As a nonprofit organization (NFP), you may be wondering why a cybercriminal would target you. It turns out, NFPs have a lot of sensitive data that cybercriminals seek, things like names, Social Security Numbers (SSN), bank account numbers and net worth.

Types of Cyberthreats


Ransomware involves placing a piece of malware on a computer remotely and then encrypting the files. The cybercriminal then asks for payment to “unlock” the documents. There is no guarantee that the hacker will be able or willing to decrypt the files after payment is made.

Wire Transfer and ACH Fraud

This involves emailing a finance employee and asking for a certain amount of money to be wired to a specific account. The attackers often pose as the CEO or CFO. Sometimes, it appears to come from an outside vendor like a bank. The money is then wired to a fraudulent account.

Lateral Movement

Computer and file segmentation is important because it can help prevent lateral movement. With lateral movement, hackers gain access to one computer and then move effortlessly through the system to access other accounts and files.

Phishing for Credentials

Hackers try to steal credentials in order to access the website or computer system, by setting up fake webpages. Then, they try to get users to login and disclose personal information, like usernames and passwords.

So how can you protect your nonprofit on a shoestring budget? 

Security Practices:

• Provide training.  Make sure everyone knows how to identify a scam.

• Monitor current events and be aware of new threats.

• Watch for malicious files and links. Warn your team!

• Create an environment of trust where your team feels comfortable raising a concern.

• Have a process in place. If an email seems suspicious, call the person directly or go meet with them directly. Remember that their email could be compromised.

• Do something immediately if there are concerns.

There are other things that can improve your nonprofit’s cybersecurity.

Keep these tips in mind:

 • Systems should be backed up at least nightly.

• Do a system restore regularly, at least quarterly.  In other words, make sure things still work after a backup is completed.

• Run anti-virus software on ALL devices and apply ALL patches quickly.

• Segment files.  This prevents hackers from gaining access to everything in the system should they access one set of files. 

• Consider Cyber Insurance.

• Implement a plan. Create an incident response plan so you know what to do and who to involve if there’s a breach. 

• Monitor logs.  IT can watch firewalls, anti-virus programs and other systems for anomalies.

For more information, complete the form below. Our team of nonprofit experts and certified fraud examiners are here to help you navigate these changing times.

*Information for this blog was taken from the Journal of Accountancy, “Why Cyberdefenses are Worth the Cost,” by Mark Shelhart, November 2018.

© 2024 CPA Site Solutions.

Disclaimer of Liability
Our firm provides the information in this article for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal or other competent advisors. Before making any decision or taking any action, you should consult a professional advisor who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this blog are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided “as is,” with no assurance or guarantee of completeness, accuracy or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability and fitness for a particular purpose.




Nonprofit Insights


Valuation Report