Cyber Security for Charities and Nonprofits

A rise in the number of cyber-attacks targeting not-for-profit organisations has increased the need for charities, foundations and trade organisations to prioritise cyber security and protect the personal information of supporters and donors.

Nearly two thirds of high-income charities recorded a cyber security incident in 2018.

Common security challenges in the nonprofit sector include

  • •   Protecting aging IT infrastructure against threats
  • •   Working with limited budgets and competing spending priorities
  • •   Protecting the personal information of donors and supporters
  • •   Keeping up with continuous workplace digitisation
  • •   Educating staff on cyber risks like phishing and ransomware
Key security questions for nonprofits
  • •   Is data protected against unauthorised processing?

  • •   How often are networks and websites tested for vulnerabilities?

  • •   Are security controls in place to prevent sophisticated threats?

  • •   Are systems able to identify threats that bypass the perimeter?

  • •   Are staff sufficiently trained about cyber security risks?

  • •   Is there a plan in place to detect, remediate and report breaches?

  • •   Is donation processing PCI DSS compliant?