The Role of Cybersecurity for Nonprofit Organizations

The Role of Cybersecurity for Nonprofit Organizations Main Photo

28 Feb 2024


Technology

By Jay Werth

News of cyber-attacks and data breaches have recently crossed our news streaming platforms at a frighteningly increasing rate. Already in 2024, dozens of companies in all industries, ranging from American Express to United Health, have reported breaches affecting millions of customers. A recent Harvard Business Review analysis cited that, globally, the number of cyber-attack victims doubled in 2023 compared to 2022 – and nonprofits have certainly not been exempt from this nefarious criminal activity.

As with businesses and other entities, nonprofit organizations must rely on cybersecurity as a crucial parameter in their operations now – not later. Nonprofits handle sensitive information such as donor data, financial records, and confidential organizational information. Safeguarding this data is essential to maintain trust, ensure compliance with regulations, and protect the organization’s reputation.

Why Do Cyber Attacks Occur? 

The motives behind cybercriminal attacks range from financial gain to corporate espionage or disruption of operations. Stolen donor information may be used for identity theft and phishing attacks, while financial data can lead to fraudulent transactions. Sensitive organizational information may also be exploited for corporate espionage or extortion.

Common Types of Cyber Attacks and How to Prevent Them 

Cyber attackers employ various methods to access data from nonprofit organizations, exploiting vulnerabilities in their systems, digital networks or human counterparts.

A few of the most common types of cyber attacks and ways to prevent them include:

  • Phishing attacks, where emails or calls soliciting sensitive information can trick employees or volunteers into revealing information such as login credentials. These emails or calls may appear legitimate, often mimicking official communications from the organization. Employees should be made aware of these possible scams and encouraged to report any instances of these incidents.
  • Malware and ransomware are malicious software used to infect nonprofit systems. Once inside a system via unwitting download or forceful entry, malware allows attackers to steal data, encrypt and lock files for ransom or disrupt operations by causing software to malfunction. Individuals using company equipment or networks should be careful of attachments, use reputable antivirus and anti-malware software and be trained to respond to suspicious links. 
  • Credential stuffing, using leaked passwords often gathered from other breaches and shared on the dark web, is another common tactic. Weak passwords used by employees or volunteers, including common or easily guessable phrases, may allow attackers to access nonprofit systems easily. Therefore, the importance of strong passwords, regular password changes and multi-factor authentication (MFA) for an additional layer of security cannot be undervalued.
  • Unpatched or outdated software and systems can leave vulnerabilities open for exploitation. Attackers often target outdated software with known security flaws to gain unauthorized access. Software and systems should be updated regularly to prevent these issues from occurring. 
  • Third-party risks are a significant issue to be aware of. Third-party vendors, software or service providers with access to company systems or information are susceptible to data breaches depending on their security practices. Nonprofit organizations should vet and select vendors with strong security practices, include security requirements in contracts with their vendors, and regularly audit the security measures of external partners. 
  • Organizations ordinarily don’t like to consider insider threats, but they can pose a significant risk through malicious intent or unintentional security lapses. Current or former staff members may misuse their access privileges or leak information. To prevent this, organizations should restrict access to only what is necessary, monitor and audit user activities to detect unusual behavior and conduct training on security best practices. 

Create a cybersecurity strategy

To recap, there are basic steps non-profits can take to protect sensitive data and mitigate risks against these threats. These include implementing a comprehensive cybersecurity strategy involving employee training, encryption, access controls, regular updates, continuous monitoring and multi-factor authentication. However, as with most solutions, one-size-does-not-fit-all for implementing protective measures. Regular security audits and assessments can help identify and address potential vulnerabilities before cyber attackers exploit them. Additionally, fostering a culture of cybersecurity awareness among staff and volunteers is essential to mitigating risks.

Nonprofits should invest in cybersecurity measures appropriate to their organization type and risk profile and consult with experts to stay ahead of rapidly evolving cyber threats. Staying informed about the latest cybersecurity threats and best practices is crucial for maintaining the security of sensitive information.

Convergent Nonprofit Solutions is comprised of some of the best, brightest and most passionate fundraising experts in the industry! Our experience planning with nonprofits across various industries allows for a phenomenal networking resource that extends into the cybersecurity realm. Turn to Convergent today to incorporate the enhancement of your nonprofit’s cybersecurity protection into your fundraising needs.

With a proven track record of success and expertise in nonprofit management, Convergent Nonprofit Solutions can help your organization achieve its goals, maintain privacy and trust, and make a lasting impact in your community.

About The Author

Jay Werth's Profile Photo

Jay Werth

Principal

Department: Team

I announced my presence in the nonprofit industry as an on-air radio talent and assistant manager of a sectarian college-owned radio station in the upper Midwest. The station’s cornerstone fundraising event was a three-day-on-air marathon broadcast.

My career in for-profit radio allowed me to continue my nonprofit involvement. I served on boards including a children’s hospital foundation, children’s home, and church. Radio stations I managed hosted the annual St. Jude’s Hospital on-air fundraising campaign and sponsored and promoted several galas and events for organizations.

Today, public media and faith-based ministries receive my financial support. Professionally, I enjoy ALL the projects I am privileged to participate in via Convergent. Funds raised strengthen communities, from municipalities to human services. My activity in the sector bolsters a belief that generosity is alive and well across our great land.


Jay demonstrates expertise in communications, campaign positioning, and execution. During his more than a decade of nonprofit fundraising, he has directed campaigns while on-site totaling more than $21 million in investor dollars. His campaign clients included economic development partnerships, Chambers of Commerce, and healthcare organizations.

One of Jay’s key strengths is his ability to develop trusted advisor relationships with the clients he oversees and the Convergent team. Jay uses his people skills and extensive mentoring background to provide guidance and developmental support to our project directors. His breadth of fundraising and capital campaign process, and his operation expertise from a robust media management career, provides immeasurable value to the Convergent team and clients.
 

Summary of Experience

  • Recently conducted campaigns for a new economic development organization (THRIVE) serving two rural Wisconsin counties, a healthcare organization and arts & culture nonprofit in Washington.
  • Directed facility capital campaigns in Van Wert, OH, and Evansville, WI.
  • Managed economic development campaigns in North Carolina, Tacoma (over goal) and the Northwest Florida Panhandle.
  • Directed Chamber of Commerce campaigns in Austin and Houston, TX, Greenville, SC, and Jackson, TN.
  • Former General Manager of nationally recognized and awarded radio stations with budgets ranging from $5 to $30 million.
  • Children’s Home (Sacramento) and Children’s Hospital (Tulsa) Board member.
  • Church Board Chair during successful capital campaign for a new facility.
  • Master’s in Management from New England College with a nonprofit organization emphasis.