The Nonprofit Show
The Nonprofit Show is the daily live video broadcast where our national nonprofit community comes together for business problem solving, innovation, and education. Each day the panel of co-hosts and our guests cover the latest topics with fresh thinking to help you and your nonprofit amplify your social impact and achieve your mission, vision and values. With more than 1,100 episodes our library of learning is there for you and your organization.
Find us on YouTube: https://bit.ly/3A0Dqlw
Connect with us on LinkedIn: https://bit.ly/Nonprofit_Show
The Nonprofit Show
Your Nonprofit's Trusted Platforms Might Be Leaking Donor Info!
“Cybersecurity used to be the Department of ‘No’. Today, it's about enablement—how we help people work securely without getting in the way.”
Cybersecurity isn’t just an IT issue—it’s a trust issue. Michael Nouguier, Partner at Richey May’s Cybersecurity Services, joins us to discuss how nonprofits can better protect donor data, assess third-party platforms, and prepare for the inevitable breach.
Michael opens with a striking truth: “Cybersecurity is about risk—what we choose to accept, and what we work to prevent.” From this lens, this episode offers a detailed breakdown of today’s most pressing cybersecurity concerns, especially as they relate to data collection, donor privacy, and evolving threats like AI-driven attacks.
The conversation kicks off with the importance of identifying and documenting what data your organization actually collects—not just donor information, but client data, health records, payment details, and beyond. Michael stresses the danger of overlooking third-party vendors, who may have weak security protocols but still process sensitive data on your behalf.
Julia Patrick, host, presses Michael on how access control works in today’s remote-first world. His response is practical: build systems around role-based access and restrict data visibility by “need to know.” Whether you're a 5-person nonprofit or a national organization, overly broad permissions are a recipe for disaster.
Michael shares real-world examples of organizations undermining their own security—like contractors blocking ChatGPT integrations due to risk, prompting staff to email data to themselves for off-system use. It’s not just about locking systems down—it’s about enabling safer, smarter workflows that employees will actually use.
The episode wraps-up with a powerful call for scenario planning. Just like fire drills, “tabletop exercises” around cybersecurity incidents can build organizational muscle memory, reduce financial loss, and preserve your nonprofit’s reputation when—not if—a breach occurs.
If you think this topic is too technical to matter to your mission, think again. This conversation makes clear: cybersecurity is mission-critical because your donors expect trust, your clients deserve privacy, and your organization can’t afford the fallout of avoidable mistakes.
00:00:00 Welcome and introduction to Michael Nouguier
00:02:06 Why Richey May expanded into cybersecurity
00:04:11 What data are you collecting and why it matters
00:05:35 Understanding third-party data responsibilities
00:07:59 How to evaluate vendor security
00:10:15 Remote work and role-based access control
00:13:18 Does organization size change the approach?
00:16:01 Enabling staff without compromising security
00:19:22 What really happens in a data breach
00:21:24 The importance of practicing breach response
00:23:01 Tabletop exercises and insider risks
00:26:38 Is there hope for cybersecurity progress?
#NonprofitCybersecurity #DonorTrust
Find us Live daily on YouTube!
Find us Live daily on LinkedIn!
Find us Live daily on X: @Nonprofit_Show
Our national co-hosts and amazing guests discuss management, money and missions of nonprofits!
12:30pm ET 11:30am CT 10:30am MT 9:30am PT
Send us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.com
Visit us on the web:The Nonprofit Show
