Cybersecurity Services for Non Profits


Since 2015 I have provided cybersecurity services for nonprofits in Mendocino County. I help train organizations in basic cybersecurity techniques and best practices to keep them and their employees safe. My goal is to simultaneously protect the organization against cyber threats (ransomware, data breaches, fraud) while at the same time helping senior leadership manage the organization’s legal liability in case a catastrophic event does take place. Below is a list of services that I can provide your organization.

Services Offered

Password Management Setup and Training

Implementing a password management solution is the cornerstone for organizational cybersecurity. Password management software (such as LastPass Teams or Dashlane for Business) allows an organization to not only secure all its online accounts to the maximum extent possible, it also gives a tremendous amount of control over access (granting / denying employees the ability to access account) and accountability (audit logs that show exactly who is accessing what, when).

Ongoing Cybersecurity and LastPass Training (Group)

The threats facing an organization are always changing. On a quarterly basis, I can present a cybersecurity awareness course for employees, executive management, and board members in a group setting. This includes anti-phishing training, general Cybersecurity news and awareness training, and password management training.

Ongoing Cybersecurity and LastPass Training (Individual)

Ongoing cybersecurity training essential. Continuing education helps your first line of defense - your employees - make good choices to help protect your organization. Without ongoing support and training, employees begin to use weak passwords (typing in known passwords instead of generating random passwords, for example), as well as not using the Sharing settings properly, which can reduce the ability for others in the organization to access key accounts.

Password Updates

Even with password software in place, the reality is that changing an organization’s passwords can be a daunting task. I perform supervised, on-site password changing services for sensitive accounts (email, financial). I recommend that all of an organization’s sensitive account passwords be changed quarterly, to minimize the impact of data breaches.

Active Data Breach Monitoring

I can help set up your organization with automatic monitoring tools for notifications in the event of a data breach involving any of the organization’s employees. In addition, I actively check every email account used by the organization on a quarterly basis for data breach notifications.

Active Cloud Services Auditing

Most nonprofits employ numerous third-party services (such as GSuite, LastPass Dropbox, Quicken Online, MailChimp, Salesforce, etc.) each of which generate an audit trail that needs to be monitored. This is both a practical cybersecurity and a liability issue. If no one ever reads through the log files, it’s impossible to know if accounts are being accessed improperly. It is often the case that after an event is detected, going through the log files reveals that the initial breach occurred months or years prior, and could have been detected!

Active Anti-Phishing Campaigns

This service involves actively sending safe, fake, but realistic phishing emails to employees, and measuring the responses that those emails receive. This is the technique that banks are mandated by law to undertake for all of their employees on an ongoing basis. On a quarterly basis, I can initiate phishing campaigns targeted at the organization’s employees, work with employees to reduce their exposure to such emails, and present findings to the executive team.

24/7 On Call Service

I am always here for my clients! From suspicious emails and texts to general cybersecurity and IT services, help is just a phone call, text, or email away!

A La Carte Services

Cybersecurity Disaster Recovery Plan

An addition to an organization’s general disaster recovery plan, the Cybersecurity Disaster Recovery Plan outlines specific scenarios and steps in the event of known cybersecurity incidents. Created in conjunction with the organization’s executive team and employees, this document becomes a training opportunity as well as a worst-case scenario playbook should a cybersecurity event take place.

Cybersecurity Rider Insurance Review

I can help the organization determine if the type and amount of coverage from its Cybersecurity Rider fits the current needs of the organization, or if different / additional coverage is necessary.

Transitioning Email Providers

Many local organizations use local email providers, providers that do not meet modern security requirements and thus jeopardize the security of all their clients. I can help your organization seamlessly transition from these insecure email providers to one that will truly protect you going forward.

Next Steps

I look forward to talking with you about your firm’s specific needs and concerns, and to schedule your free cybersecurity audit. Please email me at to contact me directly.