The Importance of Website Security for Nonprofits

When donors give to a nonprofit, they consider so many factors like which cause to support, how much to give, when to give and more. One thing they shouldn’t have to worry about is whether it’s safe to give. That’s why we created our Donor Financial Information Accountability Standard®, which requires that donors financial information be kept safe through established internal controls and secure methods of online giving.

Donor Financial Information is one of twenty-five Accountability Standards®. To learn more about the Accountability Standards®, click here.

Updates to Website Security Guidelines

In addition to keeping donors personal and financial information safe, it’s important that your website is safe and secure as well. Last fall, Google raised the bar on demonstrating website security. In the past, when a nonprofit wanted to assure a donor that its website was secure, the nonprofit could suggest that the donor look for the “lock” icon in the address bar which confirms that a site is using HTTPS. Now, if nonprofits host their websites on sites that aren’t secure, Google Chrome’s web browser will actively warn donors that their information is at risk, displaying a message like the one shown below.



How alarming, especially for new visitors! As nonprofits, it’s important to maintain public trust and donor trust. This trusting relationship can be compromised when online security isn’t taken seriously. As Rick Cohen of the National Council of Nonprofits explains, “Perception is reality. If a website is flagged as ‘not secure,’ it gives site visitors reason to pause before engaging further…” So even if your organization doesn’t solicit donations online, moving to a secure server helps build trust with site visitors.

Additionally, HTTPS matters for SEO (search engine optimization). Back in 2014, Google announced that HTTPS site would come up higher in search results than an HTTP site. So, for this reason alone, it may be beneficial for your nonprofit to switch to HTTPS for greater visibility.

So how do you make your site secure?

If your nonprofit’s website address still starts with HTTP and not HTTPS, contact your website support team or the company that hosts your website, and they can advise on next steps. If you’d like to try yourself, this guide can help.

The Bottom Line

When donors know their information is safe, they’re not only more likely to visit your website, but also more likely to give and engage. As the standards for data security continue to evolve (find our blog on GDPR regulations here), it is important to stay informed. Stay connected by subscribing to our monthly E-Newsletter where we share sector news, Council updates, giving tips, and more. Click here to subscribe.

Looking for an older article?

We're in the process of migrating our blog. If you're looking for an older entry, please visit the archive to search for it.

Get our latest and greatest monthly!


Charities Review Council

Our mission is building donor and nonprofit relationships for strong, vibrant and just communities. We envision healthy communities for all, benefiting from effective and trustworthy nonprofits that are supported by a well-informed public’s generosity.

Let’s Connect

1915 Highway 36 W Ste 133 • Roseville, Minnesota 55113-2709
Phone: (651) 224–7030 • E-mail:

Privacy Policy (5/9/19) • Terms of Use (5/9/19)

Log In