5 Essential cybersecurity tips for nonprofit organizations

May 27th, 2019
5 Essential cybersecurity tips for nonprofit organizations

Nonprofit organizations (NPO) carry out crucial work all over the world, but while they’re supporting at-risk communities, cybercriminals are out in force to exploit their noble deeds. Because NPOs often enroll temporary volunteers and collect online donations, they’re considered easy targets for ransomware, social engineering scams, and a multitude of other threats. Their limited technology budgets don’t exactly help either. Fortunately, the following tips show that implementing good data security and privacy practices doesn't have to be expensive.

#1. Access control

Most data breaches and other forms of cyberattack occur due to social engineering scams whereby criminals exploit human ignorance to steal login credentials. Most people have developed poor password habits too, which makes them easy targets for information theft. It’s the main reason why over-reliance on passwords is a big mistake, particularly in the age of cloud and mobile technologies. That’s why you should always add an extra verification layer to confirm a user’s identity. For example, you can add your mobile or email as an extra step to verify your login.

#2. Security awareness training

One of the things that makes nonprofits so vulnerable is that they routinely enroll volunteers on a temporary basis. Often, these volunteers have little or no information security expertise or experience. If your organization handles sensitive data, such as payment card information or health records, you’re legally obligated to provide training on matters of security and privacy. Even if compliance isn’t a concern, security awareness training is always important since people are always the first and last line of defense against cyberattacks. Conducting regular phishing scam simulations will help your volunteers become more aware of online threats.

#3. Outsourced expertise

Few NPOs can afford the luxury of having dedicated and fully equipped IT departments. Even if they can, it rarely makes financial sense given the availability of cheaper alternatives. Rather than pay the lofty salaries demanded by full-time cybersecurity experts, you can instead outsource your IT department, or at least your security needs, to a third party. Managed IT services providers (MSPs) who have experience working with NPOs usually offer a full range of technology services to keep your data safe for a fixed monthly fee.

#4. Data encryption

Many nonprofits have volunteers working out on the field, accessing IT resources on the move from portable devices. Often, this involves connecting to unsecured wireless networks to reach critical cloud-hosted resources. Unfortunately, any data sent across such connections can be intercepted by an eavesdropper. What’s more, mobile devices are at a much higher risk of loss or theft. However, if all data is encrypted, it will be useless to the hacker. Most platforms support data encryption, but you can also add an additional layer of protection by having your volunteers connect through an enterprise-grade virtual private network (VPN).

#5. Multilayered protection

Antivirus software isn’t enough to protect your digital assets. If all you have are basic protections and a network firewall, your security infrastructure will be about as robust as a soft-boiled egg. Instead, you need multiple layers of protection for your network, endpoints, and any cloud-hosted infrastructure you need. Intrusion detection and prevention, multifactor authentication, firewalls, and antivirus software are all important, but it’s also a good idea to have an overarching external layer of protection. MSPs offer services that monitor all network traffic externally to guard against threats both outside and within.

Fidelis provides a full range of IT services to nonprofit organizations in Seattle and Portland. Call us today to find out how we can make your technology infrastructure safer.


For many businesses, complying with the GDPR’s specific data security and privacy requirements may sound daunting, but it doesn’t have to be. Our eBook Navigating the Data Privacy Labyrinth: A Guide to GDPR Compliance can simplify your compliance journey.GRAB YOUR FREE EBOOK HERE!