Big Security on a Non-Profit Budget
Non-profits are increasingly targeted by cybercriminals due to the sensitive nature of donor and beneficiary data. However, robust cybersecurity doesn't require an enterprise budget. You can drastically reduce your risk profile by focusing on fundamentals.
The 30-Day Checklist
- Week 1: Enforce MFA Everywhere. Mandate Multi-Factor Authentication for Microsoft 365, Google Workspace, your CRM, and your accounting software. No exceptions.
- Week 2: Clean Up Admin Access. Audit your systems. Only 2-3 people should have Global Administrator privileges. Daily work should be done on standard user accounts.
- Week 3: Offboarding Protocol. Create a strict checklist ensuring that when a volunteer or staff member leaves, their accounts are instantly locked and their access to shared drives is revoked.
- Week 4: Automated Backups. Do not rely on Microsoft or Google to perfectly secure your data globally. Implement a specialized cloud-to-cloud backup tool to archive your emails and OneDrive files nightly.
Implementing just these four steps eliminates over 80% of common cyber threat attack vectors targeting NGOs.