The Cybersecurity Skills Your Nonprofit Needs
Estimated Reading Time: 3 minutes
By Rachel Sams
Lead Consultant and Editor
Resource Type: Risk eNews
Topic: Data Privacy, Tech Risk, Cybersecurity
Let’s face it: Few of us leap for joy when we see that one of our software programs has released a new update. That can mean 10 minutes or more of waiting to download it and often additional time to navigate changes in the user interface or functionality.
It’s no wonder many nonprofit employees snooze those messages repeatedly. I certainly have.
But those updates are often software makers’ effort to patch vulnerabilities that could leave you and your organization open to hackers. When I learned how important software updates were for cybersecurity, I changed my approach. Each time I get an update notification, I set a calendar reminder to download the update on my next lunch break. I don’t have to waste time waiting, and I return from lunch to a safer, more secure machine.
If only all aspects of cybersecurity were so simple.
When the NRMC team talks with nonprofit executives and board members these days, cybersecurity is almost always top of mind.
We understand why. The average cost of a data breach has reached more than $4 million, according to IBM. And nonprofits that experience a breach face lots of stressors and ripple effects beyond the costs, like potential damage to their reputation.
We advise nonprofit leaders that while hackers are persistent and no measures are foolproof, spending time to strengthen your organization’s cyberdefenses is always worthwhile. And investing in cybersecurity can benefit your nonprofit in other ways—like improving employee morale and client trust.
That doesn’t have to mean spending millions of dollars on systems, although you should invest in protecting systems where you can. Other things we often recommend to clients, like cyberbreach tabletop exercises, require some staff time and effort but often no additional cost.
NRMC’s in-person 2025 Risk Summit will offer an array of sessions to help your team master the basics and level up on your cybersecurity and adjacent topics. Here’s a preview.
On Monday, October 27, Gerry Zack, CEO of Risk Trek LLC and former CEO of the Society for Corporate Compliance and Ethics, will lead a session on Privacy Considerations in Fraud Risk Management. In this interdisciplinary session, attendees will learn how many of the techniques used to manage fraud risk and investigate fraud raise serious data privacy considerations, both legal and ethical. This scenario-based session will help attendees learn to balance personal and information privacy while managing fraud risk.
Later on Monday, Austin Colehamer of Tech Impact will lead When Structures Collapse: Three Cybersecurity Scenarios. Participants will work hands-on in groups to address cybersecurity situations any nonprofit might face. They’ll walk away with tactics to help shore up potential failure points for nonprofit cybersecurity programs.
On Tuesday morning, October 28, I’ll lead Stable Yet Flexible: Build the Artificial Intelligence Policy Your Nonprofit Needs. Many organizations are eager to start using AI to automate tasks and allow team members to spend more time on high-impact work that requires a human touch. But AI presents cybersecurity risks to nonprofit teams and constituents, along with safety and ethical risks. This hands-on session will give you tools to build a flexible AI policy that supports your nonprofit’s cybersecurity.
Also on Tuesday, the Democracy Security Project will lead Cantilevering Your Approach to Cybersecurity: Practical Evolution to Better Cyber Practices. The session will empower participants with practical and pragmatic solutions to a broad range of ever-evolving cyber vulnerabilities and threats.
Many of a nonprofit’s most difficult choices in this area happen when cybersecurity measures conflict with another important organizational goal, like making the employee or client experience a smooth one. This year’s Risk Summit will give participants tools to navigate those decisions and craft smart cybersecurity approaches that honor their nonprofits’ mission and ways of working. Register today.
Rachel Sams is Lead Consultant and Editor at the Nonprofit Risk Management Center. She believes time upgrading digital security is time well spent. Reach her with thoughts and questions about cybersecurity risk at rachel@nonprofitrisk.org or (505) 456-4045.
“One thing I love about the Risk Summit is the opportunity to connect and learn from other risk managers, nonprofit professionals, and NRMC staff. I have attended the Risk Summit multiple years and always look forward to connecting with returning attendees and meeting new people. The Risk Summit brings together a diverse and engaged set of professionals who are ready to learn, share, and connect.”
— Heather Chadwick
“I love the Risk Summit because:
- I always learn new approaches to my issues.
- I learn I am not alone in my issues.
- I always learn something.
- I leave with a notebook full of ideas.
- I always make new professional acquaintances.
- I leave feeling it was the most useful conference I’ve been to in quite a while.
- I am in awe how such a topic as risk management can be artfully delivered.”
— Paul Doman
“One thing I love about the Risk Summit is the ability to see and feel the passion of nonprofit leaders as they learn and share together.”
— Michael Schraer
“One thing I love about the Risk Summit is connecting and learning from / with really great people.”
— Lisa Prinz
“First let me congratulate you on a conference well done. I had a great time at the Nonprofit Employee Benefits Conference and walked away with some valuable tools and questions that we’ll need to be addressing in both the short and long term. Thanks to you and your staff for all you do to provide us with quality resources in support of our missions.”
— Scott Brown, Mohonk Preserve
“BBYO’s engagement of NRMC to conduct a risk assessment was one of the most valuable processes undertaken over the past five years. Numerous programmatic and procedural changes were recommended and have since been implemented. Additionally, dozens (literally) of insurance coverage gaps were identified that would never have been without the work of NRMC. This assessment led to a broker bidding process that resulted in BBYO’s selection of a new broker that we have been extremely satisfied with. I unconditionally recommend the Center for their consultative services.
— Sidney Abrams, BBYO
“Melanie Herman has provided expert, insightful, timely and well resourced information to our Executive Team and Board of Directors. Our corporation recently experienced massive growth through merger and the Board has been working to better integrate their expanded set of roles and responsibilities. Melanie presented at our Annual Board of Director’s Retreat and captured the interest of our Board members. As a result of her excellent presentation the Board has engaged in focused review which is having immediate effects on governance.”
— Pamela Mattel, Basics Promesa Systems Inc
“The Nonprofit Risk Management Center has been an outstanding partner for us. They are attentive to our needs, and work hard to successfully meet our requests for information. Being an Affiliate member gave us access to so many time- and money-saving resources that it easily paid for itself! Nonprofit Risk Management Center is truly a valued partner of The Community Foundation of Elkhart County and we are continuously able to optimize staff time with the support given by their team.”
— Jodi Spataro, Community Foundation of Elkhart County
“The board and staff of the Prince George’s Child Resource Center are extremely pleased with the results of the risk assessment conducted by the Nonprofit Risk Management Center. A thorough scan revealed that while we are a well run organization, we had risks that we never imagined. We are grateful to know that we have now minimized our organizational risks and we recommend the Center to other nonprofits.”
— Marti Worshtil, Prince George’s Child Resource Center
Great American Insurance Group’s Specialty Human Services is committed to protecting those who improve your communities. The NRMC team has committed to delivering dynamic risk management solutions tailored to nonprofit organizations. These organizations have many and varied risk issues, hence the need for specialized coverage and expert knowledge for their protection. We’ve had Melanie speak on several occasions to employees and our agents. She is always on point and delivers such great value. Thank you for the terrific partnership and allowing our nonprofits to focus on their mission!