EPISODE · Jul 9, 2025 · 31 MIN
The Cybercrime Response Plan Every Nonprofit Needs: What To Do First
from The Nonprofit Show · host Michael Nouguier | Richey May Cybersecurity
Send us Fan MailWhen a cyberattack hits your nonprofit, do you know what to do? Cybersecurity expert Michael Nouguier, Partner at Cybersecurity Services at Richey May, walks us through the essential steps every nonprofit must take—before, during, and after a cyber event. As host Julia Patrick notes, it's not a matter of if, but when, and being unprepared is no longer an option.From clarifying what cyber insurance actually covers to practicing realistic incident response exercises, Michael offers a pragmatic and step-by-step guide tailored for nonprofit leaders. He points out, “Failure to plan is planning to fail,” and urges organizations to move beyond hope and into action.The conversation dissects misconceptions, such as thinking IT alone can handle a breach or believing cyber insurance is a comprehensive solution. Instead, Michael recommends building internal resilience with tabletop exercises that include the board, C-suite, legal, and communications staff. These scenario-based run-throughs help teams build muscle memory and prevent panic when disaster strikes.Third-party vendors—often a hidden weak spot—are addressed in detail. Michael reminds us, “You are the trusted data collector,” meaning nonprofits must ensure their vendors share the same security culture, including notification clauses and accountability.What if the worst happens? Michael stresses calm, communication, and preservation of evidence. “Don’t delete anything,” he cautions, as doing so can sabotage forensic investigations and potential fund recovery. He also reminds leaders to report incidents to local authorities and the FBI’s IC3.gov, reinforcing the legal and ethical responsibility to act swiftly and transparently.Perhaps one of the most human insights is around fostering a blame-free culture. Employees fearing punishment won’t report mistakes, making things worse. “Everyone—even me—has clicked a phishing link,” Michael admits, highlighting the importance of openness and psychological safety within teams.This is a call to action for NPO leaders to shift from avoidance to preparedness. Cyberattacks are not just technical disruptions—they can financially and operationally dismantle an organization. With the right mindset, strategy, and comms plan, your nonprofit can weather the storm!00:00:00 Welcome and Episode Overview 00:02:00 The Evolution of Richie May's Cybersecurity Services 00:04:00 What Cyber Insurance Really Covers 00:08:00 Third-Party Vendor Risks and Due Diligence 00:12:00 Real-World Impact of Cyberattacks on Nonprofits 00:15:00 Why Response Planning Beats Hoping for the Best 00:17:00 Tabletop Exercises: Practicing Incident Response 00:20:00 Who to Call When a Breach Happens 00:23:00 First Response Steps: Breathe, Engage, Preserve Evidence 00:26:00 Creating a Culture Where Mistakes Are Reported 00:29:00 Episode Recap and Takeaway #TheNonprofitShow #CyberResilience Find us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: [email protected] us on the web:The Nonprofit Show
What this episode covers
Send us Fan Mail When a cyberattack hits your nonprofit, do you know what to do? Cybersecurity expert Michael Nouguier, Partner at Cybersecurity Services at Richey May, walks us through the essential steps every nonprofit must take—before, during, and after a cyber event. As host Julia Patrick notes, it's not a matter of if, but when, and being unprepared is no longer an option. From clarifying what cyber insurance actually covers to practicing realistic incident response exercises, Michael o...
NOW PLAYING
The Cybercrime Response Plan Every Nonprofit Needs: What To Do First
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m