By
Regine Benchetrit
Protect Your Mission, Donor Data & Operations — Fast
Nonprofits are increasingly targeted by cyber threats, especially those without dedicated IT teams. Protecting your data, donors, and operations doesn’t require a huge budget or tech expertise — it just takes a clear plan and practical actions.
This Cybersecurity Quick Wins Checklist will help you cover the essentials in the next 30 days. These are simple, effective steps your team can implement quickly to significantly reduce risk.
Quick Wins Checklist
Account Security
- Use strong, unique passwords for every account: Avoid reusing the same password. Make them long and unpredictable.
- Install a password manager: Free tools like Bitwarden to securely store passwords and generate strong ones for you.
- Turn on Multi-Factor Authentication (MFA): Add an extra layer of protection by requiring a code from your phone to log in to email, CRM, donation platforms, and cloud tools.
- Remove inactive or outdated user accounts: Former staff or volunteers with leftover access are a risk. Clean up accounts in your systems regularly.
- Manage administrator accounts and credentials properly. It is never best practice to use your everyday account with administrator privileges.
Data Protection
- Identify where sensitive data is stored: Know where your donor, financial, and client records live — on laptops, in cloud folders, or email.
- Use encrypted, secure cloud storage: Tools like Google Drive or OneDrive (with encryption enabled) are safer than desktop folders.
- Back up important data to a secure location: Backups should be stored offsite or in a cloud solution — ideally with automatic daily backups.
- Limit data access based on job need: Only allow staff and volunteers to access the data they absolutely need to do their jobs.
Email & Communication Safety
- Train your team to spot phishing attempts: Look for misspelled email addresses, suspicious links, or urgent requests for sensitive info.
- Set up email filters: Block known spam and phishing emails by configuring spam filters in your email system.
- Avoid sending sensitive info over unsecured email: Use encrypted services or secure file sharing tools for sharing donor data or financial info.
Device & Software Updates
- Turn on automatic updates: Ensure computers, phones, and apps always have the latest security patches.
- Keep browsers and plugins updated: Outdated browsers or plugins (like Adobe or Java) are easy entry points for hackers.
- Install antivirus or endpoint protection: Free or low-cost options like Avast or Malwarebytes can detect and block threats.
Response & Recovery
- Create a simple Cyber Incident Response Plan: List clear steps: who to notify, what systems to shut down, and where to get help.
- Post emergency contacts and instructions: Keep this info in a shared drive and printed on your office wall.
- Test your data backups: Regularly attempt to restore a file to confirm your backup works.
Organization-Wide Actions
- Host a quick team cybersecurity briefing: Discuss these best practices, answer questions, and assign responsibilities.
- Share this checklist with board members and volunteers: Cybersecurity is everyone’s responsibility, not just staff.
- Schedule quarterly check-ins: Review progress, refresh training, and re-run this checklist.
30-Day Goals
✔️ Complete at least 10 items on this checklist
✔️ Share this checklist with your team and leadership
✔️ Schedule a cybersecurity refresh in 3 months
Why This Matters
A single cyber incident can shut down your donation systems, expose donor data, and harm your reputation. Taking these quick, low-cost actions now protects your mission and keeps you in control.
If you have any questions, please reach out to Regine Benchetrit.
