When people think about cybersecurity, they often picture complicated systems, hackers in hoodies or technical teams working behind the scenes.
Yet, from my experience working with Not for Profits, the biggest risks don’t come from sophisticated attacks. Instead, they come from what I call the “front door,” or the small, everyday decisions users make.
What Do We Mean by Front Door Risks?
Your IT provider or internal team can set up the strongest defences available. They can manage systems, apply patches and monitor your network (or backdoor). However, none of that helps if someone inside your organisation lets the hacker in through their own access.
Front door risks come from human behaviour. They’re simple, easy mistakes like clicking on a malicious link, using weak passwords or sharing information without thinking about who might see it.
And because they rely on people, not technology, and they’re the hardest for IT teams to prevent on their own.
Everyday Behaviours That Create Risk
With my work and speaking engagements, I regularly survey users about their cybersecurity practices. And it’s obvious from that feedback that every organisation has these front door risks. They include:
- Weak or reused passwords: They are a gift to attackers, especially when used across multiple accounts.
- Phishing emails: Scammers use urgency and authority to get people to act before thinking, whether it’s clicking on a link or paying for something. I know of Not for Profits that have even fallen for the “buy Apple gift card for XYP purposes”
- Unsafe downloads: Grabbing a free tool or opening an unknown attachment can introduce malware in seconds. Your IT provider can prevent some of these, but it’s still difficult to stop them all.
- Poor physical security: Leaving a laptop unattended or writing passwords on easy-to-find places makes it easy for hackers to gain access to your systems.
- Oversharing information: Sending sensitive data via insecure ways (like email) or posting too much publicly (such as when executives will be away overseas) creates unnecessary exposure.
These aren’t technical failures. They’re human moments. And even the best IT setup can’t stop them once they happen.
How to Strengthen the Front Door
The good news is that most front door risks are easy to fix with regular cybersecurity awareness training and a few simple habits, such as:
- Use strong, unique passwords or pass phrases. A password manager can make this easier, especially for shared accounts.
- If in doubt, check it out. If something feels odd, check with a colleague or your IT provider.
- Only download from trusted sources.
- Lock your devices, even for short breaks. If in public places, take it with you – even if to the bathroom.
- Pause before sharing information. Ask yourself whether it’s appropriate for the audience and the channel.
Build a Culture Where People Ask First
Technology alone won’t protect your organisation. Real cybersecurity comes from a culture where people know what to look for and feel comfortable asking questions.
Training helps, but only if it’s practical and memorable. More importantly, it’s essential to create an environment where mistakes become learning opportunities, not something to hide.
Because you don’t want to find out months later that a staff member lost their laptop and didn’t report it… as has happened to one of my clients.
Everyone plays a role in protecting the organisation, not just your IT team.
Final Thoughts
Your IT provider can install the locks and protect the back door from hackers, but it’s the daily decisions of your users that keep the front door shut. With a bit of awareness and a few new habits, your organisation can significantly reduce its cybersecurity risks.
I regularly help Not for Profits identify cybersecurity risks. Let me know if you need some help with this.
P.S. If you found this article helpful, you might want to read these too:
- Your NFP is exposed to unnecessary cybersecurity risks if your MSP isn’t doing this
- 5 things your software vendors wish you understood about cybersecurity risks
- Could your NFP survive a 3rd party cybersecurity breach like Qantas?
Tammy Ven Dange is a former charity CEO, Association President, Not for Profit Board Member and IT Executive. Today, she helps NFPs with strategic IT decisions, especially around investments and risk mitigation.