Cybersecurity for Non-Profits: Staying Safe During the Holiday Season

Written By Madeline L
group of people arm in arm

The season of giving is here! And we hope you’re looking forward to a big boost in donations and support for your non profit as a result. We understand it’s been a tough couple of years for non-profits and we want to help the Holiday season go as smooth as possible for you.

The sad truth is that despite the festive cheer, feel-good films and Christmas carols, it’s also a time where we often see an increase in cyber threats, and non-profits can be attractive targets due to their valuable donor data and potentially limited security resources. Here's how to help keep your organisation safe during Christmas and New Year:

1. Be Wary of Seasonal Phishing Scams

Cybercriminals often exploit the holiday spirit with targeted phishing campaigns. Be extra cautious of:

  • Emails purporting to be from charitable organisations like yours seeking urgent donations

  • Copycats claiming to be your non-profit asking others for donations

  • Requests for personal information or financial details, even if they appear to come from known contacts

2. Secure Remote Access

With staff potentially working remotely during the holidays:

  • Ensure all remote connections are made through a secure VPN

  • Implement multi-factor authentication for all remote logins

  • Provide clear guidelines on secure remote working practices

3. Spend a Little Time Boosting Essential Security

Before the holiday rush and to set you up for next year:

  • Ensure all systems, software, and security tools are up-to-date

  • Run a comprehensive security scan on all devices

  • Refresh your passwords effectively if you think it might be time

4. Protect Donor Information

The holiday season often sees an increase in donations. Protect this sensitive data by:

  • Encrypting all donor information, both in transit and at rest

  • Regularly backing up donor databases to a secure location

  • Limiting access to donor information on a need-to-know basis, and correctly disposing of information of past donors you no longer need

5. Prepare for Increased Online Activity

If your non-profit runs online fundraising campaigns during the holidays:

  • Ensure your website can handle increased traffic without compromising security. Check who has the login credentials and make changes so that only those necessary can access it.

  • Ensure you have secure, reputable payment gateways ready for online donations

  • Monitor your website closely for any signs of suspicious activity

6. Have an Incident Response Plan

Despite best efforts, breaches can still occur. Be prepared by:

  • Developing a clear incident response plan. It can be basic for now, but a good outline for what to do should your website go down or you suffer a breach so you’re not caught on the back foot can massively reduce chaos should trouble occur

  • This might include ensuring key staff know their roles in case of a security breach, even during holiday hours

  • Having contact information readily available for IT support, legal counsel, and relevant authorities

7. Educate Your Team and Volunteers

Your people are your first line of defense:

  • Provide a refresher training on cybersecurity best practices before the holiday season

  • Create clear guidelines for handling sensitive information during busy periods

  • Encourage a culture of security awareness among all staff and volunteers

Remember, cybersecurity is an ongoing process. By implementing these measures, your non-profit can enjoy a safer, more secure holiday season, allowing you to focus on your mission and the communities you serve. Perhaps it can also be a priority for your non-profit’s goals next year?

Stay vigilant, stay secure, and have a wonderful holiday season!

DISCLAIMER: The information provided on this blog is for general informational purposes only. While we strive to keep the information up to date and accurate, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability of the information contained on this blog. Any reliance you place on such information is strictly at your own risk. We will not be liable for any losses or damages in connection with the use of our blog. This blog may contain links to external websites that are not provided or maintained by us. We do not guarantee the accuracy, relevance, timeliness, or completeness of any information on these external websites. We reserve the right to modify, update, or remove the contents of this blog at any time without notice.

Madeline L
Previous

Has My Phone Been Hacked? Signs, Symptoms, and What to Do
Next

Cybersecurity for Medical Practices: Protecting Patient Data