Do you find yourself a bit envious of all that money and manpower of bigger nonprofits? Don’t be. Optimization can be the field leveler you need to compete with large companies.

If you spend most of your time thinking about developing compelling campaigns on and offline, and finding new ways to engage supporters, as well as writing great fund-raising letters, your web donation page design and content is probably the last on your list. Yet, studies have shown that a well-optimized donation page can help you convert visitors into donors.

Most organizations (including large ones) have donation page conversion rates below 20%, some even less than 10%.  These poorly designed pages are driving away potential donors. Why should you care about that? Improved conversion on these pages mean more dollars raised with no increases in outbound marketing.

10 Tips to Optimize Your Donation Landing Pages

1. Use large donate buttons. Larger donate buttons convert more donors than smaller buttons.
    
2. Use color. Colorful, high-contrast donate buttons work better than gray buttons.
    
3. Simplicity. Flash designs are very often the culprit to a low converting landing page. Simplify the design utilizing static images.
    
4. Streamline your forms. Remove unnecessary fields from the personal information form (such as “title” or “suffix”).
    
5. Stay focused. Give your landing page visitors only one action to take, not multiple actions.
    
6. Avoid distractions. Don’t give your visitors a reason to detour from the page before completing the action you want them to take. In other words, avoid putting full site navigation and links on a landing page that will encourage visitors to abandon the page.
    
7. Write donor-friendly content. Generally, when it comes to content, it’s best to keep it short and simple. Use concise language that’s easy to understand and straight to the point.
    
8. Show where the money goes. Use charts and diagrams to show donors how their money will be used. donors want their philanthropic investment to have a measurable, significant impact on a cause they care about.
    
9. Prominent email capture. Not all visitor will be convinced to donate right away. Ensure you give them easy alternatives to engage with your nonprofit. Then work on the relationship.
    
10. Say thank you. By showing appreciation, you invite donors into the “organizational family” and increase their sense of participation. Saying “thank you” will go a long way toward securing the next gift.

Take away: spend some time clicking around your donation landing pages. Take the time to evaluated each page against above 10 optimization elements.

Related posts:

1. Make the Case For Giving – 7 Tips to Help Your Nonprofits Increase Its Year End Appeal Response
2. 10 Easy Tips to Optimize Your Donate Now Button
3. Top 4 Things to Ensure Last-Minute Giving Success
4. 10 Tips to Effective Search Engine Optimization for Nonprofits
5. Twitter Tips for Sucessful Nonprofit Fundraising

In my last post, I talked about how Google grants for nonprofits can give your organization the marketing leverage to increase fund raising, online donations and brand visibility. In this post I continue exploring the Google tools that are available, most of them for free, to the nonprofit sector to promote your cause, raise money, and operate more efficiently.

Google Apps is a cloud-based computing environment with collaboration technology that features several Web applications similar to the traditional desktop-based office suites, including: Gmail, Google Calendar, Docs, Talk and Sites.

What’s in it for nonprofits?

Gmail: Includes email accounts on your organization’s domain (e.g., rositacortez@your-nonprofit.org). Best of all, you can access your email account anytime, anywhere, even if you are offline. Google also provides email migration tools so you do not have to worry about losing existing email. In addition, you can opt to use Gmail via an IMAP account and sync it to Outlook.

And yes! You can customize Gmail to fit the look and feel of your organization (logo and colors). Did I mention that you also have a 7+ GB inbox quota?

Google Calendar: Integrated into Gmail, calendars can be shared company-wide or with select co-workers. In addition, you can access your calendar on your iPhone or blackberry and even receive calendar notifications via text messages.

Google Docs: This is perhaps my favorite feature. It gives you the flexibility to create and access your documents from anywhere. You can say good bye to carrying USB drives or emailing attachments to yourself. With Google Docs all you need to have is access to the Internet to create and share a Word, PowerPoint or Excel document. And you don’t have to worry about compatibility issues between the different operating systems. Google Docs can be read by Macs, PCs and even Linux computers.

Google Talk: Also integrated into Gmail, Google allows you to share quick thoughts in real time. You can exchange quick chats right within Gmail. This feature is especially useful if you need to have a quick answer right away (e.g., you are on the phone and need more information from a co-worker). In addition, you can receive files in Google Talk. Forgot to bring that financial report to a meeting? No problem. Your co-workers can send it to you instantly via Google Talk.

