──────────────────

1. Low Budgets=Weak Defenses
2. No IT Staff
3. You Handle Valuable Data
4. Backups May Be Incomplete or Outdated
5. No Cybersecurity Training
6. No Plans for When Things Go Wrong

──────────────────

If you run a nonprofit in Utah, chances are you’ve asked yourself this question. You might assume cybercriminals are only after big companies with deep pockets. But the reality is, small organizations like yours are often the easiest targets.

In fact, over 60% of nonprofits have experienced a cyberattack in the last two years. Many never saw it coming. Even more didn’t have a plan to recover.

So yes, your nonprofit is at risk. And if your cybersecurity strategy is little more than “hope for the best,” it's time for a wake-up call.

Why Cybercriminals Are Targeting Nonprofits

Hackers go after nonprofits because they know you’re stretched thin. Here’s what they’re counting on:

Low Budgets = Weak Defenses

70% of nonprofits don’t have a formal cybersecurity policy in place.

No IT Staff

Tech duties often fall to well-meaning staff or volunteers with limited experience.

You Handle Valuable Data

Names, emails, donor payment info, and even healthcare records are all attractive to cybercriminals.

Backups May Be Incomplete or Outdated

Many nonprofits assume their data is backed up, but few test if it's recoverable.

No Cybersecurity Training

Employees and volunteers are easy phishing targets without basic awareness.

No Plan for When Things Go Wrong

Most small teams don’t have a clear response strategy if an attack happens.

The Real Cost of an Attack

A cyberattack doesn’t just impact your systems. It affects your mission.

• You could lose thousands in donations or grants.

• Your reputation may suffer if donor data is exposed.

• You could face compliance violations (HIPAA, IRS, or grant-related).

• And your team could lose weeks recovering instead of serving the community.

Even a small incident can snowball into lost trust and lost funding.

What You Can Do Right Now

Here are 5 steps you can take today to reduce your risk, without needing an in-house IT team:

1. Get a Network Assessment

Know where your risks are before cybercriminals find them. A professional assessment checks for outdated systems, misconfigurations, and gaps in your security setup. It gives you a clear report and action plan—no tech jargon, just what matters most to your nonprofit.

2. Back Up Your Data the Right Way

Follow the 3-2-1 rule: keep 3 copies of your data, in 2 different places, with 1 copy stored offsite or in the cloud. Backups should be automatic and tested regularly to make sure they work. If your system goes down, you’ll know your most important files are safe and recoverable.

3. Train Your Team on Cyber Basics

Many attacks start with one bad click. Quick, simple training can help your staff and volunteers spot phishing emails, fake links, and risky behavior online. A 30-minute session can prevent a $10,000 mistake.

4. Use Multi-Factor Authentication (MFA)

MFA adds an extra layer of protection by requiring more than just a password to log in. It’s one of the easiest and most effective ways to block unauthorized access to your accounts, especially for email, donor systems, and cloud files.

5. Build a Simple Cyber Response Plan

If you were hacked today, would your team know what to do? A basic response plan outlines who to contact, what systems to shut down, and how to notify partners or donors. It doesn’t need to be long, just clear and ready when you need it.

Take Action Before an Attack Happens

To start, it helps to know what’s going on inside your network.

That’s why we offer a free network assessment to Utah nonprofits. It’s a no-cost way to:

• Spot hidden vulnerabilities

• Review your backup systems

• Check if donor data is being properly protected

• Get a simple, clear report

➡ Schedule your free network assessment today
Let’s make sure your organization is protected before something goes wrong.