Monday to Wednesday, 10am - 4pm, ET
1.855.281.5499 (toll free)

Protect Yourself: 3 Workplace Cybersecurity Tips All Nonprofits Should Follow


John MasonBy: John Mason, Analyst at

This post is the second in a two-part series about workplace cybersecurity for nonprofits.

In part one, we established that understanding your own data and risks is the first step. You always have to know what data is sensitive and in need of protocols and protection. 

Here are three actionable tips that all nonprofits should follow to ensure workplace cybersecurity is always up to par. 

1. Use the right software

Criminals use advanced means to attack nonprofits. But cybersecurity tools are advanced too. With the right software, you can protect your organization from a malicious attack.

A struggle that many nonprofits face is, of course, securing funding. That means you might be working on computers with ancient software. 

Up-to-date software can be costly, but it’s less expensive than dealing with a cyber attack. It’s estimated that 60% of small businesses go out of business within six months of a data breach. So reputable technology is worth the investment.

Each of your computers and devices needs to be protected with antivirus and antispyware software. This software should be updated regularly to ensure the best defense.

This is how most antivirus providers work:

The software is present in the background while you perform daily tasks. When a threat is detected, an automated check begins and you are alerted. Antivirus software prevents viruses coming through automatically, so you don’t have to worry.

Along with securing devices, you need to have a secure internet connection. Modern Internet browsers such as Chrome and Firefox are good at protecting you from anyone that might be tracking your movements while you browse the web.

But you may want to go a step further to protect your connection. Firefox says,

“When you surf the web, you leave footprints that Firefox can’t erase — your IP address is logged at the sites you visit and your ISP may keep records...a VPN can hide those footprints from prying eyes and add an extra layer of security against hackers.”

A VPN provides a secure, encrypted link between your device and the Internet server. There are numerous cheap VPN providers, so do your research to find the best for your organization.

A safe Internet connection and secured devices are a strong defense against cyber attacks and requires little work on your end.

2. Make sure online donations are safe

Cybercriminals are looking to make money. The obvious victims to target are your donors. Imagine the repercussions if hackers were able to access your donors’ information. Not only would they suffer, so would the causes you’re supporting. Plus, it might make people think twice about offering a donation to your organization again.

In 2015, the Utah Food Bank in Salt Lake City came under attack  and the personal information of around 10,000 supporters was compromised. It is unclear whether the information came into the possession of the wrong people since the attack was carried out by a robot.

The UFB learned a lesson: “The security of our donors’ information is our top priority as they would be less forgiving if another incident were to occur,” Kent Liston, CFO said.

How do you ensure the security of donor information?

Well, UFB added PayPal as an option for donors so that they wouldn’t have to enter sensitive information when donating. 

If you don’t use PayPal, make sure you use another reputable online payment processor. There are some that work specifically with nonprofits. 

Network for Good provides donor management software. 

Mighty Cause allows you to create fundraising pages and build a community of supporters on their platform.

Here are some points to keep in mind when assessing an online payment processor:

  • Meets the Payment Card Industry (PCI) standards.
  • Data is portable so you can transport it if you decide to leave the platform.
  • Prior experience with nonprofits.
  • 24/7 support.

Donor security should be a priority given the sensitive nature of the data involved.

3. Make passwords strong

We can’t talk cybersecurity and not mention passwords. It seems basic to tell you to make your passwords and authentication measures strong. But you’d be surprised by how many people fall short.

The most commonly leaked passwords of 2017 were “123456” and “password”. I bet cybersecurity officers are tearing their hair out the world over with those results.

Hopefully, you don’t have any terrible passwords guarding your critical data like those. But there are other mistakes you might not realize you are making.

Do not have the same password for multiple accounts. If somebody works out your email login is “stupidpassword123,” then they can get access to all of your logins.

It can be difficult remembering multiple unique logins. Thankfully there are programs, such as Dashlane and LastPass, that can store all passwords for you and your team in a secure online vault.

What makes a password secure anyway?

According to cybersecurity firm Webroot, “The key aspects of a strong password are length ( longer, the better); a mix of letters (upper/lower case), numbers, and symbols; with no ties to your personal information, and no dictionary words.”

Now it’s your turn to take a look at what cybersecurity measures you already have in place and where you can improve.

About the author: 

John is a WordPress, cyber security, and privacy enthusiast, working as an analyst for