Managed cybersecurity for Non-profits

Protect your mission. Preserve the trust behind it.

Practical, always-on cybersecurity for Non-profits, charities and community organizations—designed to protect donor, employee and beneficiary information, secure Microsoft 365 and reduce disruption without overloading your team or budget.

Support built for Alberta organizations Clear monthly reporting Security that fits Non-profit operations
XYZ Impact FoundationSecurity overview
Protected
Organization security score
86/100
Strong
Endpoints38 monitored
Email securityThreats filtered
Patching98% current
IdentitiesMFA enforced
Suspicious sign-in blockedAccess attempt stopped before donor and program data was exposed.
Purpose-built protection for:
Registered charities
Community Non-profits
Faith-based organizations
Associations and foundations
Donor and member systemsCRM, fundraising and engagement platforms
Account risk
Organization emailDonor messages, grant files and invoices
Phishing risk
Staff and volunteer devicesOffice, remote and shared devices
Malware risk
Mobile accessExecutives and staff on the move
Controlled
Your organization is not a typical office

Your programs depend on connected systems—and uninterrupted access.

Non-profit teams move quickly, collaborate with volunteers and partners, share devices and rely on cloud applications. Security must protect that environment without slowing down service delivery or fundraising.

01
Donor, employee and beneficiary information is sensitive

Personal, financial and program information can be exposed through compromised email, weak access controls or lost devices.

02
Downtime immediately affects programs

Unavailable workstations, cloud systems or records can delay programs, donor communications and essential operations.

03
Small teams have limited security capacity

Non-profit leaders need an expert partner that can monitor, prioritize and explain security issues clearly without requiring a large internal IT team.

Non-profit-specific risks

The threats that put your mission, funding and operations at risk

We focus on the practical attack paths most likely to affect charities, associations, foundations and community organizations.

Phishing and email compromise

Fraudulent messages can steal passwords, redirect payments or expose donor, employee and beneficiary information.

See email protection

Ransomware and system disruption

Malware can lock files, interrupt access to systems and force organizations into costly recovery efforts.

See endpoint protection

Unauthorized account access

Weak passwords, missing MFA and stale accounts can give attackers access to email and cloud applications.

See identity security

Unpatched and unmanaged devices

Outdated operating systems and applications create avoidable openings for malware and unauthorized access.

See patch management

Third-party application exposure

Fundraising, CRM, payment, grant and collaboration platforms can introduce access, integration and vendor-management risks.

See risk assessments

Lost or unmanaged devices

Laptops and mobile devices used by staff and volunteers can expose information when security controls are inconsistent.

See device management
What is at stake

A cyber incident can quickly become a mission-delivery crisis.

Security failures do not stay inside the IT department. They affect programs, fundraising, payroll, communications, privacy responsibilities and the trust donors and communities place in your organization.

Interrupted programs and servicesProgram delivery, fundraising and administrative workflows can be delayed or unavailable.
Funding and donor confidenceA cyber incident can weaken donor trust, disrupt fundraising and put grants or partnerships at risk.
Recovery costsInvestigation, restoration and operational downtime can create unexpected expense.
Loss of beneficiary confidenceBeneficiarys expect their personal information to be handled securely.
How Citrine protects your Non-profit

One security partner. Fewer gaps to manage.

We combine technology, monitoring and practical guidance into a managed program that fits Non-profit budgets, staffing models and operating realities.

Build your organization security plan

Endpoint protection and monitoring

Detect suspicious activity across staff, office and remote devices and respond before threats spread.

Email and phishing protection

Reduce malicious messages, executive impersonation, donation scams and account compromise targeting staff and volunteers.

Microsoft 365 and identity security

Strengthen MFA, sign-in controls, administrator access and secure collaboration.

Patch and vulnerability management

Find common weaknesses, prioritize remediation and keep supported systems up to date.

Security awareness for staff and volunteers

Train staff to recognize phishing, handle information carefully and report suspicious activity quickly.

Backup and recovery readiness

Review backup coverage and recovery processes so your organization can restore critical data and resume services faster.

Risk, policy and incident-response guidance

Document responsibilities, improve readiness and give leadership a clear view of security priorities.

Privacy, governance and board assurance

Turn privacy and governance responsibilities into practical security actions.

Non-profits hold personal, financial and sometimes highly sensitive program information. Citrine helps translate privacy, contractual and governance responsibilities into workable safeguards, evidence, reporting and response processes.

Security risk assessmentsIdentify control gaps affecting beneficiary information, systems and organization operations.
Access and account reviewsImprove joiner, mover and leaver controls for staff, contractors and administrators.
Incident-response preparationClarify who does what when a suspected privacy or security event occurs.
Leadership-ready reportingShow progress, unresolved risks and recommended priorities in plain language.
A clear path to stronger security

Start with your organization’s actual risks—not a generic package.

Our onboarding process is structured to respect your resources, reduce disruption and create a prioritized plan your leadership can understand.

1

Discover

We learn how your organization delivers services, raises funds, collaborates and handles sensitive information.

2

Assess

We review devices, accounts, Microsoft 365, email, patching, backups, payment workflows and key security processes.

3

Protect

We deploy agreed controls in phases, prioritizing the gaps that create the greatest operational, privacy and financial risk.

4

Improve

We monitor, report and refine your security posture as your programs, staff, volunteers and technology change.

Why Citrine

Cybersecurity expertise delivered in a way Non-profit leaders and boards can use.

We combine security operations, Microsoft expertise and governance support for charities, Non-profits and community organizations.

Security-first approach

Recommendations are driven by risk reduction, not unnecessary complexity.

Local Alberta partner

Support aligned to the operating realities, budgets and responsibilities of Alberta Non-profits.

Clear reporting

Plain-language reports that show what changed, what remains and what comes next.

Ongoing improvement

Security evolves with your organization instead of ending after a one-time project.

Frequently asked questions

Questions Non-profit leaders ask before getting started

Every Non-profit is different. These answers provide a practical starting point for discussing your environment, budget and priorities.

No. Compliance is an organizational and legal responsibility. Citrine helps your organization implement and document cybersecurity safeguards, assess gaps and improve incident readiness in support of privacy and governance responsibilities.

Yes. We can coordinate with your current IT provider, fundraising platform, CRM provider, cloud vendors and other technology partners. Responsibilities are clarified during onboarding so monitoring, remediation and escalation are not duplicated or overlooked.

Controls are planned around Non-profit workflows. We prioritize measures that materially reduce risk while keeping access practical for executives, employees, volunteers, board members and remote users.

Yes. The service can cover multiple offices, remote teams, shared Microsoft 365 environments and centralized or location-specific devices, with consolidated reporting for leadership and the board.

We begin with a discovery conversation and security assessment. You receive a prioritized view of key risks, practical recommendations and the proposed scope for ongoing managed protection.

Start with a focused assessment

Find the security gaps that matter most to your mission.

Tell us a little about your organization. We will arrange a conversation to understand your environment, constraints and most practical next steps.

Review of your current security concerns Practical recommendations in plain language No-pressure discussion with a security specialist

By submitting this form, you agree to be contacted about your request.