Is Google Drive Safe to Use for Nonprofits?
In today's tech-driven world, we rely on technology for nearly everything, from personal communication to running our businesses. While it undoubtedly makes our lives easier, it also introduces a new set of challenges: digital security and privacy. For nonprofits, these concerns can be especially pressing.
Imagine you're an organization dedicated to helping adults return to school. You store sensitive student data, project plans, donor information, and other confidential files digitally. Suddenly, that information falls into the wrong hands. The consequences are staggering: exposed personal details, compromised financial data, and a shattered reputation.
Are you thinking, “My nonprofit is small. Hackers won’t pay any attention to us?” Well, think again. A study by the NTEN revealed that a staggering 71% of nonprofits experienced data breaches in 2022 alone. Another report found that non-profits are among the top five targets for cybercriminals.
Just very recently, over 900,000 donor records were exposed! The compromised database is owned by DonorView, a cloud-driven solution for nonprofits (charities, schools, religious institutions, and other nonprofit entities). Its purpose is to facilitate the efficient management of fundraising endeavors and the cultivation of strong donor connections within these organizations.
The threat is real. So, while cybersecurity might not be your top priority (I get it; you are already doing All The Things), ignoring it is a risk you simply cannot afford.
That's where Google Drive comes in. As a widely used cloud storage solution, it offers accessibility and collaboration features, making it a natural choice for many nonprofits.
But can Google Drive be trusted with your critical data? Are Google Drive security features enough?
Concerns arise surrounding its security, encryption, privacy, and overall data protection. This article looks closely at these issues, specifically focusing on how they impact nonprofits.
I'll explore Google Drive in detail, providing you with the insights needed to navigate the complex balance between convenience and security. By the end of the article, you'll be equipped with the knowledge to make informed decisions about your nonprofit's data and ensure its safety.
Cybersecurity is not just an IT issue; it's an organizational responsibility. By taking proactive steps to secure your data, you can protect your organization from costly and harmful data breaches.
Google Drive is a user-friendly platform for storing, sharing, and accessing files in a secure cloud (online) environment. Its intuitive interface allows for seamless file organization, enabling users to categorize documents, spreadsheets, and multimedia files efficiently.
Real-time collaboration is a hallmark feature, allowing team members to work simultaneously on projects and enhancing productivity. Additionally, Google Drive's integration with a whole suite of applications, such as Google Docs, Sheets, and Slides, promotes a cohesive digital workspace and streamlined workflows. It also minimizes the need for disparate tools.
Google Drive is part of Google Workspace for Nonprofits, an integrated suite of cloud-based productivity tools tailored for nonprofits. Nonprofit organizations can sign up and use the platform for free.
Workspace goes beyond storage, offering a comprehensive solution for communication, collaboration, and data management. Nonprofits can leverage:
Gmail for professional communication
Google Calendar for efficient scheduling
Google Meet for virtual meetings
This integration enhances overall operational efficiency, fostering a collaborative environment where your teams can work cohesively toward your mission.
Google Drive offers numerous advantages for managing files and collaborating effectively. Here are some key benefits:
Google uses multi-layered security measures to keep your files safe
Automatic backups and disaster recovery features
Share Google Drive files with colleagues, volunteers, and board members instantly
Multiple users can access and edit files simultaneously, streamlining workflows
Real-time collaboration ensures everyone is on the same page
Track changes and revisions easily with version history for files in Google Drive
Organize your files into folders and subfolders for easy access
Search for specific files quickly and efficiently using powerful search filters
Integrate Google Drive with other Google services like Docs, Sheets, and Slides
Nonprofits are eligible for free Google Workspace accounts, providing access to Google Drive with 30GB of storage per user
Upgrade to additional storage plans as needed for a fraction of the cost of traditional storage solutions
Eliminate the need for expensive on-premises hardware and software
While documents and spreadsheets may be the first things that come to mind, the answer goes deeper than that. Google Drive is a versatile tool for nonprofits, allowing you to store and share various essential data and resources. Here's a closer look at some of the most common things that are stored on Google Drive.
