the a movie and don’t want to miss out on any of the action? There’s an app for that.
We all know there are plenty of smart phone apps out there, but do we really understand what they do once they are downloaded onto your phone?
This past week, Facebook, Apple, Twitter, Yelp and fourteen other social media sites were listed in a lawsuit for distributing “privacy-invading” applications. According to a PC World article, these applications are accused of collecting user address book data and storing it on their servers without the user knowing.
This issue is at the top of many minds in the technology field as just last month, the popular social network Path issued a public apology after it was discovered the company used address book data to notify users when their friends had joined the network.
So what does this mean for your non-profit agency? Well, not much if your agency doesn’t allow staff members to use data based applications on their phones. I am guessing though, that nowadays that is a rarity.
When I read stories like this, I often think of non-profit organizations that deal with HIPAA on a daily basis. Many of the employees may have access to company smart phones that allow employees to check in on email while away from the office. Or what if the agency doesn’t supply cell phones and staff members use their personal cell phones to update the organization’s Facebook page?
Phones are so smart these days that . . .
- information from the email the staff person replied to,
- the new Facebook friend that was just confirmed, and
- the phone call that was just made
might be added to the phone’s address book and sent to third-party servers without the user even being aware.
In the case of the HIPAA abiding non-profit (and even those who wish to protect board member and donor information), there could be a violation without anyone’s knowledge.
Even if your agency doesn’t need to protect the identity of their clients, do you really want address book information being shared without your knowledge? These days, with security breaches more rampant, you can’t take privacy seriously enough.
So what can we do?
Decide if your organization really needs to use cell phones. Yes, it is nice for staff members, but is it necessary? Can you get by without them? A radical idea, but it just might be the right one.
If you decide that cell phones are needed, consider providing them only for “necessary staff” instead of allowing staff to use their personal phones. I know this costs money, however; it ensures more control over the use of the phone on behalf of the agency.
Also, consider what type of phone is needed. Does the user really need all of the bells and whistles of an iPhone or can she be as productive with an older generation Android device?
In addition, regardless if phones are being provided by the agency or not; a clear and strict technology policy must be in place and understood by all employees.
If staff members are provided smart phones, what applications can they use? If it is decided that apps can be downloaded to agency phones, then make sure the person overseeing the policy reads up on the privacy policies of the allowed apps. Most of them can be found online in either the iTunes App Store or Google Play Store. Keep in mind that these policies can change.
Audit your agency’s technology. If your organization currently allows staff members to use their personal phones, there is not much you can do other than make them aware of the issue of apps and how they can compromise your clients’ privacy. However, on phones provided by your agency, see if any of these applications are already downloaded and check out their settings to see if any sharing options can be turned off. When in doubt, hard reset the phone and start all over.
I will be the first to admit that managing the technology of business is not easy. And these privacy concerns do not make it any easier. However, until applications stop sharing information, taking the time to address these issues now could mean avoiding a sticky legal situations later.
I’d love to hear how your organization manages cell phone usage for staff members. Do privacy issues concern you? Let’s continue this discussion in the comment section below!
How Google’s Recent Changes Affect You and Your Non-Profit Organization
Google. The little search engine that could – has changed search, yet again.
This month, Google made significant changes to how they deliver search results and the Terms of Service attached to each of their products. Today we’re going to take a look at what you need to know about these changes and how they affect your agency’s presence on the web.
Search + Your World
Google became popular because it was able to develop an algorithm that would deliver relevant search results to the user. Over the years, Google has improved on its formula and has become the most recognizable search engine in the world. The cyber-world has changed a bit during this time as it has become social. Today, people are using Twitter, Facebook and other social media sites to access information on topics before heading to Google. Why? They trust their already established social network. Recognizing that curated search results are popular, Google adapted it’s algorithm and introduced Search + Your World.
This new system has 3 features:
- Provides Personal Results – Now when you search for “fundraising ideas” on Google, the first set of results that you see will be anything that may have been shared with you from your social network. This includes photos, blog posts, videos, ect.
- Profiles in Search Results – Google+ is Google’s social network. With the new changes, if you search for a topic such as “photography,” the Google+ profiles of photographers may show up at the top of your search.
- People and Pages – Again, directing the user to Google+, search results will now offer up profiles of people or pages related to your search topic.
A few things to keep in mind:
- Facebook and twitter results are not included in search results.
- If you have a Google account, your own media (photos, blog posts, videos, etc) will show up in your results. Also, they will show up in the results of anyone Google thinks you might know.
- You can opt-out. On the Google search results page, in the upper right hand corner, there are two new icons: a person and a globe. If you click on the globe, you will see search results without the new “+ Your World” filter.
What does this mean for your non-profit organization?
