Cybersecurity might sound like a luxury for large corporations, but for nonprofits, it’s essential. In this episode of The Route to Success, Ian Gottesman, Executive Director of NGISAC, explains how mission-driven organizations can safeguard their data and their impact—without breaking their budgets.
A lifelong public servant, Ian brings three decades of experience at the intersection of technology and civil society. His nonprofit, NGISAC, helps other nonprofits strengthen cybersecurity using a shared learning model that builds capacity, reduces risk, and fosters collaboration across the sector.
1. Treat Cybersecurity as a Core Operation
“Cybersecurity is just one more part of risk you need to manage and operations you need to function,” Ian says. For nonprofits, a breach can do more than compromise data—it can halt services, disrupt fundraising, and damage trust.
Tool:
Conduct a risk assessment at least once a year. Map your most critical systems—donor databases, payroll, and communications—and identify where data is stored, who can access it, and how it’s protected. Free templates are available from resources like TechSoup and the National Council of Nonprofits.
2. Focus on the Big Three: Updates, Training, and Access
According to Ian, 80% of cyber incidents can be prevented by mastering three fundamentals:
- Automate updates on all devices and software.
- Train your team to recognize phishing and social engineering.
- Manage identity and access with strong, unique passwords and multi-factor authentication.
Tip:
Make training simple and consistent. Use short, quarterly refreshers instead of annual workshops. Gamify learning—create friendly competitions to spot phishing attempts or reward staff who follow best practices.
3. Collaborate—Don’t Compete
Most nonprofits don’t compete for customers, which makes collaboration easier. NGISAC’s model leverages that spirit by connecting 400+ organizations to share real-time information about threats and solutions. When one group spots a phishing campaign or new malware, others learn from it immediately.
Tool:
Join or create a shared security group in your community. Partner with nearby nonprofits, libraries, or universities to share IT resources or pool funds for cybersecurity audits. Collaboration lowers costs and improves resilience.
4. Start Small, Build Momentum
Cybersecurity doesn’t have to be overwhelming. “It’s like health or fitness,” Ian explains. “You don’t get secure in one day—you get better step by step.”
Tip:
Choose one improvement each quarter—enable automatic updates this month, train staff next quarter, then add multi-factor authentication. Track progress and celebrate wins.
5. Invest in People, Not Just Technology
Nonprofits often assign “IT duties” to staff juggling HR, finance, and communications. Ian encourages leaders to support those employees rather than overwhelm them. “Technology is magic when it works,” he says, “but when it doesn’t, collaboration makes solving problems faster and less painful.”
Tool:
Identify a cybersecurity champion in your organization—a trusted staff or board member to coordinate with IT providers, stay updated on best practices, and communicate with leadership.
Final Thought
Cybersecurity isn’t about fear—it’s about freedom. It ensures nonprofits can focus on their missions without disruption. As Ian reminds us, “You can’t master every change around you, but small acts of kindness and connection can make a huge difference.”
Protecting data protects people—and when nonprofits thrive safely, communities thrive too.
Learn more about NGISAC or join their network at ngoisac.org.
Listen to the full episode here: YouTube: https://youtu.be/LK8TWmUn4Gc
Transistor (Spotify and Apple): https://share.transistor.fm/s/aab27b3c
Amazon: https://music.amazon.com/podcasts/0aa72207-dbab-4047-aa5e-fe7971145b86