The 2020 Blackbaud breach exposed donor data from 1,400+ nonprofits worldwide. Your donors trust you with their names, email addresses, giving history, and payment information. IT Center delivers enterprise-grade security and managed IT built specifically for 501(c)(3) organizations — limited budgets, volunteer devices, and the compliance obligations that come with grant funding.
The Blackbaud breach exposed a fundamental vulnerability every nonprofit faces: your donor data doesn't only live in your office — it lives in the cloud platforms you subscribe to, and you remain legally and ethically responsible for it regardless of where the breach originates.
California's CCPA applies to nonprofits that collect personal information from California residents. If your organization holds donor data from California-based supporters, you have disclosure obligations when that data is breached — regardless of whether the breach originated on your systems or your vendor's. The California data breach notification law (Cal. Civ. Code § 1798.29) requires notification within 72 hours of discovery for most affected organizations.
The organizations that fared best after the Blackbaud breach were those that already had incident response plans in place, maintained their own secure data inventories, enforced multi-factor authentication across staff accounts, and had a managed IT partner monitoring for anomalies in real time. Those without a plan scrambled to notify tens of thousands of donors they couldn't fully protect.
Critical: Using Blackbaud, Raiser's Edge, or any cloud fundraising platform does NOT transfer your breach liability to the vendor. You remain responsible for notifying affected California donors under CCPA regardless of which party's system was compromised.
Attackers gain unauthorized access to Blackbaud's self-hosted environment, establishing persistence weeks before detection.
Blackbaud's security team detects and stops the attack — but not before attackers exfiltrate a copy of customer data and demand ransom payment.
Blackbaud pays the ransom and receives assurances the stolen data was destroyed. No independent verification is possible. The company does not immediately notify customers.
Blackbaud notifies affected nonprofit customers. Organizations scramble to notify hundreds of thousands of individual donors. Class action lawsuits begin immediately.
46 state Attorneys General investigate. The FTC charges Blackbaud with unfair and deceptive practices. In 2024, Blackbaud agrees to a $49.5 million settlement and sweeping security reforms mandated by the FTC.
Most nonprofit leaders significantly underestimate the volume and sensitivity of personal information their organization collects. Beyond obvious donor records, consider every touchpoint: event registrations, volunteer intake forms, grant applications, newsletter signups, payment processor records, and the metadata inside your email marketing platform.
If your nonprofit receives donations from California residents — and if you operate in Southern California, the overwhelming majority of your donors are California residents — you have obligations under CCPA and, for larger organizations, the California Privacy Rights Act (CPRA).
CCPA threshold note: CCPA applies to nonprofits meeting criteria including annual gross revenue over $25 million, buying/selling data of 100,000+ consumers annually, or deriving 50%+ of revenue from selling personal information. Many larger Southern California nonprofits and foundations cross at least one threshold.
Full legal names, email addresses, postal addresses, phone numbers, donor IDs, IP addresses from your donation portal
Credit card last-four digits, ACH routing records, donation amounts, recurring giving schedules, pledge commitments
Wealth screening data, giving capacity ratings, relationship maps, major gift prospect notes, board member connections
Government grant recipient records, program participant information, outcome data tied to individuals — often among the most sensitive data you hold
Employee SSNs, I-9 documents, direct deposit information, volunteer background check results, training records
Service recipient intake forms containing medical history, financial hardship details, or immigration status — highly sensitive under California law
For-profit IT solutions are designed for well-funded corporate IT teams. Nonprofits operate in a fundamentally different reality — and most MSPs don't understand the difference.
IT is rarely a board-approved line item without scrutiny. Donor funds are earmarked for mission delivery. Yet the cost of a breach — notification letters, legal fees, reputational damage, donor attrition — dwarfs any IT investment. IT Center navigates Microsoft Nonprofit grants, TechSoup discounts, and Google for Nonprofits to stretch every dollar further than you thought possible.
Volunteers bring personal laptops and phones with outdated operating systems, no endpoint protection, and credentials shared across dozens of personal accounts. When a volunteer device is compromised, your donor database is one click away. IT Center implements MDM policies and BYOD security controls that protect your data without alienating volunteers.
Attackers specifically hunt executive directors and board members because they have financial authority. Business Email Compromise (BEC) attacks targeting nonprofit wire transfers — including grant disbursements — are surging. A single spoofed email from a "board chair" can result in six-figure losses that devastate an operating budget.
Federal grants through HHS, HUD, DOJ, and FEMA increasingly require documented information security plans as a condition of award. Many private foundations now ask for security attestations in competitive grant applications. Nonprofits without them lose funding to organizations that have their IT house in order.
