Security awareness¶

A handwritten notice pinned to the communal dining room wall between a fire escape plan and the weekly menu. It reads DO NOT SHARE YOUR PASSWORDS WITH VAMPIRES. Someone has added a note underneath in different ink: what if they ask very nicely.

Security awareness in a non-profit is a different problem from security awareness in a corporate environment. The population is more diverse: paid staff alongside volunteers who may range from retired professionals to school-age helpers. The communication channels are less uniform. The authority to compel participation is weaker. The budget for professional training platforms is usually limited.

None of this is an excuse for not doing it. Phishing and social engineering are the most common routes into non-profit organisations, and they work primarily because people do not recognise them. That is a solvable problem, at least partially, and solving it does not require an enterprise training budget.

People are not the weakest link. Untrained people are.

Building a security awareness programme
Phishing recognition
Social engineering
Volunteer-specific awareness