On the 20th March 2025, I attended an insightful webinar titled “How to Safeguard Donor Data with Limited Resources”.

I joined Northdoor, an award-winning IT consultancy specialising in data management for over 35 years, along with Microsoft and The Salvation Army (TSA), to discuss critical data security challenges facing the Not-for-Profit (NFP) sector.

Northdoor, known for their expertise in data solutions – storing, protecting, and effectively utilising data – highlighted the growing pressures facing non-profits, particularly around data security. With a client roster including well-known charities such as Comic Relief and Action for Children, Northdoor emphasised their tailored approach delivered through advice, strategy, design, implementation, and managed services. Their longstanding relationships, with seven out of ten clients remaining with them for over a decade, underscore their role as trusted strategic partners.

The current landscape for NFPs is particularly challenging, exacerbated by increasing cyber threats. According to the UK government’s cyber security report, 924,000 cybercrimes occurred in 2024 alone, and the trend shows no signs of improvement in 2025. Alarmingly, 32% of charities reported breaches or attacks, yet only 19% had a formal incident response plan in place. Reduced donations and escalating operational costs compound these vulnerabilities, making effective cybersecurity even more crucial.

Chris Lines from Microsoft’s Technology and Social Impact (TSI) team emphasised Microsoft’s commitment to supporting NFPs through affordable, accessible technology solutions. Of the 170,000 UK charities eligible, around 32,000 already benefit from Microsoft discounts. Microsoft’s significant investment – $4.7 billion globally in grants and software discounts in 2024 alone – demonstrates a clear dedication to the sector. With the recent launch of Microsoft’s AI Global Skilling Initiative on 11th March, the aim is to equip one million users with essential AI skills, underscoring Microsoft’s belief that artificial intelligence can transform the non-profit sector profoundly.

John Harrex, Head of Information Security at the Salvation Army, shared valuable insights into specific cybersecurity threats facing charities. These include targeted phishing or impersonation attacks aimed at high-profile individuals and supply chain vulnerabilities exacerbated by budget-related skills shortages and legacy systems. Harrex stressed that the Salvation Army, handling vast amounts of sensitive personal data across churches, cafes, shops, and vital anti-trafficking and local care services, has prioritised cybersecurity through a combination of technical measures and cultural change.

Strategies implemented by the Salvation Army include Security Operations Centres (SOCs), advanced network sensors, detailed log analysis, and human analysts reviewing data and messages. Data security-as-a-service has proven effective, combining smart technology with skilled human oversight. Governance and risk management are central, supported by ISO27001 compliance and Cyber Essentials certification, along with mandatory multi-factor authentication (MFA) for all staff and suppliers.

Dominic Green, Microsoft Cloud and Security Practice Lead at Northdoor, outlined crucial Microsoft technologies employed for clients in the non-profit sector. These include Microsoft Secure Score, which identifies security vulnerabilities across Microsoft products; Entra ID, Microsoft’s comprehensive cloud-based identity management service featuring robust, phishing-resistant MFA; Zero Trust Network architecture to replace outdated VPN solutions; and Sentinel Reporting, offering clear insights and metrics for managing cybersecurity proactively.

Dominic emphasised that Northdoor’s tailored services, specifically priced and developed for NFPs, can significantly enhance data protection. By leveraging Microsoft technology, non-profits gain critical cybersecurity capabilities without the financial burden of recruiting and retaining expensive in-house security expertise. Outsourcing cybersecurity strategy and implementation allows IT directors to refocus on their core mission, reducing compliance risks and potential reputational damage.

In conclusion, I strongly recommend that NFPs actively embrace discounted Microsoft services available through the Social Impact Team and seriously consider outsourcing their cybersecurity strategies to dedicated experts like Northdoor. Regular security monitoring, penetration testing as a service, and ongoing compliance assessments are straightforward actions delivering substantial protective benefits.

Northdoor offers a valuable security workshop tailored for charities, including a scoping discussion, a thorough review of existing Microsoft service usage, detailed security workshop, and practical recommendations. For further information, charities are encouraged to reach out directly to Richard.hartill@northdoor.co.uk.