Protecting Your Not-For-Profit from Cybersecurity Risks

By Mike Tullis

In today’s technology-dependent world, it is hard to go more than a few days without hearing about a cybersecurity breach or how to protect yourself. According to a study from the University of Maryland, there is a hacker attack every 39 seconds, affecting one in three Americans every year.

Your Not-for-Profit May Be at Risk
Unfortunately, not-for-profit (NFP) organizations are often targeted by cybercriminals attempting to gain personal and financial information. This is because of the amount of data and donations that not-for-profit organizations receive. In addition, not-for-profits often lack the security resources and personnel that their larger, for-profit, counterparts have. According to the Nonprofit Technology Enterprise Network, 68% of NFP respondents do not have document policies and procedures for cybersecurity attacks, while another 59% of respondents do not provide any cybersecurity training to staff.

How to Protect Your Organization
Cybersecurity is a legitimate concern that impacts all sizes and types of organizations. Be sure to protect yourself, your organization, and your mission using some of the tips below.

1. Focus on The Basics: Email Phishing, Passwords, and Multifactor Authentication
Cybersecurity can be a cumbersome task to take on for organizations lacking designated resources. While you may not be able to encompass all pieces of cybersecurity, it is easy to focus on the basics. The most common cybersecurity attack comes from phishing emails. Phishing emails aim to disguise themselves as legitimate emails from someone within your organization, often asking the recipient to click on a link. That link can then redirect you to a fake webpage - that looks real -where it will ask for personal information such unique identifiers.

    Another common way for hackers to gain data is through bad password practices. Encourage your employees to use more difficult passwords (more characters, combination of numbers and letters, etc.) for their work computer or software. Also, they should not reuse passwords. A password manager may help alleviate the task of remembering many passwords.

    Multifactor authentication (MFA) is also another way to mitigate threats. Utilizing MFA ensures that even if a hacker accesses credentials, they most likely can’t access your network.

    2. Organization-Wide Awareness
    One of the cheapest and easiest ways to protect your organization from cybersecurity threats is to educate your staff. Most attempts to gain confidential information are easy to spot if the people within your organization know what to look for. Try hosting internal training, post signage around your office, or sending real-world case studies for your staff to review so they are more aware of how hackers are trying to gain this information. Remember, every member of your organization is responsible for the security of your data.

    3. Protect Your Devices Without a Thought
    There are many ways to protect without having to constantly think about it. Anti-virus software, spam email filters, and firewalls all work behind the scenes to protect your devices and data. While they are not all foolproof options, they significantly reduce the ease for hackers to gain access to your system and can provide a safeguard if an employee were to click a malicious link or try to use an unsecured web address. A cybersecurity policy should also be in place should an end user break protocol. In these events, an action plan can help reduce chaos and possible damage, as time can be huge factor in minimizing security risks cause by intrusion.

    In addition to having these security options installed, be sure to keep them updated. Software vendors are regularly publishing new patches to fix security problems. However, it is up to the users of the software to apply the patches and ensure they are not leaving themselves at risk. According to ZDNet.com, IT security professionals admit that one in three breaches are the result of vulnerabilities that they should have already patched.


    While cybersecurity can sometimes an overwhelming and sometimes scary topic, doing small things to protect yourself and your organization can be a big step in the right direction.

    Mike Tullis | System Administrator
    MTullis@MHCScpa.com