Skip to main content

Enhancing Cybersecurity for a Not-For-Profit Organization: A Case Study

Page 1

Enhancing Cybersecurity for a Not-For-Profit Organization A Case Study A community services not-for-profit organization faced increasing cybersecurity risks due to rapid growth, handling large volumes of donor and volunteer data, and evolving compliance requirements. Without a comprehensive cybersecurity framework, the organization was vulnerable to

CLIENT: Community Services NFP Organization

data breaches, cyber threats, and regulatory penalties. Citrin Cooperman conducted a cybersecurity risk assessment, penetration testing, and compliance advisory to identify vulnerabilities and implement security enhancements. By addressing both technological and physical security gaps, the not-for-profit significantly reduced its cyber risk exposure while achieving compliance with HIPAA and other data protection standards.

CLIENT’S GOALS: •

Challenges •

Sensitive donor and financial data were

Citrin Cooperman’s Approach •

exposed to cybersecurity threats •

No formal risk assessment, penetration testing, or security policies

Gaps in network security, cloud

storage, and physical access controls •

Needed to comply with HIPAA and donor data protection laws

Cybersecurity risk assessment & audit

Improved data protection – Strengthened IT security and access controls to

IT infrastructure, data storage, and access

safeguard sensitive donor and volunteer

controls

information

Penetration testing & vulnerability

Reduced risk of cyberattacks –

scans – Simulated real-world cyber threats

Addressed key vulnerabilities, lowering

to expose network and system

exposure to data breaches •

Regulatory compliance achieved – Met

Physical security testing – Assessed

HIPAA and industry-specific data

unauthorized access risks through social

protection regulations

engineering tactics and internal security reviews •

– Conducted a full security review covering

vulnerabilities •

Results

Increased donor trust & funding

Enhance cybersecurity to protect donor and volunteer data

Ensure compliance with HIPAA and data protection laws

Strengthen network and physical security infrastructure

OUR TEAM’S ROLE: •

Conducted cybersecurity risk assessments and penetration testing

Provided compliance guidance for HIPAA and security best practices

Delivered recommendations for IT and physical security improvements

confidence – Reinforced cybersecurity

HIPAA compliance & security

measures resulted in stronger stakeholder

frameworks – Provided compliance

confidence

guidance and built structured security policies to meet regulatory requirements "Citrin Cooperman" is the brand under which Citrin Cooperman & Company, LLP, a licensed independent CPA firm, and Citrin Cooperman Advisors LLC serve clients’ business needs. The two firms operate as separate legal entities in an alternative practice structure. The entities of Citrin Cooperman & Company, LLP and Citrin Cooperman Advisors LLC are independent member firms of the Moore North America, Inc. (MNA) Association, which is itself a regional member of Moore Global Network Limited (MGNL). All the firms associated with MNA are independently owned and managed entities. Their membership in, or association with, MNA should not be construed as constituting or implying any partnership between them. Published 2025.


Turn static files into dynamic content formats.

Create a flipbook
Enhancing Cybersecurity for a Not-For-Profit Organization: A Case Study by Citrin Cooperman - Issuu