Google Apps are packed with powerful spam filtering and customizable security features. The Google team has some of the world’s foremost experts in information, application and network security. Remember that even though Google Apps is free for nonprofits, big businesses, with highly sensitive corporate data, do pay for these services and they expect the system to be reliable and secure…and it is.

Advantages of Google Apps for Nonprofits

• Free for nonprofits
• Requires no hardware or software
• Easy to administer and support (it needs minimal administration)
• Reduces IT Costs by decreasing total cost of ownership
• Empowers your employees with state of the art technology
• 24/7 customer support (via phone or email)

What to Do Next?

1. Find out if your nonprofit qualifies
   United States non-profit organization with under 3,000 users with current 501(c)(3) status and verified by 9-digit Employee ID Number
2. Complete the Sign-up form on the Google Apps webpage
3. Learn more about Google Apps for Nonprofits

Related posts:

1. The Nonprofit Power User Guide to Google Docs
2. Google Grants for Nonprofits
3. Email Marketing for Nonprofits: 3 Essential Techniques
4. 10 Tips to Effective Search Engine Optimization for Nonprofits
5. Make the Case For Giving – 7 Tips to Help Your Nonprofits Increase Its Year End Appeal Response

Until this year, Rosa wouldn’t have devoted space to the laws that vary widely across all states—and Washington, D.C.—that require nonprofits to register in each state where they solicit donations.  The laws have been around for decades and ignored due to lack of enforcement.  Nobody cared.

This year, the IRS stepped in with its vastly revised Form 990.  It contains two questions that pointedly ask about your compliance with state Charity Registration laws.  An officer signs your 990 under penalty of perjury.  Add to that a couple of recent enforcement actions and you’ve got a timely guest blog explaining what this is all about and why you need to pay attention.

You’re required to register in states where you solicit.

In states like Arizona, Florida, Georgia, Illinois, New Jersey, and New York, the mere existence of a “Donate Now” button triggers your registration requirement.  One of Rosa’s posts tells you how to optimize your donation page.  If you’ve got one, recognize that it has implications for registration.

If you’re inviting people to your website with email, U.S. mail, telemarketing, ads, events or meetings, you’ll need to register in the states above, plus the likes of California, Texas, Utah and others, if your inducements find residents of these states.

Every state considers paper mail, telemarketing and advertising that seek donations to be a solicitation.  So in the states where you’re using these methods, it doesn’t matter whether you’re using online giving.

Here’s an enormous timesaving tip for a small nonprofit that takes donations on its website.  If you get all of them from just a few states (or only one), put a disclaimer on your donation page.  Say that you only accept donations from those states.  Go one step further and remove the other states from your pull down menu, or only accept the right state names in an input field.  Now you’re only soliciting in the couple of states that mean the most to you.  The laws of every other state are irrelevant.

You know, if you’re not following the laws where you solicit, your board members could be liable.  They’re fiduciaries to your organization.  Under principles of fiduciary duty, they can be personally liable for the misdeeds of your charity.

In a good number of states, including Arizona, Florida and Pennsylvania, failure to register is a crime, either a felony or misdemeanor.   In a lot of other states there are civil, not criminal, penalties.  In October, the Secretary of State in Georgia fined a nonprofit $25,000 for noncompliance with the state’s registration statutes.

There are some bright spots in all this.  A lot of states have exemptions.  They vary wildly based on mission, gross revenue, fundraising revenue and in-state revenue.  You might qualify.

Also, compliance isn’t complicated.  It’s just time consuming.  It’s the perfect project for a detail-conscious volunteer or intern.

Here’s a plan for getting started.  First, register in your home state.  Then, look at where you solicit the most.  If you’re accepting gifts online, your solicitations are based on state populations.  Start with the most populous state, California, and work down, registering where online giving is a solicitation.  Remember, by limiting the states that can donate online, you’ll save considerable time.

If you’re fundraising by paper mail, email, phone, advertisements and meetings, query your database for your constituents’ states of residence, ranking the output file by descending frequency of constituents.  At the top of the list will be the state in which you do the most solicitations.  Start there and work down.  Remember, you might be exempt in some states.

