In These Times
Sharing topics and meaningful information to assist you in navigating the current climate
Top 10 Cybersecurity Actions Every Nonprofit Should Take
As part of our ongoing “In These Times” series, we share timely guidance to help nonprofits navigate today’s challenges with greater confidence and resilience. We know cybersecurity can feel overwhelming, especially with limited capacity, so we’re spotlighting practical steps that can make a real difference. These recommendations come from On Technology Partners, and we’re grateful for their expertise in helping organizations strengthen their digital defenses.
- Require Multi-Factor Authentication (MFA) Everywhere
MFA is the single most effective control against account takeover. Enable it on email, cloud apps, remote access, and administrative accounts especially for leadership and finance staff.
- Train Staff to Spot Phishing
Most breaches start with a human attack, not a hacker breaking in. Provide simple, recurring training on phishing emails, fake links, QR code scams, and urgent “CEO” requests.
- Protect Email First (It’s the #1 Attack Vector)
Use modern email security features: spam filtering, phishing detection, attachment scanning, and link protection. Email is where ransomware, fraud, and data theft usually begin.
- Back Up Critical Data — and Test Restores
Follow the 3-2-1 rule: 3 copies of data; 2 different storage types; and 1 copy offline or immutable Backups don’t matter unless you can restore them quickly after an attack.
- Keep Systems Patched and Updated
Unpatched systems are low-hanging fruit for attackers. Ensure operating systems, browsers, firewalls, and software automatically update—or are patched monthly at minimum.
- Use Strong Passwords (and a Password Manager)
Restrict password reuse. Encourage long passphrases and provide a password manager to reduce sticky notes or spreadsheets.
- Limit Access Using “Least Privilege”
Staff should only have access to what they need to do their job—nothing more. Especially restrict: financial systems; donor databases; HR and payroll; and administrative accounts. This dramatically limits damage if an account is compromised. If you use MS 365 do not have your executives account also have administrator rights.
- Secure Laptops and Mobile Devices
Encrypt devices, enable screen locks, and allow remote wipe for lost or stolen equipment. Many nonprofit data breaches happen because a laptop was lost, not hacked. Use encryption like Bitlocker for Windows and FileVault for Mac.
- Monitor for Suspicious Activity
You don’t need a 24/7 security operations center (SOC), but you do need visibility. Basic logging and alerting can identify: unusual logins; impossible travel; multiple failed login attempts; and malware detections. Early detection prevents small incidents from becoming disasters.
- Have an Incident Response Plan (Even a Simple One)
Know who to call, what to shut down, and how to communicate before an incident happens. A one-page plan is infinitely better than panic during a breach. Here is a sample plan.
On Technology Partners (OTP) is a woman-owned technology company based in Cleveland, OH, that was established in 1994 by Lucy and Ken Fanger. Ken is also an award-winning author of Relax: A Guide To True Cyber Security, a practical guide to building stronger, more human-centered cybersecurity practices. Lucy and Ken founded OTP on the belief that the needs and goals of clients should come first. Over the past 30 years, On Technology Partners has successfully provided IT and network support, cybersecurity, and consulting services for manufacturers, governments, nonprofits, utilities, pharmaceuticals, warehousing, and small businesses.
This content is the opinion of the author. GAR Foundation draws on a range of perspectives from our regional community to share insights on nonprofit capacity building. We understand that organizations are unique and require different strategies for success.
Resource Spotlights
Webinars & Workshops
Financial Oversight & Contingency Planning
Wednesday, March 11, 2026 - 8:30-10:00 am
Join BVU and Jen Kelsch of JSK Solutions for this session offering a practical, easy-to-understand look at financial oversight and contingency planning – without jargon or alarmism.
2026 Nonprofit Insights Conference
Thursday, March 12, 2026 - 8:30 am-3:15 pm
Join Akron Community Foundation for a day full of engaging workshops, interactive sessions, and insightful keynotes will help participants gain valuable skills, strategic insights, and practical tools to navigate the challenges of the nonprofit landscape.
Article
Practical cybersecurity tips for nonprofits
Find useful cybersecurity practices for nonprofits that can help prevent a data breach, hacked passwords, and other organizational harm caused by bad actors online.
Explore More
Share (or sign-up for) our newsletter!
Nonprofit leaders: we know your time is limited, and you may not always have a chance to dive into our newsletters. That’s why we’re asking for your help in expanding our reach within your organization. Please consider sharing this newsletter with your staff. They can also sign up to receive regular updates directly in their inbox by filling out this short form—it only takes a few seconds. Thank you!
Sign-Up Now
Browse our resources for nonprofits
We are dedicated to connecting grantees with relevant, affordable, diverse, and meaningful resources to help their organization's growth and development. Click on a link below to browse our list of trusted consultants, upcoming webinars/workshops, and helpful tools.
All resources shared are for informational purposes only. GAR Foundation bears no responsibility for the content found on external sites. Contact the external site for answers to questions regarding its content.