Social media has become an integral part of the private sector’s marketing strategy. Businesses use social media to promote their brands, keep in touch with customers and advertise new products. They have learned, rather quickly, that social media is a powerful tool. This brings us to the question, why is the nonprofit sector lagging behind? This is the time for nonprofits to jump on the social media wagon and use it to bring about change, to make a positive and profound impact in the lives of people, to reach out to new supporters, to raise more funds and, yes, to increase brand visibility.

Social media is FREE and EASY. Everyone can use it. In fact, almost everyone in the United States is making use of it (3 out of 4 Americans use social media and 87% of Facebook users are participating in social causes that are new to them since their involvement in online communities began). If you are a nonprofit executive still wondering if this is something you should take on, I invite you to look at the numbers.

Let’s take Facebook for example. This social networking site has more than 350 million active users with 90 million users in the U.S. alone. Most of its users are college educated, well-connected and more affluent than average internet users. Today, Facebook ranks as the #1 social networking site.

Twitter, on the other hand, has over 40 million users. Statistics show that more than half of Twitter users don’t even go to a company (in this case nonprofit organization) website, but instead use Twitter to get their daily updates.

And, of course, nonprofits and charitable organizations have the issue-focused networking site Change.org. This site promotes causes ranging from animal welfare and disaster relief to poverty in America and HIV/AIDS worldwide. Nonprofits can post updates, petitions, raise funds and even recruit volunteers.

Nonprofit organizations can use the same tools and techniques that the for-profit sector uses to build awareness, recruit volunteers, connect with supporters, promote events, collaborate with similar organizations and even raise funds. We do not have to reinvent the wheel.

Whether you are a big or small nonprofit, this is the right time to start using social media.

No related posts.

Until this year, Rosa wouldn’t have devoted space to the laws that vary widely across all states—and Washington, D.C.—that require nonprofits to register in each state where they solicit donations.  The laws have been around for decades and ignored due to lack of enforcement.  Nobody cared.

This year, the IRS stepped in with its vastly revised Form 990.  It contains two questions that pointedly ask about your compliance with state Charity Registration laws.  An officer signs your 990 under penalty of perjury.  Add to that a couple of recent enforcement actions and you’ve got a timely guest blog explaining what this is all about and why you need to pay attention.

You’re required to register in states where you solicit.

In states like Arizona, Florida, Georgia, Illinois, New Jersey, and New York, the mere existence of a “Donate Now” button triggers your registration requirement.  One of Rosa’s posts tells you how to optimize your donation page.  If you’ve got one, recognize that it has implications for registration.

If you’re inviting people to your website with email, U.S. mail, telemarketing, ads, events or meetings, you’ll need to register in the states above, plus the likes of California, Texas, Utah and others, if your inducements find residents of these states.

Every state considers paper mail, telemarketing and advertising that seek donations to be a solicitation.  So in the states where you’re using these methods, it doesn’t matter whether you’re using online giving.

Here’s an enormous timesaving tip for a small nonprofit that takes donations on its website.  If you get all of them from just a few states (or only one), put a disclaimer on your donation page.  Say that you only accept donations from those states.  Go one step further and remove the other states from your pull down menu, or only accept the right state names in an input field.  Now you’re only soliciting in the couple of states that mean the most to you.  The laws of every other state are irrelevant.

You know, if you’re not following the laws where you solicit, your board members could be liable.  They’re fiduciaries to your organization.  Under principles of fiduciary duty, they can be personally liable for the misdeeds of your charity.

In a good number of states, including Arizona, Florida and Pennsylvania, failure to register is a crime, either a felony or misdemeanor.   In a lot of other states there are civil, not criminal, penalties.  In October, the Secretary of State in Georgia fined a nonprofit $25,000 for noncompliance with the state’s registration statutes.

There are some bright spots in all this.  A lot of states have exemptions.  They vary wildly based on mission, gross revenue, fundraising revenue and in-state revenue.  You might qualify.