Many nonprofits are running donor management software from 2012, Windows machines kept alive because "they still work," and shared staff accounts with passwords unchanged since the organization was founded. Every outdated system is a potential entry point. IT Center performs full infrastructure audits and creates modernization roadmaps that respect your budget cycles.
Most nonprofits under 50 employees have no dedicated IT personnel. The executive director or office manager handles IT on top of their actual job. When ransomware locks your CRM during an annual giving campaign at 6pm on a Friday, there is no internal team to respond. IT Center is that team — available immediately, 24/7/365.
Social service nonprofits, faith-based organizations, and community foundations frequently operate across multiple program sites or shelter locations with inconsistent connectivity and no standardized IT setup. IT Center designs unified network architectures with centralized security management regardless of how many sites you operate.
Attackers craft spear-phishing emails impersonating major donors, grant funders, IRS agents, or the California AG's office. These emails look exactly like a legitimate inquiry your staff should respond to immediately. Advanced AI-driven email security stops these attacks before they reach inboxes.
$300 per computer user per month covers your entire IT environment — help desk, security, compliance, backups, cloud management, and strategic advisory. No per-ticket fees. No hidden charges when you have a crisis.
24/7 AI-powered monitoring of your Blackbaud, DonorPerfect, NeonCRM, or Raiser's Edge environment. We detect anomalous data access patterns — like bulk donor record exports at 2am — before they become breaches. Includes database access controls, audit logging, and quarterly security reviews aligned to your donor data inventory.
Blackbaud Breach ReadyMicrosoft donates or deeply discounts Microsoft 365 Business Premium for qualifying 501(c)(3) organizations — up to 10 free licenses for eligible nonprofits, then significant discounts beyond that. IT Center handles the application process, tenant configuration, security hardening, Exchange Online setup, SharePoint, Teams, and ongoing management. Most nonprofits overpay for licenses they could get free or at 75% off.
Microsoft Nonprofit PartnerSpear-phishing, BEC fraud, and impersonation attacks targeting executive directors and board members are neutralized before they reach inboxes. We deploy AI-driven email security with real-time sandboxing, link analysis, impersonation detection, and DMARC/DKIM/SPF hardening. Includes quarterly security awareness training for all staff and volunteers.
BEC Fraud ProtectionIT Center deploys mobile device management (MDM) using Microsoft Intune — included in your Microsoft 365 Nonprofit license — to enforce encryption, remote wipe capability, and application policies on volunteer devices without requiring them to surrender control of personal data. Includes streamlined volunteer onboarding and offboarding procedures to ensure no access lingers after a volunteer departs.
BYOD SecurityIT Center creates compliant Information Security Plans, conducts annual risk assessments, maintains audit trails, and provides the documentation your grant writer needs to answer cybersecurity questions in competitive grant applications. Federal grants through HHS, HUD, DOJ, and FEMA increasingly require these materials as a condition of award.
990 & Federal Grant ReadyRansomware attacks on nonprofits have accelerated since 2020. Attackers know nonprofits are less likely to have current backups and more likely to pay to restore donor records. IT Center implements immutable cloud backups with a 4-hour recovery time objective (RTO) for critical systems — meaning even a worst-case ransomware attack cannot halt program operations for more than half a day.
4-Hour RTOIT Center navigates the full landscape of nonprofit technology discount programs: Microsoft 365 Nonprofit grants, Google Workspace for Nonprofits, TechSoup product donations (hardware, software, cybersecurity tools), Salesforce.org discounts, and Zoom for Nonprofits. Most nonprofits leave thousands of dollars per year in available discounts unclaimed. We handle applications and renewals for you.
TechSoup AuthorizedYour staff calls or emails when something breaks. No ticket portal, no per-incident charge, no "that's out of scope." IT Center's flat-rate model means every support request — from a board member locked out of email before a meeting to a program director whose laptop won't connect to the donor database — is handled immediately, at no additional cost. After-hours and weekend support is included.
Unlimited SupportIT Center's team has direct experience managing, securing, and integrating the platforms nonprofits depend on daily — from Salesforce NPSP to Raiser's Edge to DonorPerfect.
IT Center manages NPSP configurations, user provisioning, data import/export security, Salesforce Shield encryption for sensitive donor and constituent records, and integration with accounting systems. We also support the transition from NPSP to Salesforce's newer Nonprofit Cloud architecture for organizations ready to upgrade.
Full Integration SupportIT Center manages secure access controls, single sign-on (SSO) integration, API security for connected applications, and implements the additional security layers the Blackbaud breach demonstrated were insufficient on the vendor side alone. We also help organizations evaluate whether Blackbaud products remain the right fit given ongoing security considerations.
Post-Breach HardeningAvailable free for up to 10 qualifying nonprofit employees and at $5.50/user/month beyond that (vs. $22/user commercial pricing). IT Center handles your nonprofit verification, tenant setup, Conditional Access policies, Defender for Business endpoint protection, Entra ID identity management, Exchange Online anti-phishing, and Teams governance.
