By Drew Fox Jordan • November 6, 2020

    Does Email Put Donor Data At Risk?

    A consumer survey conducted by Adobe found that on a typical weekday, employees are checking their work email an average 3.1 hours; their personal email, 2.5 hours. This makes email one of the most habitual platforms employees use, which makes changing this user behavior that much more challenging.

    The efficiency of email also makes it one of the single biggest threats to a nonprofit’s donor data. Fundraisers depend on the ability to communicate quickly and easily in order to get their jobs done. Email is used for everything from contacting donors to communicating with colleagues about donor information.

    Does email put donor data at risk?

    While a growing number of fundraising processes can be automated, email communication still relies on interpersonal interaction and judgment – all of which makes it particularly vulnerable to employee error. No matter how structured or ingrained a process or behavior is, mistakes are inescapable and inevitable.

    Human error is incredibly difficult to understand, let alone predict. Changes in people’s stress levels, morale, engagement, and attention can lead to misdirected emails. So how does that impact a nonprofit’s donor data?

    The risk of data leakage is heightened by many of the factors that make email so useful. The same email address will send personal and professional messages, often in succession. It is platform agnostic – you can send an email to any other email address regardless of its platform making it very difficult to develop a complete security solution for a channel with so many front-end standards and configurations.

    Fundraisers have the ability to email sensitive donor information from their work email to their personal email - an inbox that is most likely unencrypted. This is just one example of how fundraisers take advantage of the ease of email to do their jobs more efficiently, but this simple act compromises the entire donor database and no endpoint security features or policies can prevent it. Only a fundamental change in human behavior can stop this risk.

    Luckily, Gravyty has spent years using artificial intelligence (AI) to understand the human behaviors of development professionals. By focusing on what is known as human layer security, Gravyty Guard protects against the vulnerabilities without getting in the way of people getting their jobs done.

    The best thing you can do to understand human layer security threats and evaluate how your organization stacks up is to take a data vulnerability assessment.



    Posts by Topic

    see all