Centre For Cybersecurity Institute Centre For Cybersecurity Institute
Menu
Corporate training · Non-profit

Cyber awareness for charities, clubs and non-profits

Donor lists, member records and beneficiary data make non-profits rich targets with lean defences, and PDPC enforcement does not grade on a curve. We train staff and volunteers in the habits that protect the people who trust you.

The Singapore Red Cross Society and The Tanglin Club are among the organisations that have trained with CFCI.

Why charities, clubs & non-profits get targeted

These are the attack patterns we train against in this sector, drawn from live campaigns rather than textbook examples.

Donor and member data exposure

Charities and member clubs hold exactly what attackers monetise: contact details, payment records and personal circumstances, often in ageing systems.

Payment redirection

Spoofed vendor invoices and fake beneficiary requests aimed at small finance teams that approve payments under time pressure.

Volunteer and part-time churn

High turnover means untrained hands on member data every month. Awareness has to be repeatable, not a one-off induction slide.

Reputation on a thin margin

A breach that a corporate survives can end a charity’s fundraising ability. Trust is the entire balance sheet.

The rules your people operate under

Training is the control every one of these frameworks expects, and our engagement report is the evidence they ask for.

PDPA

Donor, member and beneficiary personal data carries the same obligations as any corporate database, and PDPC has enforced against non-profits.

Governance codes

Charity governance expectations increasingly include data protection and risk management that boards must evidence.

Grant and partner requirements

Government grants and corporate partners ask about data safeguards before funds or member data change hands.

Cyber Essentials Mark (Singapore, CSA)

The national baseline is achievable for non-profits and signals trustworthiness to donors and partners; staff awareness is part of it.

Tailored curriculum

What we build for charities, clubs & non-profits

Everything in the core Cyber Safety workshop, live hacking demonstrations included, plus sector-specific depth:

  • Phishing drills built from non-profit lures: fake donors, grant spoofs and beneficiary impersonation
  • Handling member and donor data across email, spreadsheets and CRMs
  • Payment-approval hygiene for small finance teams
  • Volunteer-friendly essentials that survive high turnover
  • Incident response sized to a lean team: who to call, what to say, when
Always included
  • Pre-workshop consultation
  • Post-training phishing simulation
  • Before-and-after awareness measurement
  • Board-ready engagement report
  • Certificates for all participants

Measured results

70%

reduction in phishing incidents across recurring yearly workshops

Over the years we have seen a 70% reduction in phishing incidents, thanks to the vigilance these yearly workshops build.
200+ employee organisationRecurring annual client, Singapore
+54.5%

lift in self-rated staff awareness in a single session, NPS +50 with zero detractors

SustinereSustainability consultancy, Singapore

Where to start

Most non-profits start with a single half-day workshop covering staff and key volunteers, with the phishing simulation and report included. Registered charities and IPCs receive preferential rates, and annual programmes are sized to non-profit budgets.

Recommended for you

Pilot Workshop

Your first engagement, any team size

From S$2,800single session
  • Live 2-hour virtual (S$2,800) or half-day on-site workshop (S$5,400)
  • Curriculum tailored to your sector in a pre-workshop consultation
  • Live hacking demonstrations and hands-on exercises
  • Post-training phishing simulation with analytics
  • Board-ready engagement report and debrief

The pilot fee is credited in full against any annual programme signed within 90 days.

Scope this with us
See every programme and the cost estimator

Non-profit questions, answered

Do you offer charity or IPC rates?

Yes. Registered charities and IPCs receive preferential rates on workshops and annual programmes. Tell us your registration status when you enquire.

Can volunteers attend alongside staff?

Yes, and they should: volunteers often handle member and donor data with the least induction. Sessions are built for mixed rooms with no technical background assumed.

We run on a small budget. What is the minimum sensible engagement?

A single live workshop with the phishing simulation and engagement report included. It gives your board a measured result, not just an attendance sheet, and you can step up to a programme later.

Does this help with grant applications and partner due diligence?

Yes. The engagement report evidences staff data-protection training, which is exactly what grantmakers and corporate partners ask about when personal data is involved.

Not sure where you stand? Take the free two-minute check: Do I need cyber awareness training for my team?

Ready to train your non-profit team?

Book a 30-minute scoping call. We will map your headcount, sites and regulatory context to the right format and give you a clear quote.

Chat with us