Year-end generosity is a perfect storm for cybercrime—and most nonprofits don’t see the danger until after the damage is done. We talk with Alex Brown, Director of Business Development at Richey May, about why the busiest time of your fundraising year is also one of the most hazardous for your systems, donors, and reputation.

Alex explains how attackers watch for holiday chaos: staff on vacation, rushed year-end gifts, last-minute tax receipts, and overloaded inboxes. “Attackers know you’re not paying as much attention,” he warns, “so you have to be a little extra diligent this time of year.” From fake donation pages to altered bank details, the tactics are increasingly sophisticated—and AI is making fraudulent emails and voice calls nearly impossible to spot by eye or ear alone.

The conversation walks through your “front door” risks, starting with your website and WordPress plugins, then moving into infrastructure scanning tools, outdated software, and weak admin logins. Alex shows why role-based access matters: if every staffer can see and change everything, one compromised account can expose your entire donor database and even your bank relationships.

He also tackles the human side of cybersecurity. Alex explains phishing and vishing in plain language, and why urgency (“this is a one-time exception,” “we need this code right now”) is such a powerful pressure tactic. He urges leaders to replace fear and punishment with ongoing micro-training and a culture where people feel safe admitting, “I clicked something weird.” Silence is exactly what attackers are counting on.

Finally, the episode turns to donor communication. Nonprofits must be crystal clear about how they will and will not contact supporters—what domains they use, which links are legitimate, and what information they will never request by phone, text, or email. Clear expectations protect donors and preserve trust, even if attackers try to impersonate your brand.

This is not a technical luxury; it’s a governance and stewardship issue. If your organization depends on digital generosity, you also depend on digital safety.

 00:00:00 Why year end giving is peak cyber risk for nonprofits
 00:02:24 From audit firm to cyber team The Ritchie May story
 00:06:03 Your website as the front door and WordPress plugin dangers
 00:09:21 Infrastructure scanning tools and the cost of skipping updates
 00:11:13 Donor data as gold role based access and endpoints explained
 00:15:01 AI tools laptops at desks and unsafe workarounds
 00:18:51 Phishing vishing and how attackers hijack email and voice
 00:25:12 Cybersecurity is everyone’s responsibility and micro training
 00:27:35 Why punishment backfires and reporting mistakes matters
 00:29:59 Setting clear donor communication rules to prevent fraud
 00:31:33 Final thoughts and Julia’s personal cyber to do list 

 #TheNonprofitShow #NonprofitCybersecurity #DonorTrust

Find us Live daily on YouTube!

Find us Live daily on LinkedIn!

Find us Live daily on X: @Nonprofit_Show

Our national co-hosts and amazing guests discuss management, money and missions of nonprofits!
12:30pm ET 11:30am CT 10:30am MT 9:30am PT

Send us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.com
Visit us on the web:The Nonprofit Show