This article is not about the donor ask, donor acquisition, donor retention, donor XYZ.

Today I received an email from Elliot (name not changed to expose the guilty). He claimed to have my computer password and asked me for a $3,000 “donation” to protect me from him spreading my credit card and bank information throughout the world. Arghhhhh…

BTW the password he shared was, in fact, one I used many moons ago.

Receiving this email was very unsettling. If Elliot could find my password, he can find yours, too. So I’m sending out a friendly reminder to change your passwords—frequently!

All of us have passwords for our online accounts, and we use different methods for accessing them — sticky notes, word docs, password vaults. Some methods are more secure than others.

Since I am not an expert on password protection, I asked Dave Buonomo, President of Blue Atlas Interactive, for advice. Dave is an expert on cyber security and has all the certifications to prove it. “Start with the simple stuff,” he advises,  “the low hanging fruit of good password hygiene will get you a long way. And, no matter the size of your company, have a password policy, and even better, a corporate security policy that provides practical guidelines to employees for staying safe online.” Charitable organizations have a special responsibility to protect the information that donors and supporters entrust to them.

So what do we do to up our security? Geoffrey A. Fowler, technology columnist for The Washington Post recently wrote an article titled “Your password has probably been stolen. Here’s what to do about it.”

It’s time to pay attention to Fowler’s seven important tips:

1. Never, ever reuse a password (oops, guilty of that one!).
2. Change passwords every 90 days. Make passwords really long and add random upper case letters, lower case letters, numbers and symbols.
3. Visit this website at https://haveibeenpwned.com/. Enter your e-mail address and this free service will tell you if your e-mail address and possibly password were compromised.
4. Get help by using a password manager that keeps all your passwords in one digital safe deposit box such as dashlane, 1password and lastpass.  
5. When your web browser asks, “Would you like us to remember your password?” never click “yes.”
6. Turn on two-factor authentication everywhere it’s available which adds an extra layer of security.
7. Last point, just take the plunge and start using a password manager, now.

My advice? Take security seriously—now. And make no donations to Elliot!