Nonprofit Secure's Guide to Building Safety & Security Resilience

A Note Before You Start:
This guide is designed for nonprofits working in today's complex and politicized environment. At Nonprofit Secure, security means more than physical protection—it's about safeguarding your mission, your people, and your ability to keep operating in the face of threats or disruptions.

Our goal is to help you think strategically across key areas of risk, offering practical first steps, guiding questions for internal reflection, and connections to expert support when deeper help is needed. Whether you're just getting started or reassessing existing practices, this guide supports your journey toward stronger, more intentional safety and security.

We recommend that you go section-by-section to familiarize yourself with the scope of the program and to begin a conversation with your team and ours about how this program could be most beneficial to your organization.

How to Use this Guide: This guide is broken up into the seven distinct categories that this program covers:

  1. Digital Security: Defending Your Information, Money, & Accounts
  2. Legal & Compliance: Navigating Politicized Rules
  3. Legal Defense: Fighting Back Against Political Attacks
  4. Communications: Controlling Your Narrative Under Fire
  5. Physical Security: Keeping Your People & Places Safe
  6. Holistic Security: Building a Resilient & Unified Organization
  7. Psychological Safety: Caring for Organization Staff and Leadership

Each section has the following columns:

  • Common Requests: Concrete examples of the kinds of support nonprofits have requested to give you a sense of what others have found useful.
  • Questions to Ask Yourselves: Reflective prompts to help your team surface vulnerabilities, clarify priorities, and identify where more support may be needed.
  • Things You Can Do On Your Own: Practical actions your organization can take immediately to strengthen security and resilience without waiting for outside help.
  • How a Small Grant Can Help: Illustrative examples of projects that could be covered by Nonprofit Secure's Rapid Response Grants.
  • How a Consultant Can Help (~10 hours): A snapshot of the kinds of targeted, hands-on assistance a consultant can provide through this program.

Common Nonprofit Secure Requests

  • Password manager setup and training
  • Two-factor authentication implementation
  • Email security audit
  • Secure file storage solutions
  • Phishing awareness training

Questions to Ask Yourselves

  • Who has access to your most sensitive accounts?
  • When was the last time you changed critical passwords?
  • Do you have a process for offboarding staff access?
  • Are your financial accounts protected with MFA?
  • How do you share sensitive documents internally?
  • Enable two-factor authentication on all critical accounts
  • Use a password manager for your team
  • Review who has access to your financial accounts
  • Set up automatic software updates
  • Create a list of all accounts and who has access
  • Train staff on phishing recognition
  • Back up important data regularly
  • Use encrypted messaging for sensitive communications
  • Review privacy settings on social media
  • Create an incident response contact list

🔒 Your Privacy Is Protected All Nonprofit Secure consultants are bound by strict non-disclosure agreements. Anything you share—about yourself or your organization—remains completely confidential and will never be disclosed without your explicit written consent. Your request will not be shared with your funder. Only anonymized, aggregated data is used for reporting purposes.