Close Search

Cybersecurity is paramount for not for profits – we need to act now

23 August 2021 at 6:14 pm
The good news is, there are practical actions that every organisation can take to improve cybersecurity protections, writes Infoxchange Group CEO David Spriggs.

Contributor | 23 August 2021 at 6:14 pm


Cybersecurity is paramount for not for profits – we need to act now
23 August 2021 at 6:14 pm

The good news is, there are practical actions that every organisation can take to improve cybersecurity protections, writes Infoxchange Group CEO David Spriggs.

Not for profits are increasingly vulnerable to the impacts of cybersecurity incidents. This is in no small part because staff who are passionate about working with people in need are not usually skilled at spotting a phishing email or understanding how to implement multi-factor authentication. But not for profits can no longer afford to ignore cybersecurity practices. Directing resources to improve cybersecurity is now critical. 

The way we live, work and conduct business has changed radically over the last 18 months. As the use of technology has grown, so too has the importance of protecting sensitive information. Improving cybersecurity protections is achievable through practical actions that every organisation can take. 

The Digital Transformation Hub is here to assist with cyber guidance specifically designed with not for profits in mind.

Read more: Does your charity need a tech makeover? A new hub is here to help

Within the community sector, cybersecurity incidents are unfortunately becoming more common. These incidents can result in the unauthorised disclosure of personal information or require organisations to resort to manual processes after losing access to their IT systems. 

Earlier this year, the Office of the Australian Information Commissioner (OAIC) noted that data breaches attributable to human error increased 18 per cent in the July-December 2020 reporting period. This highlights the need for organisations to have communication and training plans on secure information-handling practices for their staff. Information is an asset, and organisations must understand what they store and how it must be protected. Data protection laws across Australia make it clear that organisations have a duty of care towards the protection of personal information to prevent the risk of serious harm to individuals. 

Addressing cyber risks ought to be as high a priority for a not for profit as addressing financial or health and safety risks. The results of the 2020 Digital Technology in the Not-For-Profit sector survey conducted by the Infoxchange Group indicate that just under half of the organisations surveyed did not have ways of actively monitoring cyber risks, and early results from the 2021 survey indicate cybersecurity is still a significant challenge. These results highlight the need for greater effort in this space to protect the personal and health information of people who are often already vulnerable.

Leaders must be aware of the need for cybersecurity governance and the role they can play to facilitate and direct the important conversations on specific protection requirements. While the impacts of cyber incidents can have significant consequences for an organisation, ranging from loss of productivity to reputational damage, the steps to improve cybersecurity and cyber risk management are not difficult and need not cost the earth. Not for profits handle sensitive information that requires a level of rigour in its handling and protection, but not all information within an organisation requires the same level of protection.

If you’re not sure where to start, take the Cybersecurity Capability Quiz. It provides a snapshot of your organisation’s current cybersecurity posture and guides you on where to focus your efforts and resources. We know that not for profits are often challenged by cybersecurity, so we’ve developed cybersecurity guides on the hub to make it easy for every not for profit to protect its information. 

There are several critical initial steps:

  1. Implement multi-factor authentication for key IT systems.
  2. Classify information and make risk-based decisions on protecting sensitive information.
  3. Provide staff with cybersecurity awareness training. We run staff cybersecurity training every month, so a good starting point is our cybersecurity training webinar.
  4. Develop your skills with the help of our free webinars and expert advisory sessions through the Digital Transformation Hub. Cyber foundations for staff responsible for IT webinars run every two months. Or you can book a session with one of our cybersecurity experts to get advice tailored to your organisation’s specific needs.

There are also 10 cybersecurity guides available on the Hub to assist with your cyber resilience needs, covering topics from a DIY end-user cybersecurity policy to achieving advanced cybersecurity.

The bottom line is that improving cybersecurity protection is achievable and help is available. If you have not started the journey, now is the time. It takes much more effort to resolve a security incident than it does to prevent one.


This article is part of a monthly column with Infoxchange exploring the importance of digital technology.

Get more stories like this


Your email address will not be published. Required fields are marked *


Improving your social impact reporting

Kevin Robbie

Monday, 29th May 2023 at 5:36 pm

Salary Survey reveals pay rises across the board

Danielle Kutchel

Monday, 29th May 2023 at 5:00 pm

Think Strategy: Think Impact

Kevin Robbie

Thursday, 20th April 2023 at 11:00 am

Helping the small guys have a big impact

Danielle Kutchel

Wednesday, 29th March 2023 at 4:40 pm

pba inverse logo
Subscribe Twitter Facebook