The short answer is that you can find them everywhere.
That also makes it a bit overwhelming.
How do you know which training is the right training? How do you know which cybersecurity framework or training provider? Should you go with trainers and resources that are nonprofit-specific? Or will any reputable cybersecurity provider do?
Getting it right means ensuring that your nonprofit, your staff, your data, your clients are protected now and into the future. It’s a tremendous responsibility.
I have no easy answers. Sure, I could provide a bunch of links and reports and resources and frameworks. But I’m not a cybersecurity expert. And I don’t want to add to the chaotic confusion and concern.
But the answers are coming.
“The Canadian Centre for Nonprofit Digital Resilience (CCNDR), supported by experts from its cybersecurity working group, has released an essential report to help nonprofit organizations safeguard their data and operations. This is the first ever report on building the cybersecurity of Canada’s nonprofits… Turning the research to action, CCNDR is launching pilot projects based on the recommendations.”
You should read the report.
CCNDR is piloting and testing two prototypes in the near future:
A cybersecurity on-ramp in the settlement sector
We will prototype an on-ramp, including a risk assessment, with the Immigrant and Refugee-serving sector. The strategic approach is to go deep into the needs of one sector, develop a successful intervention, and then scale it to other sectors.
This pilot will focus on answering the following question: “How can we remove the overwhelm
nonprofit leaders feel and provide an on-ramp to cybersecurity for organizations?”
I’m part of this first pilot. I’m super excited about it and what will be created.
Cybersecurity has been repeatedly identified in our sector consultations as a priority and a concern. Sector leaders want to get it right. They want not only to ensure that their nonprofit, your staff, your data, your clients are protected now and into the future. But they don’t know where to start.
The goal of this pilot project is to give them the right first steps.
But it won’t end there. IRCC, the sector’s main and largest funder, has identified cybersecurity as a priority leading up to the next national call for proposals in 2024/25. But they haven’t provided any guidance or idea of what they mean, or what that will look like.
So I’m proposing we don’t wait. We tell them what is needed based on this pilot project. Because cybersecurity is not a “one and done” effort. It requires investment and constant vigilance.
By the end of this pilot project I believe we’ll have a model onramp and framework that no nonprofit funders, like IRCC, will be able to say no to. And they’ll have no reason to say no.
I’ll keep you posted as the work starts. We’ll get there together. And we’ll get it right.