7 Things Nonprofits Can Do to Minimize Ransomware and Cyberattacks

Almost half of all ransomware and cyberattacks target non-profit organizations. While that number should concern you, there are some things you can do to minimize your risks and protect your organization from falling victim. Here is what you need to know.
Posted: 3 years ago

Organizations, both big and small, are no stranger to the risks of ransomware and cyberattacks. These attacks have forced many organizations to pay up or lose valuable data. With a few precautions, non-profit organizations can better protect their valuable data from what is being now called “ransomware.”

7 Things Nonprofits Can Do to Minimize Ransomware and Cyberattack Risks

What is Ransomware?

Ransomware is a type of malware that infects computers, websites, and networks. By restricting access to your data until you pay up, ransomware can impact a non-profit organization. The most well-known ransomware, WannaCry, was designed to encrypt the victim’s files and demand ransom payments in return for decrypting those files. Non-profits are especially vulnerable because they often have outdated software or don’t have backups of their information.

Below we will discuss seven ways non-profits can minimize the risks of a cyber attack by implementing some cybersecurity best practices.

#1: Install and Update Antivirus Software

Installing trustworthy antivirus software is an essential first step to protecting your organization from ransomware or other types of malware. Antivirus programs must be kept up-to-date to be effective against the latest threats, so make sure you’re running the most recent version with all available updates installed.

#2: Back Up All Critical Data Offline

A backup of all of your organization’s data is one of the most important things you can do to ensure its safety. Suppose ransomware does manage to infect part or all of your computer system. In that case, not having a backup means that this event could have catastrophic consequences for your non-profit, and it would be difficult – if not impossible – to recover what was lost.

#3: Educate Employees About Cybersecurity

Educating your employees about cybersecurity is critical to preventing an attack on your organization. Educating employees about the latest threats, ransomware variants, and other malware will help them know what they need to watch out for to keep their data safe. In addition, educating employees may also be a way of identifying malicious activity before it has had the opportunity to cause damage or infect files.

Training for your staff on cybersecurity, ransomware, and best practices to protect their computers is also important. Regular training should be provided so that everyone in the organization knows what they need to do if a cyber attack takes place.

#4: Connect With Your IT team

Communication with your IT Team will be critical as you prepare for a cyberattack. They will be able to help evaluate your cybersecurity needs and devise the best strategies in preparation for an attack – both now and in the future.

Helpful Tip:

Place firewalls around your website or network perimeter for protection against malware trying to gain access through unprotected ports. If you have high-risk systems like an online donation system then put in place extra security measures such as two-factor authentication and use antivirus software on all computers where customer information is stored.

#5: Talk With Your Hosting Provider About Your Website Security

Most non-profit’s go with affordable hosting without thinking about a ransomware situation. An affordable web host can introduce the following consequences during cyberattacks without proper measures in place:

  • Unavailability of your website or data for a long period of time.
  • Loss of credibility in the eyes of donors and other stakeholders in regards to the organization’s reputation.
  • A disconnect with your members, donors, and those interested in participating in your organization’s mission.

Non-profits need to take steps in preparation for ransomware attacks that can affect websites and critical communications channels within their organizations.

Helpful Tips:

  1. Ensure your hosting provider offers mitigation strategies against ransomware (e.g., backup, offsite storage) and cybersecurity protections such as firewalls, spam filters, intrusion detection systems, etc.).
  2. Your plan should also include how you will keep backups safe and where they are stored – both on-site with your IT team AND remotely, so that even if an attack takes down your physical location, there are still backups available.
  3. Finally, make sure you have an incident response plan in place – one where all of these tasks are coordinated, and your team knows where to start when they are attacked.

#6: Change Your Passwords Frequently and Make Them Hard to Guess

If you’re not sure where your passwords are stored, there is a good chance that they will be saved in the same place as your other valuable information like tax returns. If someone hacks into those files, then the ransomware can circulate across all of your computers or systems. Changing your passwords frequently is key to minimizing these kinds of risks.

7 Things Nonprofits Can Do to Minimize Ransomware and Cyberattack Risks

#7: Develop a Cybersecurity Plan for Your Non-Profit

Protection from ransomware (and other forms of malware) is crucial to ensuring that you can continue operations when an attack strikes, which may be damaging to both your reputation and finances if it’s not dealt with swiftly. Having a cybersecurity plan can help you avoid other risks like phishing scams or ransomware.

A cybersecurity plan should include the following:

  • A disaster recovery plan that includes backup files, data storage, and the ability to restore systems from those backups if an attack occurs.
  • Technical safeguards such as firewalls or antivirus software for your network and computers.
  • A handy organization chart with designated roles so the right people know what they’re supposed to do if an attack occurs.

These steps will lessen the risk of being hit by ransomware more than having no security at all—but you still need awareness too. Awareness is key. Keep an eye out for phishing scams that are a common way ransomware finds its victims and be alert to signs of ransomware or other cyberattacks on your organization’s website and social media channels. Ransomware will show its face in a multitude of ways, and training employees to recognize it will help keep your organization safer.


Cyberattacks are a real threat for all organizations, but it’s important to take proactive steps now to be ready. If you don’t have cybersecurity measures in place already or if these strategies sound like they need more refinement, the time is right to start taking action and get your organization on track with this fast-evolving field of security.

It can’t be stressed enough how important it is that all non-profit organizations protect themselves from ransomware attacks. Without the right tools in place to protect your data from attack, you could lose all of your information—including donor records or sensitive members’ data. This can be catastrophic not just for your association but also for those that support you.

Share this content on your social media!