The Nonprofit Show
The Nonprofit Show is the daily live video broadcast where our national nonprofit community comes together for business problem solving, innovation, and education. Each day the panel of co-hosts and our guests cover the latest topics with fresh thinking to help you and your nonprofit amplify your social impact and achieve your mission, vision and values. With more than 1,100 episodes our library of learning is there for you and your organization.
Find us on YouTube: https://bit.ly/3A0Dqlw
Connect with us on LinkedIn: https://bit.ly/Nonprofit_Show
The Nonprofit Show
The Cybercrime Response Plan Every Nonprofit Needs: What To Do First
When a cyberattack hits your nonprofit, do you know what to do? Cybersecurity expert Michael Nouguier, Partner at Cybersecurity Services at Richey May, walks us through the essential steps every nonprofit must take—before, during, and after a cyber event. As host Julia Patrick notes, it's not a matter of if, but when, and being unprepared is no longer an option.
From clarifying what cyber insurance actually covers to practicing realistic incident response exercises, Michael offers a pragmatic and step-by-step guide tailored for nonprofit leaders. He points out, “Failure to plan is planning to fail,” and urges organizations to move beyond hope and into action.
The conversation dissects misconceptions, such as thinking IT alone can handle a breach or believing cyber insurance is a comprehensive solution. Instead, Michael recommends building internal resilience with tabletop exercises that include the board, C-suite, legal, and communications staff. These scenario-based run-throughs help teams build muscle memory and prevent panic when disaster strikes.
Third-party vendors—often a hidden weak spot—are addressed in detail. Michael reminds us, “You are the trusted data collector,” meaning nonprofits must ensure their vendors share the same security culture, including notification clauses and accountability.
What if the worst happens? Michael stresses calm, communication, and preservation of evidence. “Don’t delete anything,” he cautions, as doing so can sabotage forensic investigations and potential fund recovery. He also reminds leaders to report incidents to local authorities and the FBI’s IC3.gov, reinforcing the legal and ethical responsibility to act swiftly and transparently.
Perhaps one of the most human insights is around fostering a blame-free culture. Employees fearing punishment won’t report mistakes, making things worse. “Everyone—even me—has clicked a phishing link,” Michael admits, highlighting the importance of openness and psychological safety within teams.
This is a call to action for NPO leaders to shift from avoidance to preparedness. Cyberattacks are not just technical disruptions—they can financially and operationally dismantle an organization. With the right mindset, strategy, and comms plan, your nonprofit can weather the storm!
00:00:00 Welcome and Episode Overview
00:02:00 The Evolution of Richie May's Cybersecurity Services
00:04:00 What Cyber Insurance Really Covers
00:08:00 Third-Party Vendor Risks and Due Diligence
00:12:00 Real-World Impact of Cyberattacks on Nonprofits
00:15:00 Why Response Planning Beats Hoping for the Best
00:17:00 Tabletop Exercises: Practicing Incident Response
00:20:00 Who to Call When a Breach Happens
00:23:00 First Response Steps: Breathe, Engage, Preserve Evidence
00:26:00 Creating a Culture Where Mistakes Are Reported
00:29:00 Episode Recap and Takeaway
#TheNonprofitShow #CyberResilience
Find us Live daily on YouTube!
Find us Live daily on LinkedIn!
Find us Live daily on X: @Nonprofit_Show
Our national co-hosts and amazing guests discuss management, money and missions of nonprofits!
12:30pm ET 11:30am CT 10:30am MT 9:30am PT
Send us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.com
Visit us on the web:The Nonprofit Show