Also, compliance isn’t complicated.  It’s just time consuming.  It’s the perfect project for a detail-conscious volunteer or intern.

Here’s a plan for getting started.  First, register in your home state.  Then, look at where you solicit the most.  If you’re accepting gifts online, your solicitations are based on state populations.  Start with the most populous state, California, and work down, registering where online giving is a solicitation.  Remember, by limiting the states that can donate online, you’ll save considerable time.

If you’re fundraising by paper mail, email, phone, advertisements and meetings, query your database for your constituents’ states of residence, ranking the output file by descending frequency of constituents.  At the top of the list will be the state in which you do the most solicitations.  Start there and work down.  Remember, you might be exempt in some states.

Eventually, with time devoted to one or two states per month, you’ll get your nonprofit into compliance.  That protects your board, your officers and your organization’s reputation.

About the Author
Tony Martignetti, Esq. has been supporting the fundraising needs of non-profits since 1997.  He is the author of Charity Registration: State-by-State Guidelines for Compliance and managing director of Martignetti Planned Giving Advisors, LLC.  His two websites are www.StateCharityRegistration.com and www.mpgadv.com.

No related posts.

This is the season for year-end giving and many potential donors will be visiting your organization’s website. Given the many great charities out there and the current economic climate, your donor will probably ask “why should I give to your nonprofit?” You need to answer them with as much clarity and transparency as possible.

Here are 7 tips to make your case for giving compelling:

1. Concentrate on your homepage: This is the landing page where people spend the most time. A visually appealing and concrete page will give your donors the confidence they need to take the extra step of clicking on your “Donate Now” button.
2. Place your mission statement in a prominent spot on your homepage: Online visitors have a small attention spam. If they can not tell what your organization is all about, they will move on to another website.
3. Boost donor confidence: Place your Charity Navigator and Better Business Bureau badges prominent on your homepage and donation pages. Many nonprofits put their Charity Navigator badge in the footer of all their web pages.
4. Use Stories to show the power of a gift: While statistics certainly have their place in your organization’s message, stories can be a more compelling way to engage stakeholders. Provide compelling and concrete visuals on your homepage and donation pages to represent the impact of a gift.
5. Let your contributors speak for you: Ask those who give their time and resources to your organization to tell others why they do it.
6. Show where the money goes: Donors want to know what you do, how you handle their money and how their gift makes a difference.
7. Make it your Donation buttons big and colorful: Larger donation buttons convert more donors than smaller buttons. Same goes for color. Colorful, high-contrast donate buttons work better than grey buttons. (And yes, put the donation button above the fold)

Take away: Concentrate on making your homepage as polished (relevant content) and visually attractive as possible.

No related posts.

GuideStart offers the largest database on nonprofits organizations in the U.S and is used extensively by grant-makers, donors and volunteers looking for accurate and reliable information about nonprofits and the work they do.

The core of this database is the GuideStar Exchange. Here, your nonprofit can provide and update information about your organization so that grant-makers have access to the most up to date and accurate information reflecting the mission and efforts of your charity.

Through GuideStar, your nonprofit has the opportunity to provide grant-makers with valuable information about your programs when they are looking to fund a worthy organization. Also GuideStar gives your organization greater exposure by sharing your mission, financial information and current needs with people who can help through volunteering and financial support.

For most nonprofits, access to the GuideStar exchange is not only easy but it is free. Apart from increase exposure, the GuideStar Exchange helps organizations who qualify for The GuideStar Exchange Seal program to join an exclusive list of organizations who have been validated by providing full organization transparency.

As a result your organization becomes a seal holder and can use it to promote your organization as being fraud-free, trust-worthy and safe to do business with. Your nonprofit will also have the opportunity to create customized report pages with information for grant-makers and the public.

Today having a presence in the GuideStar Exchange is paramount to the future success of any nonprofit organization.