Eventually, with time devoted to one or two states per month, you’ll get your nonprofit into compliance.  That protects your board, your officers and your organization’s reputation.

About the Author
Tony Martignetti, Esq. has been supporting the fundraising needs of non-profits since 1997.  He is the author of Charity Registration: State-by-State Guidelines for Compliance and managing director of Martignetti Planned Giving Advisors, LLC.  His two websites are www.StateCharityRegistration.com and www.mpgadv.com.

Related posts:

1. Designing Your Website to Draw in Donors

We are all well-aware of the increasing rate of personal identity theft. Statistics show that as many as 10 million Americans each year are victims of identity theft. Many, however, have never even heard of something called corporate (business) identity theft. Most people never even consider that an organization has an “identity” that could be stolen.

Moving from a personal to a business perspective, the Aberdeen Group has estimated that $221 billion a year is lost by businesses worldwide due to identity theft. This brings us to the question, can this affect the nonprofit community? Logic follows that if it can happen to one corporate entity, it can happen to another. After all, when it comes to money, nonprofits also have EIN numbers, credit cards, bank accounts, letterhead and paperwork that can be reproduced and used for unauthorized purposes.

The most common form of identity theft at the business level is the use of a company’s credit profile, either to fraudulently obtain credit for a separate company or to make purchases in the name of the company. Nonprofits can also be affected by “Cyber Squatting” and social media identity theft.

Cyber Squatting & Nonprofits

Cyber squatting is when someone “steals” your organization’s domain name and uses it to profit from the goodwill associated with the organization’s trademark. This can happen in few scenarios.

First, since most nonprofits only buy their domain name ending in “.org,” the same domain name ending in “.com” can be registered by another person or entity. Thus, if you type www.one.org you will be taken to the well-known grassroots advocacy organization ONE. But if you type www.one.com, you are taken to a website offering hosting services. In this case, the web hosting site (one.com) is a legitimate business. It may not have even intended to associate itself with One.org. But there is no doubt that they benefit from the extra traffic they get from people who are looking for the advocacy organization One.org but incorrectly typed its web address. Since people are in the habit of using ‘.com’ when searching the Web, this unintended appropriation of nonprofits’ organizational goodwill is not infrequent.

A second case scenario is when someone buys your .com domain name and uses it in bad faith with the intent of deceiving donors. Cyber squatters are known for setting up websites that look and feel just like the real organization’s website. They replicate or copy the code and images from the legitimate nonprofit website in order to create the fake website. It can be difficult for users to distinguish a real website from a fake and cyber squatters are thus able to capture your donor’s information (name, address and credit card numbers). Your donors then unwittingly become the victims of personal identity theft.

Social Media Identity Theft

When it comes to using your brand on social sites, you also need to be aware of the potential risk of identity theft.  Back in June when Facebook began allowing members to claim vanity URLs, there were a lot of scammers snatching up big-brand names and cyber squatting in order to capitalize on the goodwill associated with the brands (e.g., Baja Fresh).

What Can You Do to Protect Your Nonprofit from Identity Theft?

1. Manage your data carefully and consistently. With the vast amount of information available on the internet these days, it is a must that you find out exactly what information regarding your nonprofit is online.
2. Check for the use of your brand name across popular and emerging social media websites. Grab your name before someone else does.
3. Google yourself. Set up alerts related to your organization to see if there are any spoof sites (mirror sites) that have your information on them. In addition to your organization’s name, consider alerts related to your original Web content, social media sites and key staff.
4. Buy .org and .com domain names for your organization.
5. Develop & implement an IT plan designed to prevent and manage a security breach. (See “Nonprofits and the Hacking Nightmare”)
6. Limit the employees who have access to sensitive information (EIN number, bank accounts and credit cards) and always encrypt sensitive data on your computer network.
7. Review regularly your nonprofit credit report and always carefully scrutinize employee charge card billing statements before they are paid, particularly those accounts for which multiple cards are issued.
8. Guard check stocks like cash. Don’t use preprinted check stock. Instead, encourage direct deposit, and shred sensitive documents that are not required by law to be maintained on a regular basis.
9. Do not panic. One of the worst things you can do in a case of organizational identity theft is panic and make a series of moves on fear and impulse. In the worse case scenario, you should immediately contact your lawyer and the local authorities.
   
