5 Tips for Protecting Your Nonprofit from Data Breaches and Fraud

By Jori Hamilton, Guest Author 

If you own or operate a nonprofit organization, then cybersecurity needs to be your top priority. While every business needs to keep the security of their clients in mind, yours is a special case as people tend to trust nonprofits because they are often working for the common good. However, no matter how much your organization wants to help, all of your efforts can slip away if you allow a data breach to occur.

As our technology continues to evolve, so do the tactics used by hackers to try and steal customer information and fraudsters who try to take advantage of a nonprofit’s 'goodness'. If your organization does not prioritize cybersecurity, then you need to make a change today. Let’s talk about a few great tips to protect your nonprofit.

1. Understand Why You Are At Risk

While you often hear about the data breaches at large corporations, the fact is that hackers and criminals often target small businesses and nonprofits, and the reason is that they know that these organizations either do not understand the threats or they do not have the tech and resources to protect their data. The issue is that nonprofits typically have shoestring budgets and employees who take on multiple tasks, so there is not enough emphasis on watching for fraudsters.

When you consider the fact that 43% of cyberattacks are on small businesses, you see how important it is to start battening down the hatches and informing your team of the threats. Employee training needs to be the first step. As soon as a new member joins your organization, provide a course on cyber security during their orientation and teach them about common threats and how to protect their systems. Have each employee sign off on a memo of understanding so they realize the importance of this education.

2. When Employee Turnover Is An Issue

Another reason why nonprofits are seen as an easy target for theft and fraud is that there is often high turnover and many employees coming and going. If that is the case with your organization, then you need to ensure that you put someone in charge of adding and removing their permissions. If you don’t lock an ex-employee out of the system, they can come back and get into the digital files later on and wreak havoc. Create a termination checklist of steps, including restricting unnecessary access to programs, social media, etc. Make sure to follow it with every employee who leaves or gets demoted.

3. Keep Your Eye On The Accounting

It is important that you keep your eye on all threats, both external and internal and doing so means that you also need to keep your accounting team in check. Over the years, accounting technology has also evolved, so there are more ways for malicious characters to take advantage. Some of the worst accounting scandals illustrate the many different types of threats.

For instance, the famous Enron scandal cost the company a lot of money and almost all of their clients because several internal employees were misrepresenting the company’s earnings and hiding financial losses to steal money. During another scandal in 2001, the company WorldCom began manipulating its income statements in an attempt to move money to private accounts.
The point is that you need to do your due diligence and research when you hire people to your accounting team to ensure that they have the skills and background to help increase your company’s success rather than hinder it.

4. Have A Shredding Policy

While employee training and finding the right people are essential, you also need to put proper security processes in place to protect your data whenever possible. Start with a comprehensive shredding policy. If paperwork has any identifying information about your clients or your company accounts, then it must be properly filed or shredded when it is no longer needed. 

Any documents that are only meant for one-time use should be immediately shredded after they lose their purpose. Some organizations, including those in the healthcare industry, may need to keep documents for a certain amount of time, but once that date passes, shred them. Shred bins should be locked at all times and accessible only by management. It is also important that you line up a shredding company to pick up what you have and make sure it is properly disposed of every week.

5. Be Smart About Passwords

Even though you may trust your staff, it is still essential that you equip every program with a strong password so only authorized personnel have access. Passwords should be complex and include a combination of letters, numbers, and special characters, and they should be updated every few months. On top of passwords, add a form of two-factor authentication, a second form of security that makes it harder for hackers to access files and accounts. The best forms of secondary protection will be a biometric scan of an eye or fingerprint because they are very difficult to duplicate.


As you can see, protecting your nonprofit from fraud and data breaches needs to be your top priority. Consider the tips discussed here and always be on the lookout for new threats, and your organization will continue to do good work and be loved by the public.

{link_name} handles all validations and customer service for TechSoup Canada customers. Visit {link_name}arrow