New tech safeguards for new tech risks

Technology seems to change at the speed of light. Even a few years ago, many people had never heard of AI! Now, most not-for-profits are exploring how AI can improve their operations and outcomes. This rapid pace — and its potential risks — can be challenging for nonprofits. But there are relatively inexpensive ways to stay safe and benefit from the advantages offered by new technologies.

Controls that mitigate threats

Some tech solutions may already reduce your nonprofit’s risk. For example, cloud-based accounting software generally includes built-in controls. The software can also help you automatically track grant spending in real time so you can quickly remedy any mix-ups and avoid issues with your grantors.

More recently, advancements in AI are taking technological assistance to a new level. On the downside, AI has enabled bad actors to launch more cyberattacks against organizations. But on the plus side, AI has introduced new tools that can help organizations more quickly preempt or detect suspicious activity. In particular, AI and automation are making it easier to cost-effectively crunch massive amounts of data to identify anomalies and stop fraud.

Up your game

Many of your employees may work remotely, at least some of the time. And even if they don’t, most workers now access at least one of their employers’ networks via multiple devices. This provides hackers with greater “cyberattack surfaces” or points of entry. So if your nonprofit still uses passwords only — or even passwords plus multifactor authentication — to limit access to your network, consider adopting stronger defenses.

Role-based controls restrict access to systems or data to only those whose jobs require it. For example, only accounting staff (and certain executives) can access all financial data. Role-based controls offer different levels of access. “Just-in-time” provides users with access only when they need it and only for a limited period. Similarly, “just enough” applies the principle of “least privilege,” giving users access to only the information they need. “Microsegmentation” divides a network into discrete segments, each with its own access requirements.

Finally, “zero trust” approaches access for every user, device and connection on a per-request basis, whether inside or outside the network. Users must undergo repeated authentication. For each request, the system considers the user’s identity, location and device, along with the classification of the data sought, before granting access.

Resources are available

If your nonprofit has in-house IT support, discuss these issues with IT staffers to determine the next best steps. You may also be able to tap the expertise of board members or trusted volunteers with technology backgrounds. Additionally, we can help you analyze tech costs and assist you in implementing and improving internal controls.

© 2025