Giving Compass' Take:

• In this Philanthropy News Digest post, two tech officers from the sector detail ways organizations can guard against hackers and other cybersecurity risks without doling out too many dollars.

• The steps — such as updating software on a regular basis — are simple, but maintaining discipline and adapting to changes in technology will be the tricky parts.

Here's a look at the role philanthropic orgs play when it comes to growing cyber threats in general.


With more than a trillion dollars flowing last year from donors and government agencies to grantees in the United States alone, online thieves have discovered fertile hunting ground. In the three years since hackers stole usernames, passwords, IP addresses, and other account data from some 700,000 nonprofits that used the Urban Institute’s online tax filing system, cyberattacks have only gotten more clever, and the stakes higher.

To thwart hackers, organizations in the philanthropy space need to focus on both common security practices and their special vulnerabilities, from the bottom to the top of the organization.

Foundations and nonprofits have the same security concerns as any business, but they also have particular needs based on their mission-driven orientation compared to, say, a retailer or bank. "You often have part-time or volunteer employees, and they like to be helpful," says Mark Walker, knowledge management and technology officer at the Jessie Ball duPont Fund. "And many philanthropic workers wear multiple hats, which means the person responsible for watching over security may not have time to be as thorough as they'd like."

Philanthropy often involves large transfers of money between organizations or people who don't interact daily. That gives hackers an opportunity to trick inexperienced employees who are unfamiliar with how cyber-crooks operate. "They'll contact you with a sense of urgency to act," says John Mohr, chief information officer at the MacArthur Foundation. "If the president of your foundation asks you to wire money quickly, you might not stop to wonder if it's really her."

How can a company fight back if it can't afford full-time senior security expert? Walker and Mohr offer three steps every philanthropic organization should follow:

1. Train every team member.
2. Don't rely on passwords alone.
3. Keep your software legit.

Read the full article about increasing cybersecurity on a budget by Mitch Nauffts at PhilanTopic.