Professional Documents
Culture Documents
for Nonprofit
Organizations
How to create, manage, and share
passwords easily and securely
Table of contents
1
Threats and vulnerabilities
By helping those at risk and improving their quality of life, nonprofit
organizations and NGOs are doing important work to enrich
2
Productivity challenges
communities worldwide. Whether you’re promoting animal welfare,
delivering emergency services, or supporting the arts, you rely on
3
Real-world examples
members, donors, and volunteers. These supporters—as well as your
beneficiaries—expect you to keep their private information safe.
4
Checklist: common accounts
6 Next steps
One of the most common ways for cyberattackers to get a foothold
into your organization is through compromised employee accounts.
A password manager is a simple and inexpensive tool that greatly
reduces your risk of a breach.
These digital tools bring new cybersecurity risks as employees and volunteers
access sensitive data from a growing number of accounts, apps, and devices.
But for many nonprofits, allocating time and funds to cybersecurity is a
challenge when they’re focused on mission-driven objectives.
said nonprofits were the most susceptible to ransomware among their customer base.
Out of 17 sectors total, the nonprofit sector was in the 8th spot based on the impact of
ransomware.1
engineering and phishing to steal credentials, deploy malware, and gain initial entry into
an organization. Across all sectors, social engineering remains the top culprit behind
data breaches for businesses of all sizes, and phishing is the top type of action involved.
nonprofit organizations increased 113% over 2019.3 These compromised usernames and
passwords typically become available on the dark web, leading to further cyberattacks.
The number of cybersecurity incidents among nonprofit organizations has been on the rise,
nearly tripling between 2018 and 2020. The biggest threats have come from sophisticated email
attacks and targeted password attacks.1
Threat actors are most commonly motivated by financial gains as nonprofit organizations have
valuable data about their donors and other stakeholders. Logins are also one of the most
55%
sought-after types of data, and 61% of data breaches across all sectors involve compromised
credentials.2
Consequences from a data breach can be dire and include not only financial losses but also loss
of reputation and support. Take the 2020 large-scale ransomware attack on cloud software
provider Blackbaud as an example. The attack exposed sensitive data for Blackbaud’s customers
—primarily nonprofits—affecting more than 500 organizations and 13 million consumers.3 While
the organizations themselves weren’t responsible for the data breach, many reported millions of
dollars in costs as a result, as well as loss of donors.4
As you adopt new technologies, your employees, volunteers, and board members are interacting
Only 55% of surveyed nonprofit
with stakeholder data through an even larger number of touchpoints and applications. This gives
organizations report having a
cybercriminals additional opportunities to compromise your logins and corporate accounts.
Identity Theft Resource Center, “Blackbaud Data Breach Leaves Lasting Impact on U.S. and International Nonprofits,” Source: NTEN, “State of Nonprofit Cybersecurity,”
August 202 November 2018
VTDigger, “Breach at huge donor database firm hits home for Vermont nonprofits,” July 2020
2 | Productivity challenges
at least monthly
Your paid and volunteer teams wear many hats. Tools that add to their workload hinder
their productivity. This is where a password manager comes in—saving everyone both
Source: Dashlane, “The Future of Security in the Hybrid
time and frustration.
Workforce,” 2021
3 | Real-world examples
Compromised credentials are commonly involved at different stages of attacks that target the nonprofit sector. For
example, cybercriminals may start a campaign with phishing emails to steal passwords for initial entry or compromise
credentials at a later stage of the attack to escalate privileges. Compromised logins are also often the first step in a
ransomware attack.
Often, bad actors don’t have to go to great lengths to gain entry. They can easily obtain passwords that were leaked
in an unrelated attack and then attempt to use them on other systems. It’s not surprising that this tactic works,
considering that 63% of employees say they have recycled passwords on work accounts and devices.1
Consider the following three examples and what it would mean for your organization to experience something similar.
Philabundance Community Kitchen suffered a similar incident People Inc., a New York human-services agency, suffered a
in July 2020. Cyberattackers used phishing to hack into the data breach that exposed sensitive personal, financial, and
Philadelphia-based hunger-relief organization’s email, blocked medical information for about 1,000 clients in 2019. Hackers
legitimate emails from being received, and spoofed employees’ compromised one or more employee accounts containing
emails. They then requested that a nearly $1 million the data. A media report suggested that the first account
construction bill payment be wired to their fraudulent account. may have been hacked through a brute-force attack that
The nonprofit later had to dip into its reserves to pay the used a weak password. The report made the conclusion
builder’s invoice.1
The more accounts, the higher your security risk if you’re not using
failure to change passwords regularly, and the lack of 2FA are among the
Asan Instagra
BoardSourc Salesforc
Boardabl Shopif
DonorPerfec Slac
EventBrit TechSou
Faceboo Twitte
Funrais VolunteerMatc
G Suit Zoom
Idealist
Is this password
Is this login How is it
Account Owner? Is 2FA set up? used for other
shared? shared?
accounts?
workflows.
Sharing Center Emergency
Decline Accept
Building access codes
Dashlane makes password management easy by: ann.thompson@funraise.org
Filling in all your passwords across the web, on any devic Decline Accept
Saving logins as employees browse the interne Groups
Autofilling usernames, passwords, and 2FA codes on every accoun Nurses
Enabling secure sharing of passwords and 2FA codes (e.g., for shared 4 items shared
Individuals
manisha.hukku@funraise.org
2 items shared
eric.zhang@funraise.org
And you can rest assured your data is always secure. We use the strongest 3 items shared
Complicated rollout and onboarding processes can hinder The Group Sharing feature allows Dashlane users to easily
adoption of tools like password managers. Dashlane supports and efficiently share passwords and Secure Notes, making
single sign-on (SSO) so admins can simplify onboarding—and onboarding simple and secure. Admins can create groups
we offer video tutorials, guides, and templates to help you based on departments or company needs in the Admin
Now that you’ve got the basics down, let’s talk about what’s
next and some of Dashlane’s more advanced features.
Dashlane monitors the dark web for Every user gets a Password Health Score Safeguarding sensitive data is not
compromised credentials. When that shows a breakdown of weak, reused, simply about the tools and processes
Dashlane finds an employee’s username or compromised passwords. In the Admin you use—it starts with your employees,
and password on the dark web, those Console, you’ll be able to access your volunteers, and board members.
credentials are immediately flagged in reporting dashboard. The dashboard’s Dashlane enables admins to make all
the app. The app prompts the employee centralized view gives you unprecedented these stakeholders part of the security
to change the password—and provides visibility into your company’s password conversation and educate them about
a password generator for creating a security and the ability to track their active role in protecting your
strong, random password. Employees improvements over time. There, you’ll organization—and its reputation.
6 | Next steps
The nonprofit chose Dashlane because it simplified secure password management for both
staff and admins and offered additional security features. Thanks to Dashlane, VillageReach
has discovered and eliminated hundreds of reused passwords across the organization, along
with unauthorized users—improving password health by 122%.
Ben Leibert
Follow us on: