HomeNonprofit Tech GuidesYour Easy to Understand Guide on Cybersecurity for Nonprofits and How to...

Your Easy to Understand Guide on Cybersecurity for Nonprofits and How to Protect Your Mission

It’s usually the last thing on nonprofit professionals’ minds. 

But, honestly? It should be one of the first! 

We’re talking about cybersecurity for nonprofits, here. 

Now before you click the little back button because this is a boring topic, hear us out. There’s a reason why we’re talking about protecting your mission. 

You may think “who in their right mind would hack a nonprofit?!” And we’re with you on that. But The Economist is claiming that the most valuable resource in the world is data. 

And how do nonprofits operate? Through collecting data. 

So, to help make sure your donor data is secure, we’ve created an easy guide on cybersecurity for nonprofits. 

A person sits at a laptop and uses credentials to log into nonprofit cybersecurity software.

Cyber Attacks and the Lack of Cybersecurity for Nonprofits

The Blackbaud Cybersecurity Case:

Flashback to May of 2020 (we know, none of us want to go back there).  

In the midst of everything else going on, the nonprofit sector was directly affected by a major cyber attack. Blackbaud, a popular CRM software for nonprofits, was hacked, and what’s known as a data breach occurred. 

According to the BBC, bank account info and users’ passwords were just some of the information that was stolen. 

This cyber attack is case in point of why nonprofits need to keep cybersecurity top of mind! 

By the way, if you want to take the first step towards protecting your nonprofit data, check out Charity How To. They have a free webinar on how to manage passwords – a crucial part of cybersecurity!

What Are Cyber Attackers Normally After Within a Nonprofit? 

Because nonprofits typically operate on tight budgets, and because they’re raising funds to be donated for certain causes, people think cyber attackers aren’t after the nonprofit sector. 

But think of it this way, instead. Your nonprofit isn’t just collecting money. It’s collecting valuable information which can lead to more money elsewhere. 

Nonprofits collect email addresses, credit or debit card information, physical addresses, even social security numbers for volunteers and staff. 

All of that? It’s like candy to a cyber attacker. 

Not only are they often after that kind of information, but that information is legally private info. Which means it should be protected at all costs! Plus, if your nonprofit were to face a cyberattack, how would it make your supporters feel? They may lose trust in your organization! 

So keeping their safety a priority goes a long way. 

What Kind of Cyber Attacks Are Out There? 

Cyber attacks, believe it or not, aren’t one-size-fits-all. There are multiple kinds of attacks that can wreak havoc on your nonprofit organization if you’re not prepared. 

Here are the main cyber attacks to prepare for: 

A laptop is open to a code page for a website.

Ransom Attacks

A ransom attack involves a hacker taking over your website or even certain platforms you use in your nonprofit organization. The hacker doesn’t allow you access to it. Then, they quite literally hold all of that valuable information for ransom. They’ll demand a specific dollar amount for you to pay in order to get hold of your data again. 

Data Breach

When it comes to cybersecurity for nonprofits, this is the one most professionals think of. A data breach is exactly what happened with the Blackbaud cyber attack. 

With one of these attacks, a hacker gains access to specific databases. They then are able to pull the data in it and sell it to the highest bidder. They’re often looking for information like bank information, personal passwords, and even social security numbers. 

Forced Website Downtime

Some cyber attacks involve crashing your entire site. Hackers can cause a rush of bots to clog up your servers so no real supporters can get onto the site and make contributions. 


Malware is another “common” cyber attack people think of when they think of cybersecurity for nonprofits. 

This type of cyberattack involves using software designed to cause problems in your systems. It’s a way for hackers to gain control over your systems and lock you out, extract data, or just totally make your systems inoperable. 

Viruses, Trojan horses, and the like are all types of malware. 


And finally, we have phishing. This is usually done over email, and it often acts like a gateway to malware. Usually, someone checking their inbox might see an email that’s “fake.” They click on it, and that’s how the malware spreads. 

For a nonprofit organization, phishing emails may be sent to your staff or volunteers. And they’re designed to look like official emails from your organization. Your supporters then click on the email, and the rest is history.

How to Protect Your Organization from Cyber Attacks:

We know it’s important to address. But how do you actually address cybersecurity for nonprofits? What are some of the basic steps to take to make sure your mission and your supporters are protected? 

We’ve got three steps to take to help you:

 A person holds an iPad that’s open to a VPN security page.

1) Figure Out What Data Your Organization Collects

First up is to look through your processes and workflows for your organization. What donor data does your nonprofit collect from its supporters, donors, staff, and volunteers? 

Some of the information for donors and supporters might look like email addresses, credit or debit card information, physical addresses. 

And some of the information from staff and volunteers might even include social security numbers and payroll information like bank account numbers. 

Once you have a list of what you collect, ask yourself this: Where does it go? What do you do with it? And who manages it? 

Then, figure out if you can reduce the amount of information you collect. That lowers your risk of a data breach. So from the list of information you collect, is there anything you don’t need? 

2) Get Familiar with Confidentiality Laws

Did you know this? If you collect personally identifiable information, you’re required in 47 states to inform persons of a security breach. 

And if a data breach does happen, the Federal Trade Commission’s Disposal Rule means you’ll have to dispose of information in consumer reports and records. 

It’s a good idea to read up on those laws and requirements so you know exactly what to do in the event of a cyber attack. That way, you’re protected legally! 

3) Prevent Any Cyber Attacks with Nonprofit Cybersecurity Software

The best way to handle the risk of cyber attacks? Is to prevent them from happening in the first place. 

That means getting virus and malware nonprofit cybersecurity software. It also means finding software to protect your website from hackers. 

And with your software, make sure you have security measures in place to prevent cyber attacks. So, what can you do to boost cybersecurity for nonprofits? 

1. ) Use admin controls and locks to prevent hackers from getting personal and private information

2. ) Create a cybersecurity plan in case there’s a data breach, and make sure the right team members are trained, too

3. ) Use multiple layers of security including encrypting data for private information

4. ) Read up on those laws and regulations. 

5.) Train and educate your staff and volunteers in cybersecurity for nonprofits. Make sure they’re aware of the types of cyber attacks. And make sure they report any suspicious activity like emails that look odd. You can even include a virtual training session through your volunteer management system!

A nonprofit volunteer uses a secure device to log into her volunteer portal on her phone.

If you’re collecting any type of information from any of your supporters, then cybersecurity for nonprofits should be a big ol’ priority! 

But if you don’t have a security plan in place, don’t worry. You’re not alone! You can start securing your mission with some of the best cybersecurity software for nonprofits

Want to take the first step in securing your nonprofit? Check out this free webinar at our sister site, Charity How To on how to manage your passwords! 

GV-One has everything you need to launch community-generated video campaigns. Starting at:

  • No long-term Commitment: Month-to-Month subscription start and stop at any time
  • Self-service Instant Access vs. 2-4 week implementation process
  • Get up to speed fast with on-demand training

Learn More (Save 90% Now!)


Most Popular

Recent Comments