hands typing on a laptop protected by Avast

Cybersecurity Basics Your Nonprofit Needs to Know

Protecting your organization against cyberthreats is no easy feat, especially for small organizations. It's easy to think that small nonprofits aren't at great risk, but as a BBC article from 2022 points out, smaller enterprises are increasingly in cybercriminals' sights.

So we'll be frank: Just because you're a nonprofit doesn't mean you are immune to cyberattack. And considering how many of us handle sensitive data on vulnerable populations, the stakes are even higher. We haven't even mentioned the risks that a cyberattack can pose to your staff and volunteers, your donors, and — critically — your reputation. What's a nonprofit to do? Here's a rundown of some basic security principles to keep in mind.

drawing of a woman sitting on a cloud using a computer surrounded by symbols of cybersecurity

Consider What's at Risk

Cybercriminals use a huge spectrum of tactics to try to steal your data or financial information. This ranges from malware and ransomware to compromised user accounts and phishing attacks. Some hackers target weaknesses in your security, while others target weaknesses in people who have access to your network. These vulnerabilities can include your work and personal networks and email accounts. Criminals can also target individual apps, devices, and data storage units.

They also prey on the curiosity or desires of people like you and me. The classic "you've inherited a fortune from a long-lost relative" scam is one well-known example, as is the fake email that purports to be from a major company asking you to log in to your account for some reason.

Now that millions of employees are permanently remote, home offices are also a target. To protect your organization from these attacks, you shouldn't only rely on a single form of traditional protection. Instead, security experts advise that you have a multilayered cybersecurity approach, which means that if an attack gets past one layer of protection, the other layers will be able to stop it.

Don't Skimp on the Antivirus Software

Traditionally, malware — which encompasses things like viruses, spyware, ransomware, and other bits of software designed to disrupt your work or steal information — was delivered en masse to a large group of people. 

These days, criminals use a much more targeted approach. They'll use phishing scams or other social engineering to trick you to give up some piece of information or download malicious software onto your devices. These attackers use information gleaned from publicly available sources, such as social media accounts, business directories, and personal websites to scam and coerce nonprofits. Unfortunately, one click is all it takes to give a hacker access to sensitive data, or even information on individuals within your organization.

There's plenty of antivirus software you can download for free. And while some of it is pretty solid, the cheapest option isn't always the best. So choose reliable antivirus software from a credible company that can proactively monitor security threats and alert you if your systems are compromised.

Antivirus testing firms like AV-Test and AV Comparatives perform regular testing on a wide range of security software, so they're a good place to start if you're unsure about a given antivirus product. TechSoup members can request Avast CloudCare Antivirus for their devices. (Disclosure: TechSoup works with Avast to offer its products to nonprofits and libraries. We'll talk more about Avast in a minute.)

Automate Software Updates

Many software companies release regular patches to fix security flaws. And depending on the nature of a software bug, one missed security update could be all that it takes to wreak major havoc on your organization. To prevent this, make sure you turn on automatic software updates for all your apps and devices.

But even the most attentive IT staff can miss patches. That's where software like Avast's CloudCare Patch Management tool can help. This tool allows you to roll out vital updates and roll back compromised versions as needed. You can also run regular reports to make sure that all personnel are playing their role in keeping the organization secure.

Pair Tech with Training

"Multiple layers are a vital part of a comprehensive security strategy," Avast sales engineer Paul Fenwick said in an online event that we held. "Putting all your eggs in one basket [opting into just one function of cybersecurity] just isn't going to cut it."

The same goes for ongoing staff education around cybersecurity. Even the best security solutions can be defeated by a cybercriminal who knows how to trick someone into giving them an important piece of data or downloading a piece of malware.

To use the metaphor of The Three Little Pigs, even with a house made of brick, it takes only one little pig to open the door and let the Big Bad Wolf in.

Here are some tips to help your staff, volunteers, and other stakeholders guard against attacks:

  • Use a secure password manager. Add multi-factor authentication (MFA) for an extra layer of security.
  • Host workshops on preventing phishing attacks and social engineering schemes.
  • Establish a clear acceptable use policy for safe Internet browsing habits. Consider using Avast's CloudCare Content Filtering to prevent your staff from accessing illegal or harmful websites during the workday.
  • Run regular reports and have procedures in place to ensure personnel compliance for vital network and device updates.

TechSoup also offers an online cybersecurity training series that can help you protect yourself and your organization against attack.

About Avast — A TechSoup Partner

TechSoup is proud to partner with Avast to equip nonprofits and libraries with the security solutions they need to protect their data, their employees and volunteers, and most importantly, those they serve. Over 740,000 businesses, organizations, and NGOs around the world turn to Avast to secure their work.

TechSoup member organizations can choose from Avast CloudCare Antivirus, CloudCare Content Filtering, and CloudCare Patch Management products. Together, these products guard against malware, filter out potentially dangerous online content, and help you keep your systems up to date.

You can manage them from a single online dashboard, and you can mix and match these products to suit your needs. Admin fees start at just $8 per device per year, and there are no restrictions on the number of licenses you can request.


Not Yet a TechSoup Member?

A world of nonprofit tech awaits! And since we're a nonprofit ourselves, we understand your needs better than anyone. Join for free today.

More Cybersecurity Tips from TechSoup

Top photo: Shutterstock