For many nonprofits, cybersecurity feels like a luxury they simply can’t afford. But according to Michael Nouguier, Partner of Cybersecurity Services at Richey May, ignoring cybersecurity can end up being far more expensive than proactively investing in it.

Michael dismantles the myth that strong digital security comes with an unaffordable price tag. In fact, many nonprofits already have powerful security tools built into systems they’re already using—yet few take advantage of them. “What’s almost as good as free,” Michael explains, “is something that you’ve already been paying for and didn’t know that you could leverage.”

From free services offered by federal agencies like CISA to deeply discounted nonprofit rates from companies like Microsoft and Google, this conversation uncovers a path to digital protection that doesn’t require massive budget increases. Michael urges nonprofits to start by auditing what they already use. Whether it’s Google Workspace or Microsoft 365, most platforms include underutilized features like multi-factor authentication, access control, and data encryption.

These protections aren't just theoretical—they’re essential. As Michael points out, “You don’t know what to protect if you haven’t actually done an assessment to understand where those risks are.” He encourages leaders to seek out risk assessment tools—many of which are available at no cost—and build a strategy around known vulnerabilities, not guesswork.

The conversation also takes a practical look at automation, which reduces labor costs by removing repetitive security tasks. Many nonprofits mistakenly believe they’re starting from scratch when in reality, they already have a baseline of protections in place—they just need to activate them. Michael shares examples of simple, low-cost ways to improve security posture, including free policy templates and vulnerability scans.

Additionally, he challenges nonprofits to shift their mindset around vendor relationships. Too many organizations fail to ask whether vendors offer nonprofit pricing or security guarantees—questions that could drastically reduce both risk and cost. And when vendors are breached, it’s often the nonprofit that must explain the damage to stakeholders, regardless of fault.

Throughout the session, with host Julia Patrick, the underlying message is clear: cybersecurity isn't about fear—it's about preparedness and resourcefulness. The greatest danger lies not in doing too little, but in assuming you’re too small or stretched to do anything at all.

00:00:00 Welcome and introduction of Michael Nouguier
00:01:30 Why cybersecurity is more expensive to ignore
00:03:10 How accounting firms became cybersecurity leaders
00:05:45 Budgeting vs risk: where to start
00:06:40 Leveraging existing tools like Microsoft and Google
00:08:20 Understanding identity and access integration
00:09:45 Why multi-factor authentication matters
00:11:30 Free services from CISA and others
00:14:10 Asking for nonprofit discounts on software
00:16:25 Why every nonprofit needs

Find us Live daily on YouTube!

Find us Live daily on LinkedIn!

Find us Live daily on X: @Nonprofit_Show

Our national co-hosts and amazing guests discuss management, money and missions of nonprofits!
12:30pm ET 11:30am CT 10:30am MT 9:30am PT

Send us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.com
Visit us on the web:The Nonprofit Show