Cyber Security for Nonprofits | Steps to Address Cyber Security Risks

Cyber Security for Nonprofits | Steps to Address Cyber Security Risks

nonprofit cybersecurity

The coronavirus pandemic has ushered in a new normal of staying indoors, working from home, and staying online for a considerable length of time.

As everyone is at home, global internet usage has reached unprecedented heights. This has even prompted streaming giants like Netflix and YouTube to reduce video quality and prevent the internet from breaking!

There’s a high degree of chaos and uncertainty – two factors that cybercriminals rely on to perpetuate their schemes on all sectors of society – from governments to hospitals and individuals to nonprofits – no one is safe these days.

According to the University of Maryland, hackers are as prevalent as the virus, attacking every 39 seconds and 2,244 times a day on average. These attacks are mostly probing attempts to find vulnerabilities in systems that can be exploited. Although not all the attacks are successful, the assault vector is wide.

Still, the sheer volume of cyberattacks paints a grim picture of the risks organizations and individuals face during this trying time. There are pros and cons to the new normal, but the threat facing everyone is as real as it can get.

Nonprofit Organizations Remain a Top Target.

Cybercriminals are opportunists, and they love an easy target. Nonprofits have long been viewed as low-hanging fruit by threat actors mainly for two reasons:

  1. Most nonprofits have almost no cybersecurity measures in place to protect against cyberattacks due to limited staffing and a dedicated budget.
  2. The data nonprofits collect on individual donors, corporate contributors, partners, vendors, and charities are a gold mine. Personally identifiable information such as names, addresses, credit card details, email, and phone numbers are all there.

To further emphasize the problems most nonprofits face, let’s take a quick look at some numbers.

Multi-Factor Authentication (MFA) is important

  • More than half of all nonprofits (56%) do not enforce multi-factor authentication (MFA) for online account logins, according to NTEN.

MFA is an extra layer of security that requires users to login using their username and password, plus a passcode generated by an authenticating device, an authenticator app, or a text message sent to the user mobile phone. Without the passcode, the account can’t be accessed even if the username and password are correct. A hacker would need to have access to the target’s mobile phone or authenticating device to be able to breach the account.

  • More than 70% of nonprofit organizations haven’t conducted a single vulnerability assessment to check for potential risk exposure.

Most nonprofits don’t take active cybersecurity measures because they do not know the risks and vulnerabilities that can affect them due to a lack of regular risk assessment procedures.

  • More than 80% of nonprofits don’t have a strategy to deal with cyberattacks.

Having a robust and comprehensive cybersecurity solution can help mitigate the risks and reduce the impact of a cyberattack. A security policy can help improve response times and provide employees with concrete steps to address the issue.

Most significant Risks in Nonprofit Cyber Security.

Since nonprofits collect and store valuable data, cyber-criminals launch attacks in various ways.

1. Data Breach.

cyber security for nonprofits

A data breach happens when an attacker gains illegal access to proprietary or personally identifiable information via malicious insider activity (inside job), employee negligence, or third-party attacks. Data breaches happen all the time and make headlines when big companies are targeted. The latest high-profile breach involves Marriott (again) when hackers can get the login details of two employees and compromise 5.2 million users. While nonprofits don’t have nearly as much volume, the effects of a breach can still have ramifications in both trust and reputation.

2. Forced Downtime.

nonprofit data security

Some cyberattacks target nonprofits to bring down their systems and compromise their mission due to ideological differences with other sectors of society. Sometimes, employee negligence can lead to malware infecting the network and shutting down essential systems. Downtime of any sort can get in the way of critical work done by nonprofits.

3. Ransomware.

cybersecurity for nonprofits

Ransomware is a type of cyberattack that takes your data or system hostage until a payment is made. Once the victim makes the payment, the attackers either fulfill their end of the bargain, give back access to the data, or choose not to. These criminals have no obligation to give the data back. Many often take the payment and run, which is why paying the ransom isn’t a good idea. Some criminals even nuke the data even after getting paid.

Cybercriminals deliver their attacks in many ways, including malware, phishing, Denial-of-service (DoS)/Distributed-denial-of-service (DDoS) attacks, SQL, and Drive-by attacks.

The Importance of a Secure Donation Platform.

Nonprofits that rely heavily on fundraising and donations can be severely affected by the slew of cyberattacks occurring during the pandemic, or at the times when the society is undergoing a volatile phase.

