[GUEST POST] 9 Tips for Strengthening Your Nonprofit’s Cybersecurity

You might be growing tired of hearing about cybersecurity. It seems like it’s everywhere in the news. It can also seem complex. And it can be challenging to even know where to start.

But there’s good reason to take the time to establish cybersecurity principles and guidelines for your nonprofit. Just think: We each have different experiences and expectations when it comes to being aware of cyber-related risks. And because using email and other digital tools is unavoidable in today’s workforce, it’s critically important that everyone on your staff knows how to safeguard themselves and your nonprofit against potential loss or harm and to approach cybersecurity consistently.

Nine tips for strengthening your nonprofit’s cybersecurity

With these things in mind, here are some general tips to help strengthen your organization’s cybersecurity practices:

  1. Don’t take anything for granted.
    Be skeptical if you receive an email or other request that asks you to follow a link or download a file unless you’re certain that the request is legitimate. Pausing to evaluate and verify requests like these can help to reduce security risks.
  2. Use password best practices and enforce multi-factor authentication.
    Using a unique password that’s at least eight characters long for every account (and even better, using a unique passphrase or password generator) builds a stronger line of defense against cyber threats.

    Another great approach is enforcing multi-factor authentication (MFA) for critical accounts. In fact, according to the Microsoft Digital Defense Report 2023, MFA is 99.2% effective in reducing the risk of cyber threats and deterring cyberattacks.

  3. Limit the amount of personal information that you post publicly.
    This type of information can be used by threat actors to impersonate friends and family and help them to carry out scam attempts.
  4. Pay close attention to email.
    Save sensitive information somewhere other than email messages and delete the email messages that contain that information to avoid the data being captured in case of an email account breach. Also, when sending highly sensitive data via email, use encryption if possible.
  5. Protect your systems.
    Be sure to back up your organization’s data somewhere outside of your nonprofit’s network and update it regularly.
  6. Develop sound security policies.
    Take the time to establish a set of security principles and guidelines for your organization. Provide your staff with training on these policies and make attendance a requirement.
  7. Communicate.
    Be sure to have a clear process for your staff to report any security issues. Use company updates to keep staff informed about any security changes or issues that arise.
  8. Have a plan.
    Chances are that your organization will encounter some level of cyber threat or attack at some point. Be sure to have a documented plan in place to respond to incidents, and let everyone on your organization’s staff know who is responsible for what action in case of an incident.
  9. Train your staff.
    Security training is not a one-time occurrence. Provide staff with cybersecurity training regularly to ensure that every staff member has the latest information and to emphasize the importance of strong and consistence security practices.

Learn more insights and tips about strengthening cybersecurity for your nonprofit

Strengthening defenses against cyber threats is vital for every nonprofit. Learn more valuable insights and practical tips for identifying potential security risks and empowering your employees to become your strongest line of defense against cyberattacks: Watch the on-demand webinar, Building a Human Firewall: Strengthening Security Awareness for Your Nonprofit.

Sam Danna, Founder, Muuntower Security

Sam founded Muuntower Security in 2023 to serve nonprofits with their cybersecurity needs. Before Muuntower, Sam also served in the U.S. Army and worked as the Lead Offensive Security Consultant for a global managed security services provider.

Leave a Reply