Cyber security for not for profit organisations
Not For Profit organisations (NFPs) are not immune to cybercrime. Hackers are becoming more sophisticated and targeting a broader range of victims. In this article we examine how they operate and steps your organisation can take to protect itself.
The financial and operational toll of cybercrime is punishing. According to recent reports, cybercrime costs Australian entities millions annually as hackers grow more sophisticated and target a broader range of victims, including organisations like yours. For NFPs, a cyber breach can be particularly damaging—financially and in terms of trust and reputation within the community. Beyond monetary losses, organisations can suffer setbacks in service delivery, administrative delays, and even long-lasting operational and reputational issues.
As specialists in accounting for the not-for-profit sector, we understand the importance of proactive financial security and robust cybersecurity protocols. Protecting your NFP’s data and financial assets against cyber threats is paramount to sustaining your mission and safeguarding your stakeholders.
Understanding the hacker’s mindset
Understanding how cybercriminals operate is useful, as many attacks on NFPs are not random. Cybercriminals often target organisations with perceived vulnerabilities, knowing that many NFPs focus more on their mission than cybersecurity infrastructure. Hackers can be highly skilled, motivated, and organised, and their tactics can range from direct financial theft to data breaches intended to disrupt or manipulate organisational activities.
Hackers come in various types. Some are “script kiddies,” generally younger individuals using readily available tools to break into systems for the thrill rather than financial gain. Others are advanced hackers, often part of organised cybercrime groups, who systematically exploit vulnerabilities to steal sensitive data and funds. These groups may even target specific sectors, including NFPs, for potential data access and disruption.
Common tactics used against Not-for-Profits
Cybercriminals often exploit weaknesses in outdated systems, unsecured devices, and insufficient policies. Not-for-profits are particularly vulnerable to tactics like phishing, malware attacks, and social engineering. Phishing emails that appear legitimate—often mimicking banks, service providers, or donors—may encourage staff to “verify” organisational information. It is highly recommended to train your team to identify and verify suspicious communications. .
Hackers can install malicious software to monitor keystrokes and capture passwords and sensitive data. This often occurs through unreliable downloads or unprotected browsing. Using licensed antivirus software and restricting downloads to approved sources are important security measures.
Some hackers may hijack a person’s mobile number to intercept two-factor authentication (2FA) codes, giving them access to critical accounts and gather information from publicly accessible profiles known as social engineering or social media exploitation.
Establishing cybersecurity policies and procedures
To protect against these attacks, every NFP should have a cybersecurity policy in place outlining procedures to prevent and respond to breaches. This policy should include data protection protocols, regular system updates, and access controls. By implementing a clear, formalised plan, your organisation can reduce risks and respond quickly in case of a cyber incident.
- Ensure the policy covers data handling, device security, and access controls. The policy should outline who is responsible for data security and how incidents will be handled.
- Restrict access to sensitive data based on role-specific requirements. Only authorised personnel should have access to financial and donor information.
- Regular training is essential for building cyber awareness. Conduct workshops or seminars to educate staff about recognising phishing emails, secure password practices, and the importance of data protection.
- Establish a reliable data backup system and a recovery plan. In the event of a cyber attack, having secure backups can ensure that your organisation can continue operations with minimal disruption.
- Work with an IT specialist or cybersecurity consultant to conduct routine security checks, ensuring systems and protocols meet current standards.
Key cybersecurity practices for your organisation
Passwords are the first line of defence. Use complex passwords that combine letters, numbers, and symbols. Avoid easily guessed terms, such as birthdays or organisation names. Encourage staff to use unique passwords across platforms and change them regularly.
Two-factor authentication requires a secondary verification step, providing an added layer of security. Implement 2FA on all critical systems to help prevent unauthorised access.
Employ antivirus software across all devices to monitor and prevent suspicious activities. Ensure the firewall is active to create a barrier between your network and potential threats.
Public Wi-Fi networks are vulnerable to attacks. Discourage staff from accessing organisational accounts on unsecured networks and, where possible, use a virtual private network (VPN).
Review login history and account activity regularly to identify unfamiliar devices or logins. Suspicious activity can be an early sign of a breach.
Moving forward with cybersecurity confidence
By taking these proactive steps, not-for-profit organisations can create a more secure digital environment, ultimately strengthening their ability to serve their mission without interruption. With the increasing sophistication of cyber threats, establishing comprehensive cybersecurity policies is no longer optional. It is a critical aspect of risk management that every NFP should prioritise.
We are here to support your organisation’s security and financial integrity. As specialists in not-for-profit accounting, we can help ensure that your cybersecurity framework aligns with both your financial protocols and the trust you’ve built within the community.
Accounting For Good is your financial compliance specialist
At Accounting For Good, we can assist with cybersecurity policy development, financial risk management, and strategic planning to keep your organisation safe in the digital age.
Contact us for a free consultation if your organisation needs expert financial guidance. Let us handle your accounting needs so you can focus on what matters most—serving your community and driving positive change.