By Ric Opal

“With COVID-19, we have gone through two years’ worth of digital transformation in two months.” — Satya Nadella, CEO of Microsoft

At the height of COVID-19, nonprofit organizations were forced to postpone or cancel events, transition their staff to work remotely, limit programs, and contend with deferred planned investments. And, according to BDO’s 2020 Nonprofit Standards Benchmarking Survey, 46% of organizations experienced technology limitations that restricted their ability to respond to the crisis. However, there are lessons learned even in the most turbulent storms. Looking ahead, 64% of respondents are planning to invest in new technologies, which will help transform where and how nonprofits work.

COVID-19 has also proven that for many organizations, working remotely has not impacted their ability to deliver on their mission, as many nonprofits have already gone completely remote, and many organizations are planning to operate remotely on a permanent basis. But this trend is making organizations more vulnerable to rising threats. COVID-19 has introduced a slew of bad actors and cyberthreats, leading to an increase in attacks using fake emails and websites, a rise of ransomware attacks worldwide, and an increased number of business financial e-mail compromises. Therefore, all nonprofits should be asking themselves if they know what to do in the event of a cyberattack, how to do it, and who forms the team for a speedy solution.

As cyberattacks increase, many organizations expect their spending to increase in select priority areas, including identity and access management, endpoint security, web and email security, and data security. Those that can adapt securely will be well-positioned for long-term success.

It’s vital that while nonprofits pursue their investments in technology and digitized operations, they also prioritize risk management and are prepared ahead of a cyber breach, which is more a matter of “when” than “if.” Potential impacts to organizations include compromised personally identifiable information (PII), compromised donor and sponsor data and/or trust, regulatory obligations to report and disclose the data breach, and direct monetary losses if financial account information is disclosed.

COVID-19 has damaged many nonprofits’ fundraising abilities, and cyberattacks could make that damage even worse. To protect their organizations, nonprofits should invest in de-risking their data and programs. Some strategies include establishing a rapid cyber-attack incident response plan, conducting continuous monitoring for suspicious activity and breach attempts, and ensuring information system resilience that can counteract bad actors.

While digital adoption may be a new venture for some nonprofit organizations and the risks may seem tall, organizations should know that taking these preventative measures and investing in the proper cyber protection software will better position them to catch a breach attempt before it happens and protect their programs and mission critical work from continued disruption and to address any issues quickly if they do occur.


This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” Blog (March 11, 2021). Copyright © 2021 BDO USA, LLP. All rights reserved. www.bdo.com