Seeing as this change has happened only recently, it is hard to see how it is affecting organizations when it comes to where they show up in search results. However, as we all know, social media is becoming increasingly important to having new donors find you on the internet. One scenario came to mind. Say a donor, volunteer or staff member talks about their experience with your agency on their personal blog. That post could show up in a friend of the writer’s search results before your official site.
The curation of search results will continue with both Twitter and Facebook trying to step into the ring. Now more than ever, it is important for your agency to have a controlled and active online presence to ensure that the information you want to show up first, does. Test it out. Google your organization and see if this new way of search has made an impact.
Google’s New Terms of Service (or One Google To Rule Them All)
If you’re anything like me, I live my life in Google. I use Gmail, Google Calendar, Google Docs, Google+, YouTube, Zaggat, Google Maps and Android, pretty much everyday. Currently, each of these services has it’s own Terms of Service (TOS) outlining how Google will use my personal information. That will change on March 1, 2012 when all Google products will operate under one TOS. Google claims this will enhance results across their products and improve how products work together.
However . . .
People concerned with privacy are worried about how their information is going to be shared on the internet. For example, say a person uses Gmail for personal correspondence and is trying out stand-up comedy on YouTube under an alias. After March 1st, the person’s real name will be associated with the YouTube account – easy for anyone to find. It should be noted however, that Yahoo! and Microsoft already have similar practices.
Again, what does this mean for your non-profit agency?
If you are currently using any Google service on behalf of your agency, it is important that you are aware of how your information will be combined. I suggest creating separate personal and professional accounts before March 1, 2012 to make sure that the separation is clear to Google.
Also, if your organization already uses Google products, I would review what services are being used with your account. This can be done by logging into Google Dashboard.
Finally, if you decide that Google products are not the best fit for your organization, you can always export your data and delete your Google account.
What do you think about the changes Google has made? Do you see them as a help or hinderance to your organization? I’d love to discuss this with you, but you need to start the conversation using the comment box below! 😉
Fundraising volunteers speak out: Part 4
After last week’s focus on donors and what they have to say about their charitable contributions, I’ve decided to change the focus and ask volunteer solicitors to talk about their most rewarding solicitation experience and what needs to happen to keep them involved next year. Similar to last week, this week’s respondents answered an anonymous online survey that they learned about on various social media channels and from blast emails. I’ve picked four really awesome responses to share with you this week that I think provide excellent lessons for non-profit and fundraising professionals. Enjoy!!!
Again … the survey was anonymous because I wanted the truth, the whole truth and nothing up the truth. Here is what the today’s highlighted survey respondent said:
Question: Using the comment box below, please write a paragraph or two about your most rewarding solicitation experience (e.g. when you sat down eyeball-to-eyeball with someone else and asked them to consider making a charitable contribution). Why was it so rewarding for you? How did you feel going into the meeting? And what made you feel comfortable enough with doing such a solicitation?
Answer: I asked the Frye Foundation for money to create a four state event around domestic violence and homeless families. It was rewarding because they became a very interested, active participant in the process and the outcome.
Question: Understanding you are probably a very busy person, what does the charity that you’ve made some solicitation calls for need to do (or show you) in order to renew your commitment as a volunteer solicitor in the next fundraising campaign?
Answer: It needs to call to my ethics . . . it needs to be well run and respected . . . and it needs to show results.
OK … unlike last week when I couldn’t resist weighing in with my thoughts, I’m going to take a risk and ask YOU to weigh-in and share what you think the moral to the story is. And the risk I’m referring to is . . . no one is going to comment and all anyone will hear is the sound of crickets. Please use the comment box below and remember that we can all learn from each other. I also encourage you to share links to resources that you’ve found on the internet.
Here is to your health!
Erik Anderson Owner, The Healthy Non-Profit LLC eanderson847@gmail.com http://twitter.com/#!/eanderson847 http://www.facebook.com/eanderson847 http://www.linkedin.com/in/erikanderson847Fundraising volunteers speak out: Part 3
After last week’s focus on donors and what they have to say about their charitable contributions, I’ve decided to change the focus and ask volunteer solicitors to talk about their most rewarding solicitation experience and what needs to happen to keep them involved next year. Similar to last week, this week’s respondents answered an anonymous online survey that they learned about on various social media channels and from blast emails. I’ve picked four really awesome responses to share with you this week that I think provide excellent lessons for non-profit and fundraising professionals. Enjoy!!!
Again … the survey was anonymous because I wanted the truth, the whole truth and nothing up the truth. Here is what the today’s highlighted survey respondent said:
Question: Using the comment box below, please write a paragraph or two about your most rewarding solicitation experience (e.g. when you sat down eyeball-to-eyeball with someone else and asked them to consider making a charitable contribution). Why was it so rewarding for you? How did you feel going into the meeting? And what made you feel comfortable enough with doing such a solicitation?
