< Back to Thought Leadership

4 Cybersecurity Tips For Not-for-profits On A Budget

by Ashley Jones, CPA, Manager

Following the headlines from any news source these days, it seems that cyber security is just about always trending. While this is not a new topic, with attacks becoming more common, cyber security is something every organization should be seriously addressing.

Not-for-profits need to be prepared as much as any type of business organization. However, we know that budget constraints can make staying protected especially challenging for the not-for-profit world.

Some cost effective solutions for not-for-profits include the following:

Enforce strong passwords for all people accessing systems.

This costs nothing other than some cultural change management. A six-character password that is all lower case letters can be cracked in about two minutes. A 10-character password with upper and lower case, and alpha/numeric characters, would take months to crack.

Get religious about patching your software.

When updates are sent from the vendor, apply them. A majority of these patches are addressing identified security vulnerabilities from the vendor. Don’t let these patches back up.

Train, train, train.

That is, train your employees in the do’s and do not’s of good information handling practices. Do not open emails from suspicious addresses, and especially, never click on suspicious links or attachments. Do not give your password to ANYONE, EVER!

Expand the team.

If possible, add a board member who has strong information technology and cyber security skills who can work with your management team in his/her board capacity to ensure you are doing everything reasonable to protect your information. Use them as a free consultant.

The AICPA has recently released the cybersecurity risk management reporting framework to assist organizations as they communicate relevant and useful information about the effectiveness of their cybersecurity risk management programs.

As a business’s most trusted advisor, the CPA is now getting involved to help clients stay protected and can help by examining and reporting on an organization’s cybersecurity.

Blue & Co. has recently made some big moves to be a resource for our clients in this area. If you have concerns about your entity’s risks and current security situation, please contact your engagement partner or Blue & Co.’s Cybersecurity and Data Management Practice Leader, Tom Skoog at tskoog@blueandco.com.


Read More Thought Leadership Articles Like what you read? Subscribe to our newsletter. Click Here.


shamrocks not-for-profit tips

3 Lucky Tips for Not-For-Profits to Avoid Bank Fraud

Trusted Insights from The National Bank of Indianapolis Nonprofit Services Team Not-for-profit organizations are increasingly falling victim to fraud, with a rising number of incidents and an ever-growing amount of money being lost. Fraudsters find it easy to target not-for-profits, as their publicly available 990s provide valuable information. Protecting your organization from such fraudulent activities […]

Learn More

Capital Efficiency Concepts: How to Evaluate Capital Purchases

Rising interest rates and historic inflation are impacting hospital purchasing decisions. Using capital efficiency concepts in making hospital purchasing plans is as important as ever. What is Capital Efficiency? Capital efficiency refers to how effectively a hospital deploys its resources to generate returns. In the context of fixed assets and software purchases, capital efficiency involves […]

Learn More
someone writing kentucky house bill 360 with a pen

Kentucky House Bill 360 – Pass-Through Entity Tax Proposal

By Amy Sandlin, CPA, Tax Senior Manager at Blue & Co. A pass-through entity tax proposal is currently making its way through the Kentucky General Assembly as part of a larger tax omnibus bill (Kentucky House Bill 360). The pass-through entity (PTE) tax provisions in the bill are intended to be retroactive to January 1, […]

Learn More