Fundrais­ers, are you ready for a poten­tial cyber attack?

Jack Stead­man of Blue State shares cyber secu­ri­ty tips that he believes could help ensure your organ­i­sa­tion is equipped to pre­vent data and key infor­ma­tion from being hijacked.

Written by
Jack Steadman
September 15, 2022

Last year companies in the United States of America saw a 105 per cent surge in cyber attacks designed to hold platforms and data to ransom. What was once viewed as a government focused issue has now become something that every organisation needs to be aware of. 

So, do you have an approach and counter strategy in place, in the event of a cyber attack at your charity?

Are you set up to defend your organisation from cyber attacks? © Carmen Murillo via

If your answer is no, I recommend getting one ready now because cyber attacks are growing in every sector.

Natural disasters and humanitarian relief are moments that crystallise public support for non-profit organisations – leading to rapid increases in website traffic and online donations. Armed conflict can generate similar humanitarian needs. And increasingly, the term ‘war’ is not only referring to fighting in a conflict zone – it can also include cyber warfare too. For organisations serving the world at these critical moments, your rapid response should include an increased focus on cyber security that works alongside your fundraising and communication plans. 

For corporate organisations, with targeting restrictions growing and third-party cookie removals coming in 2023, there is a re-emphasis on first-party data both in terms of acquisition and journey development. Being cyber secure is a crucial part of generating and keeping trust with consumers. In short, you don’t want to be the organisation letting your donors know they have to change their password quickly for security reasons.

And of course, for government and advocacy organisations, the sophistication and volume of such attacks continues to grow. Organisations need to get ahead of cyber attacks with more than a strategy to implement (should the worst happen), but a prevention plan too.

So where do you start?

I have pulled together some quick wins and tips that could help you better equip your organisation for the future – and be prepared for a potential cyber attack.

1.   Start by making sure that the version of your CMS (content management system) platform and all plugins are up to date, and that security patches have been applied. Confirm with the hosting provider that the same is true of their server software. All major hosting providers do this as part of their routine maintenance procedures, but it’s worth double-checking.

2.   Look at the security features offered by the CMS platform (or available via reputable plugins) and take measures to harden the platform against attack. Some examples of this include:

  • enabling and requiring multi-factor authentication for administrator accounts
  • requiring strong passwords, and setting limits on failed login attempts to guard against brute-force attacks
  • check passwords against lists of ‘pwned’ passwords. A ‘pwned’ password is one that has been hacked – and there may be plugins which can run this check for you automatically when someone changes their password
  • track ‘trusted devices’ for each admin account to guard against session hijacking attacks

3.   Make sure the site takes advantage of all CDN (content delivery network) and WAF (web application firewall) products available from the hosting provider, and that they are all configured properly. CDNs provide a globally distributed layer of protection for the core web infrastructure and have sophisticated systems for identifying and blocking DDoS (distributed denial-of-service, a common attack in which a site is flooded with traffic until its web server crashes) and other network-level attacks before they can affect a site. WAFs are often attached to CDNs and are designed to identify and block a wider range of attacks, including those which target specific vulnerabilities in CMS and web server software.

4.   If a hosting provider doesn’t bundle a CDN, it can be purchased and configured separately. Fastly and Cloudflare are two modern CDNs which have robust networks and attack-prevention features built in.

5.   If the situation warrants it, see if the hosting provider can block all traffic from a specific country location at the WAF/CDN. This is a brute-force measure that isn’t fool proof, but it may make it a little harder for hackers to break through or buy some time if an attack is in progress.

6.   If your organisation has reason to suspect an attack may be imminent, you might consider reaching out to your hosting provider and warning them of possible attacks. If all these other measures have been taken, there may be nothing more to do, but it’s always good to have a heads up that something might be coming that could trip some alarms.

Why does this matter to fundraisers like you?

I know some of this might sound like tech speak, but let’s remember why fundraisers should make sure these sort of conversations are happening at your organisation, regardless of how unfamiliar and complicated they might feel. 

Cyber security is an integral part of fundraising. Ensuring the security of donors’ personally identifiable information (PII) is important in gaining and keeping trust – but it’s also integral to building long-term relationships. 

Just as fundraising organisations talk of both long and short-term fundraising strategies, you should also ensure you have a strategy for long-term cyber security too. And there is no time like the present to get started on making some immediate changes to improve your cyber security. You can do this by working with the relevant teams at your own organisation to try some of the strategies I’ve mentioned today.

I believe that, with good scenario planning and a formal escalation process, if the worst should happen, you will be able resolve problems as quickly as possible.

If you have any questions about my tips in this article, you can reach me, or one of my colleagues at Blue State by emailing

About the author: Jack Steadman

Jack (he/him) is an experienced leader in product strategy, technology, engineering, and technical operations, both in-house and consulting. Currently, he helps non-profits and brands make sense of their data and build digital products that support one-to-one targeting and personalisation across channels. He was previously SaaS head of product, engineering director, architect, and developer.

Recent Articles

Will you join these kind fundraisers at the heart of SOFII?

Who are the SOFII One Hundred? They are fantastic fundraisers from around the world – and you can find them at the heart of SOFII. Read on to discover more about this group of caring people and learn why they have chosen to help fundraisers today, tomorrow and forever.

Read more

New year, new changes in digital fundraising – five tips to help you prepare

Changes in online marketing and data privacy have made it harder than ever to find new donors. And as we embark on a new year in fundraising, more shifts are on the horizon. So what can fundraisers like you do to make sure you’re prepared to communicate with and nurture your donors in an ever-evolving digital landscape?

Read more

Legacy brochures from 90 years ago – what’s the same and what’s different to today?

This is a rare ‘legacy edition’ from our ever-growing fundraising history project. Marina Jones has uncovered some gems in The Salvation Army archive, two legacy brochures from the 1930s. In this article she looks at what’s stayed the same (Marina found ten things!), as well as what’s changed, when it comes to talking to donors about making a gift in their will.

Read more

When fundraising collapsed – are we ready for a new era of responsible fundraising?

As we enter another year in fundraising, Giles Pegram is pausing to look back. In this article, he reflects on some important moments in his time as a fundraiser – from 1983 to the present. Giles also refers to the lessons found in the Commission on the Donor Experience and offers fundraisers ten tips that he believes will help you usher in a new era of responsible fundraising.

Read more

SOFII’s best of the best showcase - introduction and contents

This showcase collates all the greatest fundraising campaigns currently on SOFII. Be prepared to be inspired and amazed by the very best fundraising ever. And you can suggest other appeals or projects that resonated with you as well.

Read more

Also in Categories