Answer: I was asked by one of my favorite non-profit organizations to contact someone who I really didn’t consider a friend but knew casually through mutual friends. It took more than a month and many phone calls before she responded and I was able to get the meeting. While I was not expecting much, I did get a generous pledge from her. I’m not sure if it was the most “rewarding” solicitation I’ve ever done, but it is the hardest I ever had to work to secure a contribution. In hindsight, I can’t honestly say that I ever felt “comfortable” making that ask or being put in that situation.
Question: Understanding you are probably a very busy person, what does the charity that you’ve made some solicitation calls for need to do (or show you) in order to renew your commitment as a volunteer solicitor in the next fundraising campaign?
Answer: I don’t want to go out and bust my butt if the non-profit who has recruited me is seen as being in “poor standing” in the community. I am attaching my good name to this agency, and choosing to help a non-profit with a poor public opinion and bad management reflects poorly on me. I look for quality organizations that are dedicated to sustainable business practices.
OK … unlike last week when I couldn’t resist weighing in with my thoughts, I’m going to take a risk and ask YOU to weigh-in and share what you think the moral to the story is. And the risk I’m referring to is . . . no one is going to comment and all anyone will hear is the sound of crickets. Please use the comment box below and remember that we can all learn from each other. I also encourage you to share links to resources that you’ve found on the internet.
Here is to your health!
Erik Anderson Owner, The Healthy Non-Profit LLC eanderson847@gmail.com http://twitter.com/#!/eanderson847 http://www.facebook.com/eanderson847 http://www.linkedin.com/in/erikanderson847Fundraising volunteers speak out: Part 2
After last week’s focus on donors and what they have to say about their charitable contributions, I’ve decided to change the focus and ask volunteer solicitors to talk about their most rewarding solicitation experience and what needs to happen to keep them involved next year. Similar to last week, this week’s respondents answered an anonymous online survey that they learned about on various social media channels and from blast emails. I’ve picked four really awesome responses to share with you this week that I think provide excellent lessons for non-profit and fundraising professionals. Enjoy!!!
Again … the survey was anonymous because I wanted the truth, the whole truth and nothing up the truth. Here is what the today’s highlighted survey respondent said:
Question: Using the comment box below, please write a paragraph or two about your most rewarding solicitation experience (e.g. when you sat down eyeball-to-eyeball with someone else and asked them to consider making a charitable contribution). Why was it so rewarding for you? How did you feel going into the meeting? And what made you feel comfortable enough with doing such a solicitation?
Answer: I don’t know if I have ever felt that making the actual ask was rewarding. Getting a check in hand feels rewarding. On the other hand, having someone not give you money is just as deflating. I think the feeling you get from having a face-to-face solicitation is not immediately rewarding. I believe it is when you “put it [the ask] in perspective” that you can feel rewarded. You went out there and stood up for something you believed in. If you can capture that feeling I think that is reward enough. As far as what makes you feel comfortable. It is the relationship with the person you are soliciting. The better the relationship, the easier it is to solicit.
Question: Understanding you are probably a very busy person, what does the charity that you’ve made some solicitation calls for need to do (or show you) in order to renew your commitment as a volunteer solicitor in the next fundraising campaign?
Answer: I think that the organization just needs to understand the challenge of asking people for money. I think it needs to be careful not too lean on people too heavily. Think of each volunteer differently, account for what might make certain asks hard. I think ultimately you want someone to appreciate you and the fact that you are really putting yourself out there.
OK … unlike last week when I couldn’t resist weighing in with my thoughts, I’m going to take a risk and ask YOU to weigh-in and share what you think the moral to the story is. And the risk I’m referring to is . . . no one is going to comment and all anyone will hear is the sound of crickets. Please use the comment box below and remember that we can all learn from each other. I also encourage you to share links to resources that you’ve found on the internet.
Here is to your health!
Erik Anderson Owner, The Healthy Non-Profit LLC eanderson847@gmail.com http://twitter.com/#!/eanderson847 http://www.facebook.com/eanderson847 http://www.linkedin.com/in/erikanderson847Fundraising volunteers speak out: Part 1
After last week’s focus on donors and what they have to say about their charitable contributions, I’ve decided to change the focus and ask volunteer solicitors to talk about their most rewarding solicitation experience and what needs to happen to keep them involved next year. Similar to last week, this week’s respondents answered an anonymous online survey that they learned about on various social media channels and from blast emails. I’ve picked four really awesome responses to share with you this week that I think provide excellent lessons for non-profit and fundraising professionals. Enjoy!!!
