Enhancing Cybersecurity for a Not-For-Profit Organization A Case Study A community services not-for-profit organization faced increasing cybersecurity risks due to rapid growth, handling large volumes of donor and volunteer data, and evolving compliance requirements. Without a comprehensive cybersecurity framework, the organization was vulnerable to
CLIENT: Community Services NFP Organization
data breaches, cyber threats, and regulatory penalties. Citrin Cooperman conducted a cybersecurity risk assessment, penetration testing, and compliance advisory to identify vulnerabilities and implement security enhancements. By addressing both technological and physical security gaps, the not-for-profit significantly reduced its cyber risk exposure while achieving compliance with HIPAA and other data protection standards.
CLIENT’S GOALS: •
Challenges •
Sensitive donor and financial data were
Citrin Cooperman’s Approach •
exposed to cybersecurity threats •
No formal risk assessment, penetration testing, or security policies
•
Gaps in network security, cloud
•
storage, and physical access controls •
Needed to comply with HIPAA and donor data protection laws
Cybersecurity risk assessment & audit
Improved data protection – Strengthened IT security and access controls to
IT infrastructure, data storage, and access
safeguard sensitive donor and volunteer
controls
information
Penetration testing & vulnerability
•
Reduced risk of cyberattacks –
scans – Simulated real-world cyber threats
Addressed key vulnerabilities, lowering
to expose network and system
exposure to data breaches •
Regulatory compliance achieved – Met
Physical security testing – Assessed
HIPAA and industry-specific data
unauthorized access risks through social
protection regulations
engineering tactics and internal security reviews •
•
– Conducted a full security review covering
vulnerabilities •
Results
•
Increased donor trust & funding
Enhance cybersecurity to protect donor and volunteer data
•
Ensure compliance with HIPAA and data protection laws
•
Strengthen network and physical security infrastructure
OUR TEAM’S ROLE: •
Conducted cybersecurity risk assessments and penetration testing
•
Provided compliance guidance for HIPAA and security best practices
•
Delivered recommendations for IT and physical security improvements
confidence – Reinforced cybersecurity
HIPAA compliance & security
measures resulted in stronger stakeholder
frameworks – Provided compliance
confidence
guidance and built structured security policies to meet regulatory requirements "Citrin Cooperman" is the brand under which Citrin Cooperman & Company, LLP, a licensed independent CPA firm, and Citrin Cooperman Advisors LLC serve clients’ business needs. The two firms operate as separate legal entities in an alternative practice structure. The entities of Citrin Cooperman & Company, LLP and Citrin Cooperman Advisors LLC are independent member firms of the Moore North America, Inc. (MNA) Association, which is itself a regional member of Moore Global Network Limited (MGNL). All the firms associated with MNA are independently owned and managed entities. Their membership in, or association with, MNA should not be construed as constituting or implying any partnership between them. Published 2025.