8 Tips for Better Nonprofit Cyber Security

What Your Charity Can Do To Protect Against Cyber Attacks

Computer with safe key.
Gregor Schuster/Photographer's Choice RF/Getty Images

The organizations and businesses that have been hacked just keep piling up. From banks to healthcare to retail to government agencies, cybersecurity experts are scrambling to plug the holes.

Sadly, nonprofits are not exempt.

Nonprofit organizations handle volumes of sensitive data every day. Client records, donor information, confidential emails, and hundreds of other transactions pass through our organizations.


How concerned should nonprofits be in the face of recent cyber attacks and security threats? How can we ensure that our sensitive data is secure, and how can we assuage donors’ fears as more and more hacking scandals come to light?

Here are 8 tips for how your nonprofit can respond to cyber security threats.

1.  Make it a priority.

In an interview with Third Sector Today, Cyber Security Expert Chris Dufour recommended making data security a priority for all organizations, much like making payroll.

Dufour warned against falling prey to the common myth – “Who would want to hack US?” You never know who may have “nefarious purposes” – it’s always better to be safe than end up on the front page of the local or national newspaper.

2.  Upgrade your computers.

Many nonprofits I know still use Windows XP, even though it is 12 years old. Did you know that Microsoft completely stopped supporting Windows XP this year?

That means that computers running the outdated software are now much more vulnerable to cyber attacks and hackers.

I wholeheartedly agree with Microsoft’s statement on the topic:

“In the past 12 years you’ve probably gotten a new phone, maybe a new TV, and possibly even a new car. Maybe it’s time for a new PC too, so you can make sure you have more memory and storage, faster processing speeds, and a higher-quality display (some even come with touch). And they’re less expensive than you might think.”

The older your operating system, your computers and your network, the more susceptible they are to data breaches – it’s as simple as that. No budget for new computers? The nonprofit TechSoup collects and disseminates technology donations to nonprofits, and they offer many software and hardware products at a steep discount.

3.  Train and inform employees and volunteers.

You may assume that your employees and volunteers understand terms like spear-phishing and how to recognize malicious links in emails and website pop-ups. Never assume!

Get professional training on how to protect against viruses, malware, spyware and other items that can easily be added to nonprofit computers with just the click of a button. Make sure everyone who has access to the organization’s computers is on the same page and alert to these kinds of threats.

Develop strict policies on what employees can download from the Internet and have restrictions on downloading new applications without the sign-off of an IT person or supervisor.

4.  Focus on passwords.

Do not have the same password for every social network and website you access! Change it slightly and make sure to keep that information in a secure location. I like Dashlane as a password manager – you only have to memorize one password and enter all your other logins into their system.

What makes a great password? According to Tony Bradley there are at least six ways to build a strong password. They include mixing up the types of characters you use (numbers, letters, symbols) and not using words you can find in the dictionary.

5.  Invest in reputable nonprofit technology.

Do you still send PDF attachments through Outlook for your email newsletter? Is your database kept in an Excel Spreadsheet on your desktop?

It’s time to upgrade to 2014. Use an email provider like Constant Contact or MailChimp to send email blasts and fundraising appeals. Explore purchasing a CRM system like Blackbaud or Salesforce to keep information on donors, volunteers, supporters and the like.

Investing in reputable, dependable technology systems for your organization is a huge step in securing data and ensuring efficient processes for years to come.

6.  Use a reputable online payment processor.

Many donors want to give online. Blackbaud found that online donations grew an average of 13.5% in 2013 and are slated for double-digit growth again this year.

Donors will not give online if the payment process is complicated and insecure. From what I have seen online, the majority of nonprofits use PayPal, but I recommend giving donors another option as well. Many people (myself included) do not like PayPal as it has suffered serious security breaches in the past. You might consider third-party services specially designed for nonprofits, such as Network for Good or Razoo.

7.  Stay calm.

Do not think that because of the recent rash of cyber attacks that you should panic and shut down all services connecting to the Internet. That would not be wise nor practical.

Using cloud-based services like Google and storage applications like Dropbox are among the most cost-effective tools for nonprofits. The key is to ensure that the data stored in the cloud is secure and encrypted. (For more on data encryption, read this article from the First Nonprofit Group.)

8.  Stay informed.

Privacy policies are constantly changing. It is our responsibility as nonprofit professionals to be aware and informed of these changes and how they will affect our nonprofit data security.

It is important to remember that this is an age of very limited privacy – if there is still any real privacy at all. Being as transparent and accessible as possible is important to build and maintain trust with your supporters and with the community at large.

More resources:

How a Times Cybersecurity Reporter Protects Her Data. And What You Can Do to Protect Yours.

A NonProfit Technologist's Guide to CyberSecurity and Data Protection

Security Resources for Your Nonprofit or Library

 NetAction's Cyber Security Checklist

Julia Campbell is a regular contributor to this site. She is an expert on digital marketing and social media strategy for nonprofits. Check out her bio for info about her blog, speaking, and consulting services.