Again … the survey was anonymous because I wanted the truth, the whole truth and nothing up the truth. Here is what the today’s highlighted survey respondent said:
Question: Using the comment box below, please write a paragraph or two about your most rewarding solicitation experience (e.g. when you sat down eyeball-to-eyeball with someone else and asked them to consider making a charitable contribution). Why was it so rewarding for you? How did you feel going into the meeting? And what made you feel comfortable enough with doing such a solicitation?
Answer: A CEO of a local company reached out to me to learn more about our cause and how their involvement could benefit us. My initial meeting was a fact-finding session with their senior leadership team and was followed up by a personalized tour of our facility outlining all of the items we discussed in the initial meeting. The visit culminated with a comprehensive proposal that addressed their areas of interest. The outcome – score! They are now funding several different initiatives and we have developed a mutually beneficial long-term relationship.
Question: Understanding you are probably a very busy person, what does the charity that you’ve made some solicitation calls for need to do (or show you) in order to renew your commitment as a volunteer solicitor in the next fundraising campaign?
Answer: Provide me with the facts and outcomes of our program so that I am armed with answers to potential questions the funder will ask. And follow-through with the donor as requested after the solicitation . . . providing great stewardship.
OK … unlike last week when I couldn’t resist weighing in with my thoughts, I’m going to take a risk and ask YOU to weigh-in and share what you think the moral to the story is. And the risk I’m referring to is . . . no one is going to comment and all anyone will hear is the sound of crickets. Please use the comment box below and remember that we can all learn from each other. I also encourage you to share links to resources that you’ve found on the internet.
Here is to your health!
Erik Anderson Owner, The Healthy Non-Profit LLC eanderson847@gmail.com http://twitter.com/#!/eanderson847 http://www.facebook.com/eanderson847 http://www.linkedin.com/in/erikanderson847Viruses, hackers, spyware and donors oh my
Last Thursday, I turned my computer on and started preparing to write my daily blog, when suddenly my virus software sprang into action. A pop-up window told me that my computer was infected with a trojan virus and asked if I wanted it removed. Of course, I said ‘YES’. In a blink of an eye, I was staring at the dreaded “blue screen of death,”and I was obviously out of commission. It was for this reason you did not see any blog posts from me on Thursday or Friday.
During my unplanned time down, I started thinking about how non-profit organizations probably deal with this on a daily basis and how in some instances it could even impact donors who routinely feed us their personal information (e.g. name, address, phone, email, credit card and banking info, etc).
Upon further investigation, did you know that the Obama team, who has collected tons of donor information at donate.barackobama.com, had to dealt with hackers as recently as a year ago? And “Twitter hacking” has been in the news recently for reasons I refuse to go into.
Non-profit organizations are constantly collecting information on their donors and storing it in their donor database. In fact, with the social media revolution in full swing, non-profits are pushing further by “friending” donors on Facebook, following donors on Twitter, and linking with donors on LinkedIn. All of these activities are intended to help deepen our relationships with donors and get to know them even better.
It is a brave new world and non-profit organizations need to make sure they are ready to deal with these issue. If you don’t think spyware, computer viruses, phishing and hackers are an issue, then go talk to our resource development friends at the University of Notre Dame or Maine Public Broadcasting.
Put yourself in a donor’s shoes after being informed that your systems were compromised? Where is your confidence level? What is running through your mind the next time you’re asked to make a contribution?
Of course, the answer is not to unplug your donor database or shutdown the organization’s Facebook or Twitter accounts. However, you might consider the following:
- Develop a privacy policy for donors like the one Hope House has posted on their website.
- Use the Association of Fundraising Professional’s (AFP) Code of Ethical Principles & Standards and The Donor Bill of Rights as a foundation to develop your resource development policies.
- Develop a crisis management plan like the one United Way of Marion County in Florida has posted to the internet and consider involving donors in the policy development process so you can capture their point of view on how they’d like to be informed on certain matters.
- Develop a documentation retention policies so you know what you need to keep and how to securely keep it. Blue Avocado has done a nice job getting you started down this road, but you definitely need to involve your board volunteers, Finance Committee, auditors, and possibly even your donors in developing your own policies.
- Use virus software and spyware software routinely. Check out Tech Soup’s “virus protection toolkit”.
- Don’t ever email donor data or information.
If you really want to scare yourself, spend a few moments with this PowerPoint presentation from our friends at NTEN. Scared yet?
So, how do you protect your donor data? If your systems got hacked or compromised, how would you go about informing your donors and dealing with the crisis? Please weigh-in and share so we can all learn together!
Here is to your health!
Erik Anderson Owner, The Healthy Non-Profit LLC eanderson847@gmail.com http://twitter.com/#!/eanderson847 http://www.facebook.com/home.php#!/profile.php?id=1021153653 http://www.linkedin.com/in/erikanderson847
DonorDreams Blog 