top of page


"blogger, InfoSec specialist, super hero ... and all round good guy" 



Strategies for Securing Nonprofit Networks

Nonprofits often think about how to attract more volunteers or achieve a greater reach with their fundraising initiatives. However, getting targeted by cybercriminals is a possibility that may not come up for discussion.

Nonprofits Are Vulnerable

Unfortunately, though, nonprofits are at risk for cyberattacks. That’s the case for several reasons. For example, they often don’t prioritize hardware and software purchases, meaning their equipment could be outdated and not properly secured.

Sometimes, that lack of security extends to websites, too. One issue that’s particularly problematic for nonprofits is the so-called “pharma hack,” which happens when cybercriminals use a back-door entry point to access websites and turn them into pharmacy websites.

Washington’s Brightwood Civic Group was among the victims, and its members didn’t even know what happened until a newspaper reporter alerted them.

Evidence suggests WordPress sites are particularly targeted for this hack due to their open-source nature and popularity. Specifically, criminals frequently infiltrate the sites due to out-of-date WordPress plugins.

There are similar cases of hackers hijacking sites and displaying messages on them that could scare people away and discourage them from donating.

The Autism Foundation of Tennessee got hacked by a group called Team System Dz that’s reportedly responsible for thousands of other incidents. The content displayed on the site showed support for ISIS, although it’s not known whether the hackers actually have ties to the terrorist group.

Hackers often know nonprofits have limited numbers of staff, which makes it more difficult for organizations to recover from these incidents.

Little Red Door, an Indiana-based cancer charity, had its data stolen in a ransomware attack. Representatives opted not to pay the ransom because the organization didn’t store content with sensitive details, but they were still trying to re-enter the stolen data several months later. One staff member pitched in to help while going through chemotherapy treatments.

Now that you know how and why nonprofits could fall victim to cyberattacks, what can you do to reduce that possibility?

Invest in Secure, Nonprofit-Friendly Tech Tools

Many applications and platforms marketed to nonprofits make security a priority. For example, Volgistics’ volunteer management tool uses up to 256-bit secured-socket layer (SSL) data encryption to keep organizations safe. Also, Comodo provides nonprofits with donated or discounted end-point security solutions, thanks to a partnership with TechSoup.

It’s important to first think about how technology could help your organization succeed. Then, search for options that offer excellent security.

Create a Network Security Policy

Keeping your nonprofit’s network secure is a team effort. Spend time getting input from all employees and volunteers about steps to take to secure the network and why those precautions matter.

In a 2016 survey of nonprofits, nearly half of the respondents said they hadn’t done cybersecurity assessments in the last year.

However, it’s essential to take a baseline measurement to assess your organization’s risk. Doing that will also put your nonprofit in a good position to know which aspects to focus on while coming up with a policy.

Implement a Better Password Strategy

Despite reading tips to the contrary, people often use the same passwords across multiple sites and never or rarely change them. Those password-cracking practices are compromising your nonprofit’s network by making it easier for hackers to do damage once they gain access.

If you’re worried about people losing productivity because they forget their passwords, consider implementing a password manager. They typically require users to recall only one master password to interact with all the protected content they use.

It’s crucial to spend time researching the various password managers and determining which one is most appropriate for your nonprofit. Also, plan a short trial period where a segment of your organization starts using the tool and gives feedback on their outcomes.

Run Virus and Malware Scanners Regularly

Sometimes, hackers embed things on individual computer systems or in email attachments that go undetected for months. Besides teaching staff members not to download files from unfamiliar sources, get in the habit of running a virus and malware scanner at least every couple of weeks.

Taking that step reduces the chances that something will stay on a user’s machine for a substantially long time and cause damage in the background while remaining undetected.

Plan Periodic Staff Training Sessions

The people who work at your nonprofit need to stay abreast of the latest network security concerns to help safeguard against them. Training sessions can give them the most current information and emphasize how they can play their parts.

To make the material as applicable as possible, use some of the case studies like those mentioned above to highlight how creative hackers can be and the overall effects they may have on an organization. Also, ask attendees which topics they’d most like to hear about during future sessions to make it clear you care about their opinions.

Any Nonprofit Is a Potential Target

A pervasive myth about nonprofit network security is that if an organization is small or not nationally known, hackers won’t target it. The instances discussed above debunk that line of thought, reminding us that there’s no reason to delay making your network more secure.

Written by:

Kayla Matthews

bottom of page