
Most institutional leaders think about website security the way they think about building maintenance: something to address when something breaks.
A site goes down, a form stops working, a plugin conflict causes a visible error, and suddenly security becomes urgent.
The organizations that maintain consistent institutional credibility online are the ones that treat security as a planning discipline rather than a reactive task.
The real risk is not a cyberattack
When museum directors and nonprofit executives think about website security, they often imagine headline scenarios – ransomware, data breaches, malicious intrusions.
Those risks are real and worth taking seriously. But for most mission-driven organizations, the more common and more costly security failures are quieter.
A hosting environment that has not been updated in two years.
A plugin that stopped receiving security patches six months ago.
A form that sends donor information to an email address that no longer exists.
An SSL certificate that expires over a holiday weekend when no one is monitoring it.
These are not dramatic failures.
They are the accumulated result of treating security as a one-time setup rather than an ongoing institutional responsibility.
And they create exactly the kind of credibility gap that sophisticated visitors: funders, board candidates, institutional partners – notice before they decide whether to engage.
Contingency planning for institutional websites
Contingency planning for a website is not about anticipating every possible failure. It is about identifying the functions your organization cannot afford to lose – and ensuring that when those functions fail, the recovery path is already clear.
For most mission-driven organizations, the critical functions are straightforward.
Planning for those functions means knowing where your backups are and how recent they are. It means understanding who has access to your hosting environment and what happens when that person leaves. It means having a relationship with someone who can respond quickly when something goes wrong – not searching for a developer in a moment of crisis.
Scenario planning for institutional credibility
Beyond contingency planning is the discipline of scenario planning – asking what-if questions about your website before the scenario becomes real.
What if your executive director’s name and photograph are on the site and that person transitions unexpectedly?
What if a program you prominently feature is discontinued after a funding change?
What if your website is the first place a major donor visits after reading a news story about your sector – and the site reflects priorities from three years ago?
These are not technical scenarios. They are institutional credibility scenarios that play out through your website. Organizations that plan for them update proactively. Organizations that do not discover the problem when a visitor forms the wrong impression.
What institutional website security actually requires
The organizations whose websites consistently support their mission over time share a common approach. They treat their website as an institutional asset that requires stewardship – not a project to complete and set aside.
That stewardship includes regular backups and update cycles.
Security is not the absence of risk. It is the presence of a plan.
“By failing to prepare, you are preparing to fail.” – Benjamin Franklin
At minimum, quarterly: covering backups, plugin and platform updates, SSL certificate validity, and form functionality. For organizations whose websites carry significant institutional weight, monthly monitoring is more appropriate. The cost of a brief quarterly review is far lower than the cost of discovering a problem after a funder has already visited and formed an impression.
Accountability matters more than technical expertise. Someone inside the organization – typically the communications director, operations lead, or executive director – should own the relationship with whoever maintains the site and ensure that updates, backups, and access credentials are current. Technical execution can be delegated. Institutional accountability cannot.
Current, tested backups stored in a location separate from your hosting environment. Everything else: plugin updates, SSL certificates, access management – is important. But if the site is compromised or fails, the ability to restore it quickly from a recent backup is what determines how long your organization is invisible to the people who most need to find you.

Frances Naty Go is the founder of Goldlilys Media, where she helps mission-driven organizations turn their websites into clear, durable systems that support meaningful work over time. She works with museums, nonprofits, health and wellness brands, higher education, life sciences, travel organizations, and expert-led businesses.
With a background in Computer Science from UC San Diego, Frances brings a thoughtful, strategic approach to building digital experiences that educate, orient, and build trust, without unnecessary complexity.




Questions first? Start a conversation

