By Ryan Polk, a Policy Advisor at the Internet Society, where he is primarily focused on issues related to Internet trust.


Odds are your nonprofit has amassed valuable data as a result of regular day-to-day activities like processing online donations; managing virtual staff or volunteers; or capturing details of those who subscribe to your nonprofit’s newsletter.

This type of data is both an asset and a risk for nonprofits. It seems cyberattacks, ransomware and hackers make the headlines on a regular basis. As nonprofit professionals, we understand the importance of protecting our organizational data and the privacy of those in our community. But what are we doing to prepare, and what is stopping us from a higher level of protection?

In its recent survey on the State of Nonprofit Cybersecurity, NTEN found that nearly 70% of nonprofits do not have policies and procedures in place in case of a cyberattack. 60% of the nonprofits surveyed do not provide cybersecurity training on a regular basis to staff. These findings reinforce that we have a lot of work to do as a sector in this area. However, there are actions your nonprofit can take now to help protect its data.

In support of Data Privacy Day on January 28th, the Internet Society shares 5 ways to protect your nonprofit’s data:

  1. Train your employees to update their devices and applications. If a device or app has an auto-update feature, turn it on! Are you really going to want to take the time to update it later? Often this is as easy as a couple clicks. And don’t forget to update the less obvious devices. Anything that’s Internet connected, from your light bulbs to your thermostat, should be updated.
  2. Have your team review the permissions on their mobile devices. No flashlight app ever needs to track your location or your calendar. So, don’t let them! It takes less than five minutes to review permissions settings and turn off the permissions for apps to gather additional data.
  3. Boost the privacy protections on browsers. There are lots of great browser extensions or plug-ins that can increase your privacy when browsing the web. One browser plugin, HTTPS Everywhere, will ensure that if a website offers an encrypted SSL connection, it will use it. Others, like Ghostery and Privacy Badger, will block tracking cookies or web beacons that companies use to track your browsing habits. Getting privacy protecting browser plugins is a quick and easy way to better privacy.
  4. Stop reusing passwords. It is tempting to reuse a password for multiple devices or services. But, while reusing a password may be easier to remember, if hacked or stolen, it also makes it easier for criminals to gain access to other devices or services.  A secure password manager, such as LastPass or 1Password, is the best solution to this challenge. However, very few nonprofits are actually using a secure password manager. According to NTEN’s State of Cybersecurity Report,  only one third of nonprofit respondents use a secure password manager.
  5. Make data security a priority for everyone in your nonprofit, from staff to volunteers.  Develop policies and deploy trainings to educate your team about best practices to minimize data-related risks. Your staff should also have a clear understanding of what actions to take in the event your nonprofit’s data is compromised.

By taking these simple steps, together we can improve data privacy and security for the nonprofit sector.


Founded by Internet pioneers, the Internet Society (ISOC) is a non-profit organization dedicated to ensuring the open development, evolution and use of the Internet. Working through a global community of chapters and members, the Internet Society collaborates with a broad range of groups to promote the technologies that keep the Internet safe and secure, and advocates for policies that enable universal access. The Internet Society is also the organizational home of the Internet Engineering Task Force (IETF).