Seven Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls

IT security has become more of a concern to organizations big and small. Major security breaches or hacks are frequently reported in the media, and for every reported hack, dozens more are unreported. Small and medium-sized nonprofits are not immune to potential security breaches. Many nonprofit leaders consider the work they do of little or no value to hackers, since they’re not a bank or major retailer. Hackers prey on this naïve perception.

If you’re storing and working with data regarding members, donors, volunteers, clients or patrons, or credit cards, you could be at risk. Any breach could have severe ramifications, including loss of trust among your community or possible financial penalties.

Bad IT habits and practices make smaller nonprofits prime targets for hackers. Management, IT controls, and procedures introduce security risks to the organization. Hackers know that most small and medium-sized nonprofits don’t have the financial capacity or technical resources to implement security controls rivaling those of large organizations. Still, there are some basic sound IT practices and controls that can be put in place to provide a comfortable measure of control.

We’ll walk through the seven commonly-found bad habits and consider the potential IT security risk within each practice. We’ll also discuss effective IT policies, procedures, and tools to minimize security risks and transform bad habits into good ones.

This session is appropriate for any small or medium-sized nonprofit staff member responsible for making technology decisions, as well as nonprofit leaders influencing IT operations.


Leon Wilson

Chief Technology and Information Officer

The Cleveland Foundation
Leon Wilson serves as the Chief Technology & information Officer for the Cleveland Foundation, focusing on strategic initiatives that will help position the foundation as a leader in the use of technology in all areas of its work. In addition, Leon is responsible for helping to develop and implement an external Cleveland Foundation IT strategy that will focus on elevating Cleveland to become a recognized leader in technology, particularly in the areas of cyber security, big data, and civic tech. Leon brings more than 20 years of senior level technology experience to the foundation and our community.

Dan Rivas

Managing Writer

Dan is a versatile writer and editor who specializes in translating complex information into compelling stories. Prior to Idealware, he was a copywriter and editor at a marketing agency that serves large technology and financial services companies. He also has experience as a freelance writer and journalist, a census enumerator, a bookseller, and a college instructor. He is a graduate of Willamette University and the University of Michigan, where he studied anthropology and creative writing.

Return to Agenda