“22,000 individual donors and professional grant-makers come to GuideStar every day to find information about nonprofits they are interested in,” said Bob Ottenhoff, GuideStar’s president and CEO. “These donors are empowered and engaged in their philanthropy. The most successful nonprofit leader is proactive in sharing information. A listing on the GuideStar Exchange extends your marketing reach by meeting these donors where they are and giving them what they have come to expect – accurate and timely information about your mission, your programs, and your funding needs.”

3 Reasons Why Your Nonprofit Should Be Listed in The GuideStar Exchange

1. GuideStar is used by over 8,000,000 people every year to find information of over 1.8 million U.S. charities.

2. Nonprofits included in the GuideStar Exchange database benefit from greater exposure and the opportunity to be easily found by grant-makers, donors, volunteers and decision-makers.

3. The GuideStar Exchange Seal tells funders that your organization has satisfied all the transparency and validation criteria from GuideStar.

Remember, the more transparent you are and the more information you share regarding your nonprofit, the greater the chances that grant-makers, donors and volunteers will want to support and become involved with your organization.

No related posts.

Moving from a personal to a business perspective, the Aberdeen Group has estimated that $221 billion a year is lost by businesses worldwide due to identity theft. This brings us to the question, can this affect the nonprofit community? Logic follows that if it can happen to one corporate entity, it can happen to another. After all, when it comes to money, nonprofits also have EIN numbers, credit cards, bank accounts, letterhead and paperwork that can be reproduced and used for unauthorized purposes.

The most common form of identity theft at the business level is the use of a company’s credit profile, either to fraudulently obtain credit for a separate company or to make purchases in the name of the company. Nonprofits can also be affected by “Cyber Squatting” and social media identity theft.

Cyber Squatting & Nonprofits

Cyber squatting is when someone “steals” your organization’s domain name and uses it to profit from the goodwill associated with the organization’s trademark. This can happen in few scenarios.

First, since most nonprofits only buy their domain name ending in “.org,” the same domain name ending in “.com” can be registered by another person or entity. Thus, if you type www.one.org you will be taken to the well-known grassroots advocacy organization ONE. But if you type www.one.com, you are taken to a website offering hosting services. In this case, the web hosting site (one.com) is a legitimate business. It may not have even intended to associate itself with One.org. But there is no doubt that they benefit from the extra traffic they get from people who are looking for the advocacy organization One.org but incorrectly typed its web address. Since people are in the habit of using ‘.com’ when searching the Web, this unintended appropriation of nonprofits’ organizational goodwill is not infrequent.

A second case scenario is when someone buys your .com domain name and uses it in bad faith with the intent of deceiving donors. Cyber squatters are known for setting up websites that look and feel just like the real organization’s website. They replicate or copy the code and images from the legitimate nonprofit website in order to create the fake website. It can be difficult for users to distinguish a real website from a fake and cyber squatters are thus able to capture your donor’s information (name, address and credit card numbers). Your donors then unwittingly become the victims of personal identity theft.

Social Media Identity Theft

When it comes to using your brand on social sites, you also need to be aware of the potential risk of identity theft.  Back in June when Facebook began allowing members to claim vanity URLs, there were a lot of scammers snatching up big-brand names and cyber squatting in order to capitalize on the goodwill associated with the brands (e.g., Baja Fresh).

What Can You Do to Protect Your Nonprofit from Identity Theft?

1. Manage your data carefully and consistently. With the vast amount of information available on the internet these days, it is a must that you find out exactly what information regarding your nonprofit is online.
2. Check for the use of your brand name across popular and emerging social media websites. Grab your name before someone else does.
3. Google yourself. Set up alerts related to your organization to see if there are any spoof sites (mirror sites) that have your information on them. In addition to your organization’s name, consider alerts related to your original Web content, social media sites and key staff.

1. Buy .org and .com domain names for your organization.
2. Develop & implement an IT plan designed to prevent and manage a security breach. (See “Nonprofits and the Hacking Nightmare”)
3. Limit the employees who have access to sensitive information (EIN number, bank accounts and credit cards) and always encrypt sensitive data on your computer network.
4. Review regularly your nonprofit credit report and always carefully scrutinize employee charge card billing statements before they are paid, particularly those accounts for which multiple cards are issued.

