Be honest—do you share one login for your entire organization? Is your password some variation of your organization’s name and a number? Maybe you’ve even thrown in an exclamation point for extra security. If any of this sounds familiar, please stop.
Your organization’s digital security is not a “we’ll deal with it later” problem—it’s a right now problem. And before you assume no one cares enough to hack a small nonprofit or business, let me stop you: that’s a lie.
And if we go beyond hackers, lack of protection is a security issue too. Important information is often being kept in places where it shouldn’t be—Google Docs with open permissions, personal email accounts, random Slack messages, and even sticky notes on desks. If you don’t have a clear system for where things are stored and who has access, you’re already at risk.
Two-Factor Authentication: Not Optional
You know what’s worse than getting locked out of an account? Someone else getting into your account.
If you haven’t set up two-factor authentication (2FA) for your key accounts, do that immediately. Not tomorrow. Not next week. Right now. 2FA adds an extra layer of protection, making it significantly harder for bad actors to waltz in and take over your accounts.
Bonus points if you’re using Google Authenticator or a similar app instead of just relying on text message codes (which can be intercepted, by the way).
Security Is More Than Just Hackers
Many nonprofits and small businesses don’t take security seriously because they assume they’re not important enough to be targeted. False.
The internet is basically the Wild West, and cybercriminals are out here looking for easy wins. But even if you never get hacked, bad security practices within your own team can cause just as many problems:
- Sensitive information floating around in random documents with no control over who can access them.
- Using personal accounts for business work, which means when that person leaves, so does your data.
- No clear ownership of key accounts, so no one really knows who has access to what.
- Password sharing across multiple accounts, meaning if one login is compromised, everything else is too.
If you live on Google (Docs, Drive, Gmail—the works), and you haven’t set up these three things, fix that immediately:
- Two-factor authentication (we just covered this—go do it).
- Strong, Unique Passwords (No more OrgName2024!, I beg you—also, see next point).
- Clear Storage & Access Policies (Know where your critical files live and who can touch them).
Use a Password Manager (Seriously, Just Do It)
I get it—coming up with strong, unique passwords for every account is exhausting. This is why password managers exist.
A good password manager will generate, store, and autofill strong passwords for you, meaning you don’t have to rely on your brain (or a random spreadsheet) to keep track. I personally love LastPass, but there are plenty of other great options out there—1Password, Bitwarden, Dashlane, take your pick.
If you’re still manually storing passwords in a Google Doc or (please, no) a sticky note on your desk, it’s time to upgrade.
Talk to Your Team (Seriously, Have the Conversation)
Your security isn’t just about you. If your team is out here clicking on sketchy links, storing important files in personal accounts, or using “password” as their password, you’re one bad decision away from a security nightmare.
Ask yourself:
- How does your team approach security?
- Do you have a plan for compromised accounts?
- Does everyone know where critical files should (and shouldn’t) be stored?
- Are there access controls in place to prevent people from walking away with important information?
If not, it’s time for a conversation.
Free Security Checklist: Because Protecting Your Data Shouldn’t Be Overwhelming
Not sure where to start? I’ve put together a free security checklist to help you assess your organization’s vulnerabilities and start fixing them.
✔ Identify weak spots in your security practices.
✔ Implement small but critical changes to protect your data.
✔ Get your team on board with better security habits—without the tech headache.
📥 [Download the Security Checklist Now] and start safeguarding your organization today.And seriously—if you’ve made it this far and still haven’t set up two-factor authentication, now is the time. Go do it. Right now. I’ll wait.
Digital Security Checklist
Comprehensive Digital Security Assessment
Want to learn more?
Schedule time with us
