Image with password box: Cybersecurity for nonprofits

Cybersecurity for Nonprofits: What You Need to Know

Team NLC Tips

Companies rely on data for nearly every decision they make — evaluating programs, engaging audiences and setting organizational strategy. As the value of data has increased, so too has the rate of cyber attacks. From Marriott, Garmin and Yahoo to local nonprofit organizations, no one is immune to cybersecurity risks. So how can you protect your nonprofit’s personal and financial information? During a recent roundtable discussion at the Nonprofit Leadership Center, University of South Florida Professor Steve Gary shared tips on cybersecurity for nonprofits to help reduce your organization’s risk of a cyber attack.

A Cybersecurity Checklist for Nonprofits

1. Educate your staff.

Many cyber attacks on email or ransomware happen because an employee clicks on a link they should not have opened. Proactively and frequently educating your staff about what to look for and avoid clicking on can help prevent your nonprofit from becoming the next victim of a cyber attack. For example, show your staff examples of Phishing scams so they can spot them in the future, and remind them that you will never request their passwords or banking information via email.

Holding annual employee cybersecurity training is also an important way to prevent cyber attacks on nonprofits. These trainings are an excellent time to remind staff to:

  • Keep their software, operating systems and apps updated.
  • Avoid using public WiFi, as tempting as it may seem. Instead, use a VPN — Virtual Private Network — a secure way to use regular WiFi.
  • Regularly back up data and encrypt laptops so unauthorized users cannot access sensitive information if the device is stolen.
  • Disable removable devices and USBs.

2. Upgrade your password.

Nearly every device we own, from watches to thermostats, is connected to the internet — communicating mobile numbers, login information and passwords across vulnerable channels. Hackers can break into these systems and even shut down power grids or your home’s security system. When it comes to cybersecurity for nonprofits, making your password sophisticated and changing it frequently is essential. 

  • Make your password longer and harder to guess, with a minimum of 16 characters and using a combination of letters, numbers and special characters.
  • Change your password often.
  • When available, use multi-factor authentication, such as face recognition, which requires a user to provide more than one piece of evidence to authenticate the individual and gain access to a website or application.
  • Add a human element into the authentication process to make it harder for hackers to breach, such as face or fingerprint recognition or certificate authentication, which can be app-based. 

3. Be diligent when working at home.

As many employees transition to a hybrid or remote work environment, data and computer systems are more vulnerable to cyber attacks than in the past. Hackers often see small businesses as easy targets, with many nonprofits fitting into this category. Check out these data security tips to protect your nonprofit, and talk to your insurance agent about cyber liability insurance.

4. Update your policies.

It is critical to ensure you have policies and procedures in place that protect your donor, employee and constituent data. For example:

  • Secure your cloud workspaces.
  • Ensure your human resources policies reflect the latest cybersecurity measures.
  • Make sure your employees and volunteers know about these policies and their updates and are adhering to them.

READ NEXT: Four Critical HR Policies for Nonprofit Organizations

5. Know who to call.

If you suspect your nonprofit has been a victim of a cyber attack, contact the authorities immediately. Here’s where to start:


Be the first to hear about the latest nonprofit tips, resources and training classes at the Nonprofit Leadership Center. Sign up to receive our weekly NLC e-newsletter to thrive personally and professionally.