Article written by:
Janice Guo, CPA
Assurance Senior


When talking about cybersecurity and data breaches, people typically think of government, financial and retail entities. Yet, nonprofits are not exempt from cybersecurity concerns and the risks of data breaches are not the focus for many organizations. Similar to those businesses that are under the cybersecurity spotlight, nonprofit organizations handle sensitive information, not limited to donor information and client records, every day. Additionally, with the development of technology, an increasing number of organizations have the ability to accept online donations through credit card transactions.

What can nonprofits do to protect themselves?

  • Risk assessment: Nonprofits should understand what and how their sensitive data is stored and concentrate limited resources on areas that pose the most risk.
  • Set up a data security program: This encompasses, but not is not limited to, informing and training employees and volunteers, having procedures or policies over risky areas, securing the network and having a response plan.
  • Invest in reputable partners: This includes credit card payment processor and nonprofit CRMs, etc. Having dependable partners is a huge step in securing data and efficient processes for years to come.
  • Engage technical help: Consider working with a qualified third party, which can help you identify risk as well as set up a data security program.
  • Last but not least, make it a priority. Nonprofits must recognize that they are more vulnerable to cybercrime than they think. And the organization runs the risk that its oversight could cause a breach of trust with the organization’s supporters, which is essential to all nonprofits.

Please talk to your GBQ representative if you have concerns about the security of a not for profit you are associated with.


« Back