Subscribe to this blog for news and announcements about Altru.

Donor Security: Update Your Website's Certificates

I do not need to write a lengthy or terribly witty intro to illustrate just how attuned we are to our security online. Every news cycle seems to reveal another data breach. We get weird emails from friends telling us how their dream vacation in Thailand went south and now they need your help – and money – right away (even though you saw them in the grocery store this morning). We subscribe to credit monitoring services to make sure malicious actors do not permanently harm our financial status.

Compounding all this – cyber security is confusing and not well understood. We are bombarded with so many threats and potential threats, it is difficult to know what we should take seriously and what is relatively benign. Therefore, we are apt to treat all threats as potentially severe and flee when something doesn’t smell right.

Leading up to and through #GivingTuesday, many of you had questions about online security, particularly how donor’s data is safe in Blackbaud solutions. If you, your leadership, or board members are curious you can click here to learn more about Blackbaud Compliance and Certifications (including PCI, etc.). This covers your Blackbaud solutions, including the forms used for online donations, event registrations, ticket purchases, and membership transactions.

The actual transaction is truly the most critical moment when stewarding donor personal and financial data, but there is still a lot of the donor’s online journey that happens before they ever get to a donation form – and what they see and experience there can either build or reduce confidence as they decide if they should donate online.

Given all that, this image is the last thing you want your donors, patrons, and members to see when they visit your website.


This may seem benign, but it is an immediate warning flag to a potential donor:  Not the kind of thing that inspires confidence as they are reaching for their wallet to grab that credit card. A message like this may be enough to change their mind.

Do this to see if your website is affected:  Using Google’s Chrome browser, navigate to your website’s home page and look up in the address bar. If you see “Not secure” the SSL/TLS certificate needs to be updated.

Fortunately, this is a relatively easy fix. Symantec has all the information you need here. A few easy-to-follow steps will get you on your way to refreshed and newly approved security certificates.

A few other things to consider to bolster donor confidence:
  • Your website’s design. An outdated look and feel tells a donor other things are likely out of date as well.
  • Update your Privacy Policy. Does your organization have an updated privacy policy? Your Blackbaud solution (Online Express, Altru, etc.) has default privacy policy language that covers the Blackbaud aspect of their data (database, transactions, email, etc.). Does your organization have a public, written policy that communicates to your public all you are doing to protect their data? Ask your legal counsel if your privacy policy is upto-date and adequate. To learn more about the default policies in your Blackbaud solution (and how to edit it to bring it up to your new standards), check out the Knowledgebase links above (for OLX and Altru) and check out the Community.
  • Broken links. Go through your website and click all the links. Everything. Every last one of them. Remove or repair any broken links. This is not a threat, per se, but feeds the  building/diminishing confidence in your wouldbe donors. Again, if these links are outdated, what else is?

Other thoughts, ideas, or questions? Email us at
Posted by Mike Woods on Dec 21, 2018 4:34 PM America/New_York