Organizational documents: Founding documents, bylaws, mission statements, strategic plans, policies, and procedures
Grant proposals and reports: Applications for funding, progress reports, and final reports for grants
Financial records: Budgets, invoices, receipts, financial statements, and donor records
Marketing materials: Brochures, flyers, presentations, press releases, social media graphics, and website content
Internal communications: Meeting minutes, email threads, project plans, and team updates
Photos and videos: Images of events, programs, beneficiaries, and staff
Audio recordings: Podcasts, interviews, and speeches
Logos, branding materials, and design assets
Marketing and fundraising videos: Testimonial videos, impact stories, and campaign videos
Donor databases: Information about donors, including contact details, giving history, and preferences
Volunteer databases: Information about volunteers, including contact details, skills, availability, and interests
Program data: Data on program participants, service delivery, and outcomes
Website analytics: Data on website traffic, user behavior, and conversions
Board materials: Meeting agendas, minutes, and reports
Training materials: Handbooks, slides, and other resources for staff and volunteers
Research and reports: Research conducted by the organization or relevant to its mission
Templates and forms: Reusable documents for common tasks like grant applications and volunteer registration
More than storing all that information on Drive, you can also share files with other people in your organization. This makes collaboration so much easier and more efficient. Since everything is in the cloud (online), a collaborator can access the files anytime, anywhere.
There are three ways to share information on Drive:
Invite-based sharing allows you to grant specific individuals access to your files, ensuring only authorized members can view and edit them.
Link-based sharing grants access to anyone with the link.
Shared drives allow you to create dedicated folders for specific projects or teams. This enables multiple users to collaborate simultaneously. Google offers additional security features for Shared Drives, such as audit logs and ownership transfer.
Now we answer the million-dollar question: Is Google Drive secure?
To answer that, we first need to define security. I’m going to go a little technical here, so bear with me. (It’s important!)
Security, in the context of data storage, refers to protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction.
But there’s this other thing called privacy. While not the same as security, it is just as important.
What’s the difference between privacy and security?
Privacy is protecting personal information, while security involves safeguarding data against unauthorized access or breaches.
In the cloud storage context (Google Drive in this particular case), these concepts are intertwined, as users seek a balance between accessibility and data protection.
Do you store donor information on Drive?
Privacy involves safeguarding individual details, like names and addresses.
Security, on the other hand, focuses on preventing unauthorized access or data breaches.
Striking a balance ensures your organization protects donor privacy while implementing measures to secure sensitive data against potential threats.
Google Drive employs a multi-layered security approach to safeguard your data.
Multi-layered, that’s good, right? For sure! What this means in practical terms:
Physical security: Google data centers (where the information is physically stored, think: your computer hard drive multiplied by a gazillion) are geographically dispersed and operate under strict physical security protocols. These centers are monitored 24/7.
Network security: Google's network infrastructure (the online part) is designed with robust security features like firewalls, intrusion detection systems, and encryption protocols. These measures help protect your data from unauthorized access and cyber-attacks.
Data security: Google encrypts your data at rest and in transit, meaning it's unreadable without the proper decryption keys. Data is at its most vulnerable when being transferred (uploaded/downloaded), so this encryption is critical.
User authentication: Google verifies your identity through strong password protocols and two-factor authentication. You know, when you have to enter that one-time password you receive from your phone. This ensures that only authorized users can access your Drive account.
This is where Google Drive is lacking. Google retains possession of the encryption keys necessary to access your data. This means Google employees. And, while Google has stringent privacy policies, the potential for human error exists, as seen in a 2019 incident where an employee unintentionally leaked personal information of account holders.
Google's transparency about tracking user activities is evident in its privacy policy. Your interactions with Google's apps contribute to the metrics and analytics that the company collects, shaping its understanding of user behavior. This, in turn, underscores the trade-off between convenience and data privacy when engaging with Google's extensive suite of apps and services.
As you can see, Google Drive is pretty secure. However, it is essential to understand that no system is foolproof. Google Drive offers a high level of security for your data, BUT it can still be compromised. Anything online can be compromised.
By understanding its security features and practicing safe online habits, you can further enhance the security of your information on Google Drive. This leads us to the next section…
Okay, so Google Drive is secure. But it can be hacked (as with all things online). So, do these things to protect your nonprofit’s data on Drive further.
It’s common sense, but you’d be surprised at how many people share their login details with others. Sure, you may trust them with your life—they certainly won’t leak your Google Drive password.
However, they might not be as vigilant as you are. Their password may be 123456, or they may like to click on links without checking if they’re legit. This leaves them prone to security issues, and if they have your login details, then you’re also compromised.
You’ve heard this countless times, but who can remember 18-character gibberish passwords, right? Who has time for that? Well, this is the first step to securing your account, so it’s rather important.
Keep these in mind when creating your passwords:
Use a mix of characters: Combine uppercase and lowercase letters, numbers, and symbols. For example, ALL4S3cur!tY.
Avoid easily guessable information: Steer clear of using easily accessible information like your name, birthdate, or common words. Opt for something unique and unrelated to personal details. For example, avoid using "password," "123456," or your name. Instead, use something like BlueTiger$23!
