Cybersecurity strategies for nonprofit websites

Champion policies and security to protect your systems and data.
Jun 28, 2023
4 minute read
Security • Websites

Keeping a nonprofit organization's website secure is critical. Cyberattacks can cause significant damage to an organization. Cybersecurity threats include disruption to its operations, data breaches, financial loss, and damage to its reputation.

Despite these, organizations in the nonprofit sector tend not to be at the forefront of devoting significant effort or resources to cybersecurity.  According to NTEN’s Cybersecurity for Nonprofits report, 59% of respondents to an industry-wide survey of nonprofits did not provide training on cybersecurity for their staff. In addition, 70% of charities do not perform comprehensive vulnerability assessments to determine cybersecurity risks.   

Nonprofit web managers, working with an organization’s IT department, can play a significant role in promoting cybersecurity in their organizations. As stewards of the website and online properties, web managers are uniquely positioned to advocate and take a leading role in protecting their organizations from cyberattacks and mitigating cybersecurity risks.

Eight cybersecurity strategies

Following are eight cybersecurity measures nonprofit web managers can adopt to help protect their websites and stay ahead of new threats. The first set of strategies involves process and training that, when adopted, can go a long way to mitigate risks and vulnerabilities that come with human error and lack of cybersecurity knowledge. The second set of technical strategies can be implemented with the help of your organization’s IT department and involves patching up and closing vulnerabilities in your systems and infrastructure.


  1. Promote a strong password culture. Passwords should be complex and difficult to figure out. Many guidelines say they should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. In addition, using a password management tool can help to generate, store, and secure passwords.
  2. Train employees on cybersecurity. Educate staff about risks and vulnerabilities. Give people the ability to identify potential security threats when working online and with computer systems.
  3. Conduct regular security audits. Security audits identify and evaluate an organization's strengths and weaknesses to protect itself from cyberattacks. They identify gaps in an organization's defenses and ensure appropriate steps are taken to mitigate those risks.
  4. Limit user access. Grant users permission to read, write or execute only the files or resources necessary to do their jobs. This principle is also known as the access control principle or the principle of minimal privilege.


  1. Use SSL/TLS encryption to encrypt data transmitted between your website and your users' browsers. This prevents attackers from viewing or tampering with data exchanged between two nodes.
  2. Use a web application firewall (WAF) to filter and monitor HTTP traffic between a web application and the Internet. A WAF protects against cross-site forgery, cross-site scripting (XSS), file inclusion, and SQL injection attacks.
  3. Back up your website. Website data needs to be protected by backup software. Web managers need to be able to quickly restore your website in case something goes wrong.
  4. Keep software up-to-date. Software used on your website, including the content management system, modules, and plugins, should continually be updated with the latest security patches.

Investing in cybersecurity goes a long way

Investing in time, training, and resources and developing new cybersecurity processes and procedures can go a long way to protect nonprofit websites from most cyber-attack threats. Web managers are in a prime position to take a leading role in organizations to advocate for these measures to ensure their organization is protected and taking a proactive approach to cybersecurity.

As a final note, cybersecurity is an ongoing process rather than something you do once, and it is done. Organizations should regularly review and update security measures to avoid new threats.

Learn more

Download the 2023 Website Security for Nonprofits guide for help protecting your website from attacks.

Redante Asuncion-Reed

Redante Asuncion-Reed

Web and Digital Manager | Freelance Writer, The Education Trust

Nonprofit web/digital manager and freelance writer on the side.

Read the bio

Stay up to date

Keep up with what's happening in the nonprofit technology community.

Write for NTEN

We're always looking for articles from our members and the broader nonprofit tech community.

Learn more
nten logo
P.O. Box 86308
Portland, OR 97286-0308
+1 503-272-8800

© 2024 NTEN