Digital Security Risks for Nonprofits In South Africa

Digital Security Risks for Nonprofits

Most NPOs have access to sensitive personal information that belongs to members of their communities which they serve, and that of their clients or customers, such as email addresses; phone numbers; names and possibly ID numbers. How well do NPOs handle confidential information to ensure that it is not tampered with or stolen by hackers?

Below are some of the things NPOs need to be aware of when it comes to handling sensitive data.

The use of public Wifi

Taking into account the high cost of data in our country, a small organisation with limited funds may choose to use public Wifi to save on operational costs. This might seem like a good idea especially when we are thinking about saving money. However, the use of public Wifi might be detrimental and poses serious security risks. Hackers can potentially hack into your device(s) while using public Wifi and access information that has been given to you based on trust.

What can you do to avoid this?

Avoid using public/unsecured Wifi when dealing with confidential information, be it the organisation’s data or that of your own such as banking information. If this is not possible, then it is best that you install a virtual private network (VPN) on your device(s). VPNs form a protective layer between your device and the website that you browse through. Note, that not all VPNs offer the same amount of security level and that is why it is important that you choose one that adheres with your organisation’s data security regulations.

Sharing of private information

Sharing private data through email, messaging apps (e.g. WhatsApp), or comparative methods is never recommended.

Email is a famously unreliable way for communication. Email accounts are regularly the target of phishing attacks (phishing attacks is a cyber-attack that attempts to take your account information by deceiving you to enter your account information on a fake login page.)

Furthermore, regardless of whether it is through email or messaging applications, it is very easy to inadvertently leak information by sending it to an individual who was not supposed to see that particular information!

What can you do to avoid this?

Using cloud-based data storage tools such as Box, Microsoft Teams, Google Drive is probably the best way you can share data with the right individuals or for storage purposes. Cloud storage services encrypt information that is uploaded to prevent the unfortunate events of having the information stolen or tempered with.

Beefing up your security when it comes to sensitive information is never a bad idea, therefore make sure you apply restricting measures to sensitive information and it is also advisable that you revisit your permission settings often to make updates where necessary.


People are always looking at how they can make a quick buck and will use a tactic that gets you interested. Ransomware is a type of a malicious software that blocks access to your computer until a sum of money is paid to the cyber-attacker. Ransomware has the ability of encrypting data, denying you access to it. Some forms of ransomware are known to threaten people of publicly releasing their sensitive information if they do not pay some money.

What can you do to avoid this?

Always make sure that your antivirus software is up-to-date and that your data is back-up somewhere where you will be able to access it should your computer be attacked.

Malware and Software Ricks

To many this may seem like a no-brainer however data security risks including malware still pose a great threat to any organisation’s information.

What can you do to avoid this?

Make sure that you have up to date antivirus software is installed on all your devices. Update your apps, operating system and all your software that you install on your computers regularly.

Lastly, never download and install software from untrusted sources. Pay special attention on email attachments and links that require to click on.

Leave a Reply

Your email address will not be published. Required fields are marked *