Security strategies for Not-For-Profit organisations  

Cyber security such as data protection, requires clear methodology that are implemented and monitored. Monitoring requires special software, although human awareness is essential. There are many ways to combat the main security threats. There is the basic need to keep data from falling into the wrong hands, although a lot has changed since then. Every business has data under its hood that needs protecting, most of which are connected to the internet. Not-for-profit organisations often store personal data about users and donors- the responsibility that charities hold to keep this data protected is extremely confidential and can result in reputational damage.  

A weak password can be very attractive to cyber attackers and can be easily exploited- this can be obtained through data hacking, phishing, or social engineering. Phishing can be described as an email that passes through an organisations network. It is a common place for external cyber threats to illegally collect data or inject cyber-attacks. The most effective way to combat phishing is through ongoing training, so human awareness is a strong defence against these threats.  

Hackers have a list of commonly used passwords and can run through automated bots and use crack open accounts. Many people still believe ‘12345’ is an acceptable password and probably get hacked as a result. Other guessable passwords include names of children/partners/family members. Passwords need to be strong and unique – which can also be difficult for an organisation to keep track of from HR, marketing, finance systems, websites, and emails.  

User permission tools are easy to implement for the average charity but are becoming an essential requirement. Organisations are starting to embrace the security and authentication management to ensure that the correct users are accessing the right systems and data, and that they are easily able to do so. Tech experts have been acknowledging poorly constructed passwords for years as they are not all that secure or practical. Technology is allowing businesses to adopt more ways of handling data protection, but accountability over data assets is critical. To minimise data storage risks, charities need to record all data processing activity, implement data protection, and take more proactive measures.  

For some not-for-profits, outsourcing is the most effective solution as with data protection, ensuring that trustees are up to speed on the importance of cyber security can make combating it much easier.  

Ways in which a charity can implement data protection are the following:  

  • Two-Factor/Multi-Factor Authentication 

Multi-factor or two-factor authentication is now a popular process – although not completely infallible, having it set up on your accounts means there is an extra barrier there for potential hackers to get through. As well as a password, users are required to authenticate their identity using another device, usually in the form of a code that is texted to them or sent over an app.  

  • A Single Sign-On System 

Many Not-for-profits use a single sign-on system – they’ve been popular in the public sector allowing users to access all the apps and platforms they need inside a compromised environment, usually accessed by an internet browser. These systems enable people to use and remember only one login for all the apps they need, eliminating the use of multiple, weak or forgotten passwords. The big advantage of this is the convenience that comes with it. They are especially useful for organisations that offer flexible working, as all the apps that a user need can easily be accessed from anywhere.  

  • Mobile Device Management 

Mobile Device Management enables IT departments to manage, monitor and secure mobile devices, laptops and tablets. Unfortunately, as more and more organisations allow staff to use their own, personal devices for work, this can represent a security risk. The big advantage of this system is that it allows organisations to skip the cost of providing devices to staff, while retaining control of things from a security perspective.  

Not-for-profit organisations will notice a series of benefits when investing in security such as:  

  • Secure hybrid workforce  
  • Ability to build secure in-house processes 
  • Proactive approach to prevent security breaches  

If you enjoyed this story, or have an upcoming project in mind, please don’t hesitate to contact us via or 0300 303 2044. Alternatively, you can submit an enquiry here  Contact – risual or visit our website: Microsoft Not-for-Profit – risual 

About the author