1. Guard check stocks like cash. Don’t use preprinted check stock. Instead, encourage direct deposit, and shred sensitive documents that are not required by law to be maintained on a regular basis.

1. Do not panic. One of the worst things you can do in a case of organizational identity theft is panic and make a series of moves on fear and impulse. In the worse case scenario, you should immediately contact your lawyer and the local authorities.
2. Preparation. Last but not least, you should be prepared to fight for your nonprofit. Keep your documents organized as lack physical evidence of ownership can make your case difficult to prove.

No related posts.

Many nonprofits are required to comply with privacy regulations and other confidentiality provisions. What would happen if your data is stolen and compromised? Data leakage and down-time may result in reputation loss, turn away new and existing constituents and, in some cases, it may even lead to legal liability.

But even if you don’t have to worry about constituents’ confidentiality, what about your donor’s information? Your internal databases? Your financial information? Security violations, if not handled appropriately and quickly, may impact the organization’s reputation and future opportunities for growth.

The truth is that a computer virus outbreak or a network breach can cost an organization thousands of dollars. Security should be a primary issue for any nonprofit. Unlike larger organizations with dedicated security and IT staff, small and medium-sized nonprofits have limited resources. Often their IT infrastructure is handle by “accidental techies” and part-time IT consultants.

Techsoup in partnership with GFI Software recently published “Security Threats: A Guide for Small Nonprofits.” The article focuses on small and medium-sized nonprofits and offers tips (read below) for avoiding threats that are likely to affect organizations.

Be prepared. Don’t let security attacks catch your nonprofit off-guard.

Seven Tips for Avoiding Common Threats At Your Organization

1. Practice “Security Awareness”

A large percentage of successful security attacks do not necessarily exploit technical vulnerabilities. Instead they rely on “social engineering” — a set of techniques whereby attackers make the most of weaknesses in human nature rather than flaws within the technology — and people’s willingness to trust others. Organizations may fall into one of two extremes: either employees mistrust each other to such an extent that the sharing of data or information is nil, or, at the other end of the scale, total, blind trust between all employees. Yet neither approach is desirable. There has to be an element of trust throughout an organization, but checks and balances are just as important. Employees need to be given the opportunity to work and share data, but they must also be aware of the security issues that arise as a result of their actions.

This is why a security awareness program is so important. For example, malware often relies on victims to run an executable file to spread and infect a computer or network. Telling your employees not to open emails from unknown senders is not enough. They need to be told that in so doing they risk losing all their work, their passwords, and other confidential details to third parties. They need to understand what behavior is acceptable when dealing with email and Web content. Anything suspicious should be reported to someone who can handle security incidents.

Encouraging open communication across different departments makes for better information security, since many social engineering attacks abuse the communication breakdowns across departments. Additionally, it is important to keep in mind that a positive working environment where people are happy in their job is less susceptible to insider attacks than an oppressive workplace.

2. Secure Your Endpoints

A lot of information in an organization is not centralized. Even when there is a central system, information is often shared between different users and devices and copied numerous times. In contrast with perimeter security, “endpoint” security is the concept that each device in an organization needs to be secured. It is recommended that sensitive information is encrypted on portable devices such as laptops. Additionally, removable storage such as DVD drives, floppy drives, and USB ports may be blocked if they are considered to be a major threat vector for malware infections or data leakage. Securing endpoints on a network may require extensive planning and auditing. For example, policies can be applied that state that only certain computers (such as laptops) can connect to specific networks. It may also make sense to restrict usage of wireless (Wi-Fi) access points.

3. Create a Security Policy for Your Organization

Policies are the basis of every information security program. It is useless taking security precautions or trying to manage a secure environment if there are no objectives or clearly defined rules. Policies clarify what is or is not allowed in an organization as well as define the procedures that apply in different situations. They should be clear and have the full backing of senior management. Finally, they need to be communicated to the organization’s staff and enforced accordingly.

