Phishing and email compromise
Fraudulent messages can steal passwords, redirect payments or expose donor, employee and beneficiary information.
See email protection →Practical, always-on cybersecurity for Non-profits, charities and community organizations—designed to protect donor, employee and beneficiary information, secure Microsoft 365 and reduce disruption without overloading your team or budget.
Non-profit teams move quickly, collaborate with volunteers and partners, share devices and rely on cloud applications. Security must protect that environment without slowing down service delivery or fundraising.
Personal, financial and program information can be exposed through compromised email, weak access controls or lost devices.
Unavailable workstations, cloud systems or records can delay programs, donor communications and essential operations.
Non-profit leaders need an expert partner that can monitor, prioritize and explain security issues clearly without requiring a large internal IT team.
We focus on the practical attack paths most likely to affect charities, associations, foundations and community organizations.
Fraudulent messages can steal passwords, redirect payments or expose donor, employee and beneficiary information.
See email protection →Malware can lock files, interrupt access to systems and force organizations into costly recovery efforts.
See endpoint protection →Weak passwords, missing MFA and stale accounts can give attackers access to email and cloud applications.
See identity security →Outdated operating systems and applications create avoidable openings for malware and unauthorized access.
See patch management →Fundraising, CRM, payment, grant and collaboration platforms can introduce access, integration and vendor-management risks.
See risk assessments →Laptops and mobile devices used by staff and volunteers can expose information when security controls are inconsistent.
See device management →Security failures do not stay inside the IT department. They affect programs, fundraising, payroll, communications, privacy responsibilities and the trust donors and communities place in your organization.
We combine technology, monitoring and practical guidance into a managed program that fits Non-profit budgets, staffing models and operating realities.
Build your organization security planDetect suspicious activity across staff, office and remote devices and respond before threats spread.
Reduce malicious messages, executive impersonation, donation scams and account compromise targeting staff and volunteers.
Strengthen MFA, sign-in controls, administrator access and secure collaboration.
Find common weaknesses, prioritize remediation and keep supported systems up to date.
Train staff to recognize phishing, handle information carefully and report suspicious activity quickly.
Review backup coverage and recovery processes so your organization can restore critical data and resume services faster.
Document responsibilities, improve readiness and give leadership a clear view of security priorities.
Non-profits hold personal, financial and sometimes highly sensitive program information. Citrine helps translate privacy, contractual and governance responsibilities into workable safeguards, evidence, reporting and response processes.
Citrine provides cybersecurity and compliance-support services.
Our onboarding process is structured to respect your resources, reduce disruption and create a prioritized plan your leadership can understand.
We learn how your organization delivers services, raises funds, collaborates and handles sensitive information.
We review devices, accounts, Microsoft 365, email, patching, backups, payment workflows and key security processes.
We deploy agreed controls in phases, prioritizing the gaps that create the greatest operational, privacy and financial risk.
We monitor, report and refine your security posture as your programs, staff, volunteers and technology change.
We combine security operations, Microsoft expertise and governance support for charities, Non-profits and community organizations.
Recommendations are driven by risk reduction, not unnecessary complexity.
Support aligned to the operating realities, budgets and responsibilities of Alberta Non-profits.
Plain-language reports that show what changed, what remains and what comes next.
Security evolves with your organization instead of ending after a one-time project.
Every Non-profit is different. These answers provide a practical starting point for discussing your environment, budget and priorities.
No. Compliance is an organizational and legal responsibility. Citrine helps your organization implement and document cybersecurity safeguards, assess gaps and improve incident readiness in support of privacy and governance responsibilities.
Yes. We can coordinate with your current IT provider, fundraising platform, CRM provider, cloud vendors and other technology partners. Responsibilities are clarified during onboarding so monitoring, remediation and escalation are not duplicated or overlooked.
Controls are planned around Non-profit workflows. We prioritize measures that materially reduce risk while keeping access practical for executives, employees, volunteers, board members and remote users.
Yes. The service can cover multiple offices, remote teams, shared Microsoft 365 environments and centralized or location-specific devices, with consolidated reporting for leadership and the board.
We begin with a discovery conversation and security assessment. You receive a prioritized view of key risks, practical recommendations and the proposed scope for ongoing managed protection.
Tell us a little about your organization. We will arrange a conversation to understand your environment, constraints and most practical next steps.
By submitting this form, you agree to be contacted about your request. Please do not include sensitive donor, beneficiary, employee or payment information in this form.