Opt for longer: While it might be tempting to stick to shorter passwords so you can easily remember, aim for longer—at least 12 characters. Longer passwords provide an additional layer of security against brute-force attacks.
Use a unique password for each account: It's tempting to reuse passwords but avoid this. Create distinct passwords for each account to prevent a security breach on multiple fronts if one password is compromised.
Regularly update passwords: Change your passwords periodically to reduce the risk of unauthorized access. This is especially crucial if you suspect a security compromise or have shared passwords with others.
Use a password manager: If the thought of managing multiple complex passwords overwhelms you, consider using a reputable password manager. It securely stores and manages your passwords, requiring you to remember only one master password. I recommend LastPass (has a free version) or 1Password (offers a free 14-day trial).
Think of 2FA as having a double lock on your door. It adds an extra step, so even if someone gets your password, they still need another code to get in.
Here’s how to set 2FA up.
Go to your Google Account.
Click on Security in the left-hand panel.
Click on 2-Step Verification and follow the prompts.
You’re all set!
Think of it like a permission slip. You decide who can and can't enter specific rooms in your office. Similarly, control who can access and edit certain files on Google Drive. Share your files/folders on a need-to-know basis.
Imagine a bulletin board with announcements. Sometimes, you need to update who gets to see the announcements. Likewise, regularly review and update who can access your shared files.
All that being said, you may find a Google Drive alternative that better suits your needs. Here are a few services like Google Drive you can consider.
1. Dropbox: Simplify your file sharing and storage with this user-friendly platform.
Basic (2GB, free), Plus (2TB, $11.99/month), Professional (3TB, $19.99/month), Family (2TB, $16.99/month), Business (Unlimited, custom pricing)
2. Microsoft OneDrive: Integrate seamlessly with Office 365 for on-the-go productivity. It’s perfect if you’re already on the Microsoft platform.
Free (5GB), Standalone (100GB, $1.99/month), Standalone (200GB, $2.99/month), Standalone (6TB, $9.99/month), Microsoft 365 Personal (1TB, $6.99/month), Microsoft 365 Family (6TB, $9.99/month)
3. Box: Securely manage your business-critical files with advanced security features.
Personal (10GB, free), Personal Pro (100GB, $10/month), Business Starter (100GB/user, $15/user/month), Business (Unlimited, $35/user/month), Enterprise (Unlimited, custom pricing)
4. Apple iCloud: Keep your Apple devices in sync and access your files anytime. If you’re in the Apple ecosystem, this is the best choice.
Free (5GB), 50GB ($0.99/month), 200GB ($2.99/month), 2TB ($9.99/month), 2TB Premier ($19.99/month)
5. SmallBizPro: Run a more efficient back-office. The rates are higher, but their solutions go beyond storage— this is an all-in-1 business management & compliance, procurement assistance, and market research assistance cloud-based platform. Plus, you can save more with a special rate for nonprofits—just use this code: VX3BT4J7.
Bronze ($29.99/month), Silver ($39.99/month), Gold ($59.99/month), Platinum ($79.99/month)
Google Drive uses multi-layered security measures to ensure your information’s security. However, it is imperative to understand that anything that stores your data online can be compromised. That is why the onus to strike a careful balance between convenience and keeping your account secure is on You.
The convenience of seamlessly integrated services within the Google Workspace ecosystem may come at the cost of privacy, as Google openly acknowledges its access to user data. This poses some risk to your nonprofit.
To maintain a secure Google Drive account, understand what Google Drive has to offer, its security features, and its weakness in terms of privacy. Use this to implement proactive measures such as those I mentioned above. By doing so, you can continue to enjoy the ease and convenience of Google Drive and keep your files more secure.
Do you use Google Drive? What measures do you take to ensure that your data remains secure?
Yes, Google Drive offers a free version for nonprofits. Nonprofit organizations can apply for Google for Nonprofits to access additional benefits, including expanded storage.
Yes, when configured correctly and with adherence to best practices, Google Drive is a secure platform for storing sensitive information for nonprofits. It employs robust security measures, including encryption and two-factor authentication, to ensure the safety of sensitive information for nonprofits.
Absolutely. Google Drive allows you to manage access and permissions, ensuring that only authorized individuals within your nonprofit can view or edit specific documents.
Yes, Google Drive complies with major privacy regulations. Its commitment to data protection aligns with industry standards, providing nonprofits with a secure platform for managing sensitive information.
Looking for a tech-related solution to fundraising? Read my guide to the best online donation platforms for nonprofits.
Want to rock at running a nonprofit? I’ve got you—read “6 Things to Know if You Want to Rock at Running a Nonprofit.”