Zero Trust Secures Nonprofits’ Links to Clients, Staff, and Volunteers

Every week, reports of cyberattacks hit the news. While these headlines primarily focus on for-profit businesses, nonprofits are not immune. In 2021, U.S. businesses and public entities suffered 26,074 incidents, with a total cost of close to $2.6 billion, according to the U.S. Government Accountability Office. 

Nonprofits make attractive targets for cyber attackers because they store sensitive data about the people they serve and those who work there, donate, and volunteer. Just how big a potential payout is this for hackers? According to a report from Johns Hopkins, the nonprofit sector is the third-largest employer in the United States.

So, guarding this information must be a top priority for nonprofits. 

Organizations typically rely on disparate, overlapping cybersecurity solutions that leave gaps in their defenses. This vulnerability is further exacerbated by users remotely accessing the network, often from unsecured connections. A 2022 report from Verizon found that the human element accounted for 82% of analyzed breaches over the previous year, meaning credentials were involved.

With data spread across multiple services, devices, applications, and people, it’s not enough to slap a password onto something or set up a firewall. Nonprofit organizations need stronger protection, and  Zero Trust can help.

What is Zero Trust?

Zero Trust is a digital security framework based on a simple premise: never trust, always verify. It revolves around verifying an “actor”— a human user, process, or device — before allowing that actor to access data or applications. 

Starting with an identity-centric approach to security can ensure that the right people have the correct level of access to the right resources in the proper context, and that access is assessed continuously. Ideally, this begins with an identity and access management (IAM) solution that also makes logging in easy for the end user.

Nonprofit organization Teach For America (TFA) benefitted from a Zero Trust framework with Okta.

What is Teach For America?

TFA is a nonprofit that recruits, trains, and places 3,500 teachers yearly in under-resourced schools throughout the United States. After their first assignment to a school, TFA alums often stay connected with the organization. As a result, after almost 30 years in operation, TFA has a network of 60,000 teachers, staff, and alumni supported by open communication, access to the latest teaching technologies, and opportunities for collaboration. Each TFA user needs quick, secure, one-click access to shared cloud-based applications and data, regardless of their location, device, or network.

Building its Zero Trust environment

To build its Zero Trust environment, TFA used Okta’s library of 6,500+ pre-built integrations to connect the software its teachers and staff use daily and streamline access via a single portal. The organization used Okta’s Workforce Identity products, including Single Sign-On, Adaptive Multi-Factor Authentication, Lifecycle Management, and Universal Directory, to craft its identity verification system. A single username and password now provide access to all the workplace productivity applications.

The organization has advanced security, better deployment of technology, and easy access to new cloud solutions. The decrease in problems logging in and improved access to communication tools have translated to a marked increase in productivity.

“Users are like, ‘You saved me five minutes in my day,’ and when you total that up  across all our staff daily, that’s an enormous number of productivity hours people get back,” says Harpreet Bajwa, TFA’s Product Manager, Enterprise Identity Management.

With Identity-centric Zero Trust solutions, TFA leadership predicts its IT will be entirely cloud-based within three years. And along the way, the organization will continue using Okta to facilitate a better, simpler, and more exciting way of working and learning.

Because of the large number of people employed by the nonprofit sector and sensitive private information handled by nonprofit organizations, a Zero Trust strategy built around Identity is imperative. If you’d like to learn more about how starting with Single Sign-On and Adaptive Multi-factor Authentication can help protect your nonprofit from cyberattacks, please visit Okta for Good’s sales page.