The Global Cyber Alliance (GCA) is a nonprofit organization that works to reduce cyber risks globally. Their mission is to create a safer internet by uniting different sectors—government, business, and nonprofit organizations—to address systemic cyber threats. They focus on practical solutions and tools, such as their free cybersecurity toolkits for small businesses and nonprofits, and advocate for widespread adoption of best practices in cybersecurity. GCA’s initiatives aim to reduce risks like phishing, malware, and fraud by making cyber defenses more accessible.
1. What inspired the Global Cyber Alliance to develop cybersecurity toolkits for organizations, particularly for small businesses and nonprofits?
The idea originated during one of our Strategic Advisor meetings in the summer of 2018, leading to the launch of our first toolkit for small businesses in early 2019. This success quickly expanded into toolkits tailored for election officials, journalists, nonprofits and other mission-driven organizations, and individuals. We focus on serving communities with the greatest need—those often lacking the funding or expertise to implement basic cybersecurity practices independently.
2. Why is it important for GCA to offer these cybersecurity resources for free, and how does this align with your broader mission of reducing global cyber risks?
We consider ourselves a gap-filling organization, meaning we look for ways we can work with and through partners and other like-minded organizations to provide a tool or solution to fill a void or enhance something already being provided. When we built the first toolkit, we realized what made it unique from other products or solutions was it contained only free tools and was completely free to use. We do not require membership or any form of login. We do this to level the playing field, so to speak. Small organizations need a place to start their cybersecurity journey, and we felt this was the best way to start them on that path.
3. Nonprofits often struggle to prioritize cybersecurity amidst other pressing needs. In today’s digital landscape, why is it essential for these organizations to adopt cybersecurity best practices?
Implementing cybersecurity practices is critical for nonprofits because their ability to fulfill their mission depends on it. At GCA, we understand these challenges as a small nonprofit ourselves—we can only serve others if our operations are secure. Protecting donor information, organizational data, and employee records is essential to maintain trust and continuity. If we are subject to a cyber attack and cannot do our day to day business, then we cannot fulfill our mission.
4. For those just beginning, which resources in GCA’s comprehensive toolkit would you recommend as the most critical starting points to protect their mission and data?
We have designed the toolkits to guide users through their journey at their own pace in specific topical areas. You’ll see the toolkits have what we call “toolboxes.” You can start with Toolbox 1 – Know What You Have. This shows users how to inventory the organization’s assets so they know what to protect. The toolboxes that follow then guide them through that process!
5. What are the most prevalent cyber threats that smaller, mission-driven organizations face, and how does GCA’s toolkit provide targeted resources to help these organizations effectively safeguard their systems and data, even with limited technical and financial resources?
Nonprofits face similar threats as small businesses and other entities and individuals – phishing being the most prevalent. The Cybersecurity Toolkit for Mission-based Organizations, however, does have some unique resources available only to nonprofits, such as NDI’s Handbook for Civil Society Organizations (available in 11 languages) and CyberPeace Builders who provide direct assistance to NGOs around the world. These unique tools address the specific challenges nonprofits face, ensuring even resource-constrained organizations can improve their security.
6. How does the GCA toolkit simplify cybersecurity for nonprofits that lack IT staff or technical expertise?
Our toolkit is designed with accessibility in mind, featuring resources in various formats—videos, handbooks, one-pagers, online courses, and templates—all free to use and share. By catering to different learning styles, we ensure organizations without technical support can still take actionable steps to strengthen their cybersecurity.
7. Is there anything else you would like to highlight about the Global Cyber Alliance’s mission, impact, or the unique value of your toolkits that organizations should know as they work to strengthen their cybersecurity posture?
One of the things that is most important to us is we deliver something of value with a positive impact for the community we strive to serve. This is one of the reasons we look to solve problems in collaboration with partners, sponsors, and friends. For small organizations, cybersecurity can be daunting, which is why it was important for us to develop something free and accessible. Cybersecurity is not going to be achieved all at once, but it can be managed in small amounts to build layers of security. It is critical that the organization’s leadership team embrace it as part of regular business practices.