Organizers that collect and store donor information are more at risk. Any data breach could result in a loss of trust and finances.

Donor trust takes time to build, which is why it’s essential to use a secure donation platform that keeps donors and donations protected from cybercriminals. Look for a donation system that has built-in safety features that can detect and guard against campaign fraud.

Platforms must be protected by SSL/TLS encryption technology to ensure that the checkout process is secure at all times. Protecting your donor’s personal information is crucial to building trust.

Other safety features to look out for are robust customer authentication that complies with global standards and the tokenization of all credit card and bank account data, so nothing is stored on the platform.

Building donor trust isn’t all about security. A good donation system, such as Donorbox, also adds to the efforts toward strong donor relationships by offering a fast and streamlined checkout process. Donorbox’s powerful software also accepts online payment methods and multi-currency support from anywhere in the world for increased donations.

Steps to Prepare for a Cyberattack.

Since nonprofits are the favorite target of cybercriminals, it makes sense to have a security plan. You can reduce your cybersecurity risk by adopting the following methods.

nonprofit security

1. Document Your Protocols.

Most nonprofits don’t have any cybersecurity documentation in place, which can lead to chaos if there was ever an attack. A robust cybersecurity policy can make your digital footprint smaller and lessen the probability of an attack from happening in the first place. Document protocols can give teams quicker access to information that can help minimize the effects of an attack.

2. Train Your Staff.

A whopping 60% of all nonprofits don’t have cybersecurity training programs for their staff. Training users on best practices and online hygiene can go a long way to reducing the risks of a cyberattack on using identity theft protection for staff. User negligence and poor computer hygiene, such as using weak passwords, are the leading cause of cyberattacks and data breaches. Security data suggests that more than 86% of all passwords in use are vulnerable. Proper employee training can fill in the gaps in your security protocols.

3. Create Backups and Redundancies.

You should create multiple instances of crucial data and system redundancies both in a physical server and the cloud, so if one instance gets compromised, you have backups ready to be deployed. Having backups reduces the damage that a cyberattack can cause to your mission.

4. Make Your System Resistant to Attacks.

Harden your system by using security software such as a firewall, VPN, and antivirus. It would be best if you did a security assessment to see where you are most vulnerable and get software or tools to help shore up your defenses in these trouble areas. Enforce multi-factor authentication on all accounts for an extra layer of security. A firewall can help keep the bad guys out. In contrast, an antivirus/anti-malware solution can help your system be free of infection by flagging dangerous emails and keeping you away from infected drive-by websites.

5. Update Your Operating System and Patch All Software.

Make sure your systems are running the latest OS version and that all software has been patched against known vulnerabilities. Make it a point to conduct regular updates to ensure you’re not running anything that a hacker can exploit.

6. Have a Dedicated IT Expert or Consultant.

If you have the budget for an in-house IT team that can handle your cybersecurity, please start hiring IT professionals. Having someone monitoring your system and network can help detect and repulse threats as they arrive. You can also hire an IT consultant that can do weekly checks and monthly security audits.


Nonprofits deliver aid and help the most vulnerable members of society when most governments cannot. Their mission is critical, which is why it’s disheartening to know that even organizations that help malicious cybercriminals are targeting others.

If you’re a part of a nonprofit organization, know that you’re not exempted from cyberattacks. Take all the necessary steps to harden your system in the event of a breach.

Remember, you’re collecting and storing personally identifiable information that criminals want, so you must ensure that your donors’ trust isn’t misplaced. Having a cybersecurity protocol in place to help prevent cyberattacks. Remember to take the steps necessary in reducing data collection that serves no purpose.

About the Author

Daniel William is Content Director and a Cyber Security Director at IDStrong. His great passion is to maintain the safety of the organization’s online systems and networks. He knows that both individuals and businesses face the constant challenge of cyber threats. Identifying and preventing these attacks is a priority for Daniel.

Join us in serving the nonprofit world!

Take your donor experience to the next level!
Join the 50,000+ nonprofits already raising funds online.
Join Our Newsletter
Get a monthly curated round-up of our best posts and feature updates. (You can unsubscribe anytime.)
Join Our Newsletter
Get a monthly curated round-up of our best posts and feature updates. (You can unsubscribe anytime.)
Join a 30min Live Demo to see how Donorbox can help you reach your fundraising goals!
Join a 30min Live Demo to see how Donorbox can help you reach your fundraising goals!