Cyber awareness for charities, clubs and non-profits
Donor lists, member records and beneficiary data make non-profits rich targets with lean defences, and PDPC enforcement does not grade on a curve. We train staff and volunteers in the habits that protect the people who trust you.
The Singapore Red Cross Society and The Tanglin Club are among the organisations that have trained with CFCI.
Why charities, clubs & non-profits get targeted
These are the attack patterns we train against in this sector, drawn from live campaigns rather than textbook examples.
Donor and member data exposure
Charities and member clubs hold exactly what attackers monetise: contact details, payment records and personal circumstances, often in ageing systems.
Payment redirection
Spoofed vendor invoices and fake beneficiary requests aimed at small finance teams that approve payments under time pressure.
Volunteer and part-time churn
High turnover means untrained hands on member data every month. Awareness has to be repeatable, not a one-off induction slide.
Reputation on a thin margin
A breach that a corporate survives can end a charity’s fundraising ability. Trust is the entire balance sheet.
The rules your people operate under
Training is the control every one of these frameworks expects, and our engagement report is the evidence they ask for.
Donor, member and beneficiary personal data carries the same obligations as any corporate database, and PDPC has enforced against non-profits.
Charity governance expectations increasingly include data protection and risk management that boards must evidence.
Government grants and corporate partners ask about data safeguards before funds or member data change hands.
The national baseline is achievable for non-profits and signals trustworthiness to donors and partners; staff awareness is part of it.
What we build for charities, clubs & non-profits
Everything in the core Cyber Safety workshop, live hacking demonstrations included, plus sector-specific depth:
- Phishing drills built from non-profit lures: fake donors, grant spoofs and beneficiary impersonation
- Handling member and donor data across email, spreadsheets and CRMs
- Payment-approval hygiene for small finance teams
- Volunteer-friendly essentials that survive high turnover
- Incident response sized to a lean team: who to call, what to say, when
- Pre-workshop consultation
- Post-training phishing simulation
- Before-and-after awareness measurement
- Board-ready engagement report
- Certificates for all participants
Measured results
reduction in phishing incidents across recurring yearly workshops
Over the years we have seen a 70% reduction in phishing incidents, thanks to the vigilance these yearly workshops build.
lift in self-rated staff awareness in a single session, NPS +50 with zero detractors
Where to start
Most non-profits start with a single half-day workshop covering staff and key volunteers, with the phishing simulation and report included. Registered charities and IPCs receive preferential rates, and annual programmes are sized to non-profit budgets.
Pilot Workshop
Your first engagement, any team size
- Live 2-hour virtual (S$2,800) or half-day on-site workshop (S$5,400)
- Curriculum tailored to your sector in a pre-workshop consultation
- Live hacking demonstrations and hands-on exercises
- Post-training phishing simulation with analytics
- Board-ready engagement report and debrief
The pilot fee is credited in full against any annual programme signed within 90 days.
Non-profit questions, answered
Do you offer charity or IPC rates?
Yes. Registered charities and IPCs receive preferential rates on workshops and annual programmes. Tell us your registration status when you enquire.
Can volunteers attend alongside staff?
Yes, and they should: volunteers often handle member and donor data with the least induction. Sessions are built for mixed rooms with no technical background assumed.
We run on a small budget. What is the minimum sensible engagement?
A single live workshop with the phishing simulation and engagement report included. It gives your board a measured result, not just an attendance sheet, and you can step up to a programme later.
Does this help with grant applications and partner due diligence?
Yes. The engagement report evidences staff data-protection training, which is exactly what grantmakers and corporate partners ask about when personal data is involved.
Not sure where you stand? Take the free two-minute check: Do I need cyber awareness training for my team?
Other industries
Ready to train your non-profit team?
Book a 30-minute scoping call. We will map your headcount, sites and regulatory context to the right format and give you a clear quote.