There are various policies, some of which can be enforced through technology and others which have to be enforced through human resources. For example, password complexity policies can be enforced automatically through Windows domain policies. On the other hand, a policy which ensures that company USB sticks are not taken home may need to be enforced through awareness and labeling. As with most security precautions, it is important that policies that affect security are driven by business objectives rather than gut feelings. If security policies are too strict, they will be bypassed, thus creating a false sense of security and possibly create new attack vectors.

4. Keep Roles Separate

Separation of duties, auditing and the principle of least privilege can go a long way in protecting an organization from having single points of failure and privilege creep. By employing separation of duties, the impact of a particular employee turning against the organization is greatly reduced. For example, a system administrator who is not allowed to make alterations to the database server directly, but has to ask the database administrator and document his actions, is a good use of separation of duties. A security analyst who receives a report when a network operator makes changes to the firewall access control lists is a good application of auditing. If a program officer has no business need to install software on a regular basis, then his or her account should not be granted such privileges (“power user” on Windows). These concepts are very important and it all boils down to who is watching the watchers.

5. Establish Backup and Redundant Systems

Although less glamorous than other topics in Information Security, backups remain one of the most reliable solutions. Making use of backups can have a direct business benefit when things go wrong. Disasters do occur and an organization will come across situations when hardware fails or a user (intentionally or otherwise) deletes important data. A well-managed and tested backup system will get the organization back up and running in very little time compared to other disaster recovery solutions. It is therefore important that backups are not only automated to avoid human error but also periodically tested. It is useless having a backup system if restoration does not function as advertised.

Redundant systems allow an organization to continue working even if a disaster occurs. Backup servers and alternative network connections can help to reduce downtime or at least provide a business with limited resources until all systems and data are restored.

6. Keep Your Systems Patched

New advisories addressing security vulnerabilities in software are published on a daily basis. It is not an easy task to stay up-to-date with all the vulnerabilities that apply for software installed on the network; therefore, many organizations make use of a patch management system to handle the task. It is important to note that patches and security updates are not only issued for Microsoft products but also for third-party software. For example, although the Web browser is running the latest updates, a desktop can still be compromised when visiting a Web site simply because it is running a vulnerable version of Adobe Flash. Additionally, it may be important to assess the impact of vulnerability before applying a patch, rather than applying patches religiously. It is also important to test security updates before applying them to a live system. This is because, from time to time, vendors issue patches that may conflict with other systems or that were not tested for your particular configuration. Additionally, security updates may sometimes result in temporary downtime: for example, when they require a machine reboot. Systems administrators often have to choose between installing security updates immediately and keeping the system up and running.

7. Minimize Exposure

Simple systems are easier to manage and therefore any security issues that apply to such systems can be addressed with relative ease. However, complex systems and networks make it harder for a security analyst to assess their security status. For example, if an organization does not need to expose a large number of services on the Internet, the firewall configuration can be quite straightforward. However, the greater the organization’s need to be visible — an advocacy group, for example — the more complex the firewall configuration will be, leaving room for possible security holes that could be exploited by attackers to access internal network services. When servers and desktop computers have fewer software packages installed, they are easier to keep up-to-date and manage. This concept can work hand in hand with the principle of least privilege. By making use of fewer components, fewer software and fewer privileges, you reduce the attack surface while allowing for security to be more focused to tackle real issues.

Conclusion

As operations and management functions become more digitized and online, security threats will emerge even faster and more disruptive to the workplace. Moreover, the amount of data and devices that are used have increased exponentially, which now requires a greater sense of vigilance. While nonprofits may lack the dedicated resources and staff to actively engage these threats, taking these above measures will ensure that they minimize their exposure to these risks, and can reduce their downtime and lost productivity. Regardless of your organization’s mission, following these tips consistently throughout your organization will foster a healthy and secure computing environment.

This article was based on and modified from a whitepaper for GFI Software, Security Considerations for Small- and Medium-Sized Businesses by Microsoft MVP Brad Dinerman.

No related posts.