Cybersecurity Awareness Month: Tips for Nonprofits

Cybersecurity isn’t necessarily a hot topic of conversation in the nonprofit community. However, if your organization collects any kind of data, cybersecurity is a critical component of maintaining trust with your clients, partners ,funders, and the communities you serve.

Unfortunately, nonprofits are increasingly becoming targets of hackers due to the kind of data they collect (credit cards, healthcare data, personally identifiable information) and:

• A lack of cybersecurity policies and systems
• Outdated software systems
• A lack of training to identify potential threats

Nonprofits may also be at risk of cyberattacks due to their stance on political or social issues.

If you are concerned about data security at your nonprofit, here are some steps you can take to protect your organization’s data, even without an IT department.

1. Enable multifactor authentication (MFA)

If you have ever logged into your bank account and received a text message with a code to enter afterward, that’s an example of multifactor authentication. MFA setup provides an extra layer of security to ensure that it’s really you logging into your account, not a hacker trying to access your data.

2. Limit who has access to sensitive data

Not everyone needs access to all of your organization’s data systems. Limit access to financial, employee, donor, and other sensitive data to only those who need it to do their jobs. Relatedly, avoid creating shared logins for data systems, like using one login name and password for the development department's database. Ensure each individual has their own login name and password.

3. Use VPNs when working on public networks

As more nonprofit staff work remotely, ensure employees use a virtual private network (VPN) when working from public places like libraries or coffee shops. VPNs ensure that no one else using the same Wi-Fi connection can see your data or browsing activity. I've been using ExpressVPN for years, but there are many similar services available.

4. Remember to take it S.L.O.W.

At a recent workshop hosted by Bridges CIO, I learned that if an email, phone call, or text message looks suspicious, there are four questions to ask yourself to ensure cyber safety:

1. Sender: Do you recognize who sent the message? Does the email address or phone number appear to be current? Check for typos in the email address or any other unusual details.
2. Link or language: If you do know the sender, is this how they usually speak to you? If there is a link in the message, is there anything unusual about the way the link looks?
3. Out of context: Is the sender asking you to do something strange or unexpected? For instance, if you receive an email from your executive director asking you to send funds to an account, and you don’t work in finance, it is probably a phishing attempt.
4. Why: If you ask yourself, “Why am I getting this?” and the answer is, “I have no idea,” then it’s best to either ignore it or double-check with the source.

Additional Resources

Looking to learn more about cybersecurity? Here are additional resources specifically designed for nonprofit organizations:

1. NTEN’s Cybersecurity Resource Hub‍
2. Essential Security Resources for Nonprofits: TechSoup‍
3. Cybersecurity Toolkit for Mission-Driven Organizations: Global Cyber Alliance

Like what you’ve read? Click here for more articles and other resources on data management for nonprofit organizations.

‍

‍

‍

‍

‍

‍