10. Preparation. Last but not least, you should be prepared to fight for your nonprofit. Keep your documents organized as lack physical evidence of ownership can make your case difficult to prove.

Related posts:

1. Nonprofits and the Hacking Nightmare: Beef Up Your Internet Security
2. Google Apps for Nonprofits
3. Google Grants for Nonprofits
4. 10 Tips to Effective Search Engine Optimization for Nonprofits
5. What’s the Buzz All About? Nonprofits and Social Media

At this point, we all know that Twitter, Facebook and LiveJournal spent yesterday battling a DDOS attack. The attack was so massive that most users and all third-party services have been completely unusable for the last 20 hours or so. If these sites, which excel in their technology, infrastructure and specialized workforce, are vulnerable to hackers and are brought down to their knees, what about our small and fragile nonprofit tech infrastructures?

Many nonprofits are required to comply with privacy regulations and other confidentiality provisions. What would happen if your data is stolen and compromised? Data leakage and down-time may result in reputation loss, turn away new and existing constituents and, in some cases, it may even lead to legal liability.

But even if you don’t have to worry about constituents’ confidentiality, what about your donor’s information? Your internal databases? Your financial information? Security violations, if not handled appropriately and quickly, may impact the organization’s reputation and future opportunities for growth.

The truth is that a computer virus outbreak or a network breach can cost an organization thousands of dollars. Security should be a primary issue for any nonprofit. Unlike larger organizations with dedicated security and IT staff, small and medium-sized nonprofits have limited resources. Often their IT infrastructure is handle by “accidental techies” and part-time IT consultants.

Techsoup in partnership with GFI Software recently published “Security Threats: A Guide for Small Nonprofits.” The article focuses on small and medium-sized nonprofits and offers tips (read below) for avoiding threats that are likely to affect organizations.

Be prepared. Don’t let security attacks catch your nonprofit off-guard.

Seven Tips for Avoiding Common Threats At Your Organization

1. Practice “Security Awareness”

A large percentage of successful security attacks do not necessarily exploit technical vulnerabilities. Instead they rely on “social engineering” — a set of techniques whereby attackers make the most of weaknesses in human nature rather than flaws within the technology — and people’s willingness to trust others. Organizations may fall into one of two extremes: either employees mistrust each other to such an extent that the sharing of data or information is nil, or, at the other end of the scale, total, blind trust between all employees. Yet neither approach is desirable. There has to be an element of trust throughout an organization, but checks and balances are just as important. Employees need to be given the opportunity to work and share data, but they must also be aware of the security issues that arise as a result of their actions.

This is why a security awareness program is so important. For example, malware often relies on victims to run an executable file to spread and infect a computer or network. Telling your employees not to open emails from unknown senders is not enough. They need to be told that in so doing they risk losing all their work, their passwords, and other confidential details to third parties. They need to understand what behavior is acceptable when dealing with email and Web content. Anything suspicious should be reported to someone who can handle security incidents.

Encouraging open communication across different departments makes for better information security, since many social engineering attacks abuse the communication breakdowns across departments. Additionally, it is important to keep in mind that a positive working environment where people are happy in their job is less susceptible to insider attacks than an oppressive workplace.

2. Secure Your Endpoints

A lot of information in an organization is not centralized. Even when there is a central system, information is often shared between different users and devices and copied numerous times. In contrast with perimeter security, “endpoint” security is the concept that each device in an organization needs to be secured. It is recommended that sensitive information is encrypted on portable devices such as laptops. Additionally, removable storage such as DVD drives, floppy drives, and USB ports may be blocked if they are considered to be a major threat vector for malware infections or data leakage. Securing endpoints on a network may require extensive planning and auditing. For example, policies can be applied that state that only certain computers (such as laptops) can connect to specific networks. It may also make sense to restrict usage of wireless (Wi-Fi) access points.

3. Create a Security Policy for Your Organization

Policies are the basis of every information security program. It is useless taking security precautions or trying to manage a secure environment if there are no objectives or clearly defined rules. Policies clarify what is or is not allowed in an organization as well as define the procedures that apply in different situations. They should be clear and have the full backing of senior management. Finally, they need to be communicated to the organization’s staff and enforced accordingly.

