Contact Us
 
Contact Us

Insights

< Back to Thought Leadership

Cyber Security for Not-For-Profits

September 12, 2016

Data breaches can occur in any organization, and not-for-profits (NFPs) are not immune. Oftentimes NFPs can be at risk because their systems are not up-to-date or are simplistic in nature. It’s very important for NFPs, especially those that collect donor or member information (including names, addresses, email addresses, and credit card information), to address cyber security frequently and holistically. Data breaches don’t have to just mean cyber attacks, either. They can be caused by human error, like employee misplacement of equipment; i.e. laptops, smartphones or flash drives. Most cyber attacks can be prevented through a more vigilant approach to cyber security. There are several components to consider when assessing your organization’s overall security.

There are four cyber security principles to consider:

  • Confidentiality – ensuring information is protected from unauthorized access.
  • Availability – ensuring information and systems are reliable and available for end users.
  • Integrity – ensuring information is protected from unauthorized changes.
  • Security – ensuring that information is confidential, available, and held in integrity through the use of appropriate controls.

There are several controls or tools to consider to improve your organization’s cyber security.

  • Access controls – do you have strong passwords? Are they changed often? Passwords should be user specific and never shared.
  • Encryption – messages can be encrypted for secure delivery; this feature is becoming more cost effective, especially for smaller organizations as security needs increase.
  • Backups – off-site backups are a key component of security.
  • Firewalls – create a barrier between your secure systems and the rest of the internet.
  • Anti-virus and anti-malware software – invest in good software, which includes regularly installing updates from the vendors.

Have a plan for your organization that considers the factors above. Some additional components to consider when developing your organization’s plan include considering:

  • What’s important? Determine critical assets and what the threats could be.
  • How to be proactive? Include controls to prevent problems, not just to detect them.
  • Are we changing as often as necessary? Look at cyber security on an annual basis at a minimum and adjust accordingly.
  • Do we have the right people? Sometimes it’s necessary to outsource security needs to an information technology (IT) firm. There are firms that specialize in NFP security available.
  • Is open dialogue encouraged? All employees of an organization should be involved in assessing risk on a day-to-day basis. Encourage open dialogue if circumstances appear risky or out of the ordinary.
  • Is proper training in place? Educating employees about all aspects of the security plan, as well as current security threats, is key to preventing data breaches.

For more information, please visit the American Institute of CPAs Cybersecurity Resource Center.

If you would like to discuss your organization’s particular cyber security needs, please contact Tom Skoog, head of our IT Advisory Services, at tskoog@blueandco.com.

Share this article

Recent Articles View All Thought Leadership

midwest industrial outdoor storage

Where Opportunity Is Hiding in Midwest Industrial Real Estate

June 12, 2026

By Peter Hillenbrand, Senior Consultant at Blue & Co. Across the Midwest, Industrial Outdoor Storage (IOS) properties are rewriting the rules of commercial real estate. Vacancy rates are averaging near […]

Learn More

Illinois Now Accepting Applications for $28.2 Million in Rural Hospital Transformation Grant Funding

June 05, 2026

The application window for the Rural Health Transformation Program (RHTP) Hospital Transformation Planning Grants opened on May 19, 2026. Illinois’ 97 eligible rural hospitals have until Wednesday, June 17, 2026, […]

Learn More
sell-side transaction advisor

Selling Your Business: Why the Right Sell-Side Advisor Matters

June 01, 2026

By Jonah Gjertson, Senior Consultant at Blue & Co. When considering the sale of your business, regardless of career stage or circumstance, engaging an experienced sell-side transaction advisor can help […]

Learn More
Subscribe to our newsletters.

Facebook

Construction is becoming more connected and more exposed.As firms adopt cloud platforms, mobile devices, and digital workflows, cybersecurity is no longer just an IT issue. It’s an operational risk that can directly impact timelines, budgets, and client trust.This piece breaks down practical, real-world strategies construction firms can implement today, from email security to zero-trust networks and device management.Watch the full video and read the article here: hubs.la/Q04hpJCR0 ... See MoreSee Less
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Blue & Co. ranked #16 in the Large Business category for the Indiana Chamber of Commerce’s 2026 Best Places to Work awards. Out of more than 150 organizations that participated statewide, Blue was recognized among the top 24 large employers in Indiana.Because the rankings are based on workplace practices and employee feedback, this recognition means even more. Thank you to our incredible team for continuing to build a culture centered on collaboration, growth, and support.Visit our careers page to learn more about opportunities at Blue: hubs.la/Q04hsSyb0 ... See MoreSee Less
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Quick Links

AICPA SOC Award Banner for Service Organizations | Blue Button
Blue & Co. Logo

Copyright © 2026, Blue & Co., LLC.
All Rights Reserved.

See All Locations

Share this article
Share this article