There are various policies, some of which can be enforced through technology and others which have to be enforced through human resources. For example, password complexity policies can be enforced automatically through Windows domain policies. On the other hand, a policy which ensures that company USB sticks are not taken home may need to be enforced through awareness and labeling. As with most security precautions, it is important that policies that affect security are driven by business objectives rather than gut feelings. If security policies are too strict, they will be bypassed, thus creating a false sense of security and possibly create new attack vectors.

4. Keep Roles Separate

Separation of duties, auditing and the principle of least privilege can go a long way in protecting an organization from having single points of failure and privilege creep. By employing separation of duties, the impact of a particular employee turning against the organization is greatly reduced. For example, a system administrator who is not allowed to make alterations to the database server directly, but has to ask the database administrator and document his actions, is a good use of separation of duties. A security analyst who receives a report when a network operator makes changes to the firewall access control lists is a good application of auditing. If a program officer has no business need to install software on a regular basis, then his or her account should not be granted such privileges (“power user” on Windows). These concepts are very important and it all boils down to who is watching the watchers.

5. Establish Backup and Redundant Systems

Although less glamorous than other topics in Information Security, backups remain one of the most reliable solutions. Making use of backups can have a direct business benefit when things go wrong. Disasters do occur and an organization will come across situations when hardware fails or a user (intentionally or otherwise) deletes important data. A well-managed and tested backup system will get the organization back up and running in very little time compared to other disaster recovery solutions. It is therefore important that backups are not only automated to avoid human error but also periodically tested. It is useless having a backup system if restoration does not function as advertised.

Redundant systems allow an organization to continue working even if a disaster occurs. Backup servers and alternative network connections can help to reduce downtime or at least provide a business with limited resources until all systems and data are restored.

6. Keep Your Systems Patched

New advisories addressing security vulnerabilities in software are published on a daily basis. It is not an easy task to stay up-to-date with all the vulnerabilities that apply for software installed on the network; therefore, many organizations make use of a patch management system to handle the task. It is important to note that patches and security updates are not only issued for Microsoft products but also for third-party software. For example, although the Web browser is running the latest updates, a desktop can still be compromised when visiting a Web site simply because it is running a vulnerable version of Adobe Flash. Additionally, it may be important to assess the impact of vulnerability before applying a patch, rather than applying patches religiously. It is also important to test security updates before applying them to a live system. This is because, from time to time, vendors issue patches that may conflict with other systems or that were not tested for your particular configuration. Additionally, security updates may sometimes result in temporary downtime: for example, when they require a machine reboot. Systems administrators often have to choose between installing security updates immediately and keeping the system up and running.

7. Minimize Exposure

Simple systems are easier to manage and therefore any security issues that apply to such systems can be addressed with relative ease. However, complex systems and networks make it harder for a security analyst to assess their security status. For example, if an organization does not need to expose a large number of services on the Internet, the firewall configuration can be quite straightforward. However, the greater the organization’s need to be visible — an advocacy group, for example — the more complex the firewall configuration will be, leaving room for possible security holes that could be exploited by attackers to access internal network services. When servers and desktop computers have fewer software packages installed, they are easier to keep up-to-date and manage. This concept can work hand in hand with the principle of least privilege. By making use of fewer components, fewer software and fewer privileges, you reduce the attack surface while allowing for security to be more focused to tackle real issues.

Conclusion

As operations and management functions become more digitized and online, security threats will emerge even faster and more disruptive to the workplace. Moreover, the amount of data and devices that are used have increased exponentially, which now requires a greater sense of vigilance. While nonprofits may lack the dedicated resources and staff to actively engage these threats, taking these above measures will ensure that they minimize their exposure to these risks, and can reduce their downtime and lost productivity. Regardless of your organization’s mission, following these tips consistently throughout your organization will foster a healthy and secure computing environment.

This article was based on and modified from a whitepaper for GFI Software, Security Considerations for Small- and Medium-Sized Businesses by Microsoft MVP Brad Dinerman.

Related posts:

1. Thief, Stop! Nonprofits & Identity Theft
2. Google Apps for Nonprofits
3. Google Grants for Nonprofits
4. What’s the Buzz All About? Nonprofits and Social Media
5. 10 Tips to Effective Search Engine Optimization for Nonprofits