Up to 10 Free LicensesIT Center secures DonorPerfect deployments by enforcing MFA on all user accounts, configuring IP allowlisting for administrative access, auditing data export permissions to prevent unauthorized bulk downloads, and integrating DonorPerfect with your Microsoft 365 identity management for single sign-on and unified access control.
Access Control HardeningIT Center manages NeonCRM API integrations with accounting software, enforces role-based access controls so program staff only access data relevant to their role, and monitors for unusual access patterns that could indicate a compromised staff or volunteer account attempting to export donor records.
Role-Based AccessQualifying nonprofits can receive Google Workspace for Nonprofits at no cost. IT Center handles the Google for Nonprofits eligibility application, Workspace configuration, security hardening including 2-Step Verification enforcement, Drive sharing controls, external access restrictions, and data loss prevention policies to prevent donor data from leaking through personal Google accounts.
Free for Eligible OrgsMost managed IT providers treat nonprofits like small businesses with discount pricing. IT Center understands the governance structures, compliance obligations, and operational constraints that make nonprofits fundamentally different.
Microsoft 365 Nonprofit, TechSoup donations, Google for Nonprofits, Zoom for Nonprofits, Salesforce.org — we manage every application, renewal, and eligibility verification. Most clients recover more than the cost of our services in technology savings alone in the first year.
Your donors chose to support your cause. A data breach costs more than money — it costs the trust of people who believed in your mission. Our security posture is designed from the ground up to protect donor relationships, not just satisfy compliance checkboxes.
At $300 per computer user per month with no per-ticket fees, no project overage charges, and no surprise invoices, IT Center fits into a nonprofit's annual budget with complete predictability. Board finance committees and auditors appreciate one clear line item covering all IT costs.
When grant applications ask about cybersecurity practices, data protection policies, and incident response plans, IT Center provides the documentation. We write the Information Security Plan, conduct annual risk assessments, and give your grant writer accurate, specific language for competitive applications.
IT Center is headquartered at 1159 Pomona Rd Suite B, Corona, CA — right in the Inland Empire — with service delivery across Los Angeles, Orange County, San Diego, Riverside, and San Bernardino Counties. On-site support is available throughout Southern California, not just remote-only service delivered from across the country.
Your board has fiduciary responsibility for data security. IT Center provides quarterly executive security briefings and board-ready reporting packages that translate technical risk into plain language, so your board can make informed governance decisions. We can present directly to your board on request — at no additional charge.
Faith-Based Organizations Welcome: IT Center serves churches, mosques, synagogues, and other faith-based nonprofits throughout Southern California. We understand the unique environment of faith communities — member records, online tithing platforms, worship service streaming infrastructure, and multi-campus network management — with the same flat-rate pricing and enterprise-grade security we bring to every client.
The nonprofit sector is not a regulatory-free zone. Depending on your funding sources, geographic reach, and program nature, your organization may be subject to multiple overlapping compliance frameworks — each with its own data security requirements. IT Center maps your specific compliance landscape during our free nonprofit IT assessment.
IRS Form 990, Part VI, Line 19 asks whether your organization made its governance documents and financial statements widely available. While not a direct cybersecurity question, IRS scrutiny of nonprofit governance increasingly extends to data stewardship practices — and state Attorneys General routinely cite 990 disclosures in breach investigations.
Grants California donors the right to know what data you hold, request deletion, and receive breach notification. Applies to nonprofits meeting threshold criteria.
IRS Publication 4557 (Safeguarding Taxpayer Data) applies to nonprofits handling donor tax receipts and financial records containing SSNs and TINs.
Nonprofits receiving significant federal funding may face SOC 2-aligned control requirements or Single Audit (2 CFR Part 200) information security assessments.
Nonprofits providing health services, mental health counseling, or substance abuse programs must comply with HIPAA Security Rule requirements for electronic protected health information.
If your organization processes credit card payments online or in-person at events, PCI DSS requirements apply. Non-compliance can result in loss of payment processing privileges critical to online fundraising.
Youth-serving organizations, after-school programs, and camps that collect any personal information from children under 13 must comply with the Children's Online Privacy Protection Act.
We'll evaluate your current IT environment, identify gaps in your donor data protection posture, map your compliance obligations, and show you exactly what IT Center would cost — all at no charge. Most nonprofits are surprised by how many discount programs they're eligible for but not using.
Our assessment covers your Microsoft 365 or Google Workspace configuration, donor database access controls, email security posture, backup status, and volunteer device situation. We provide a written summary with prioritized recommendations you can act on immediately — whether you hire us or not.
We respond within one business hour Mon–Fri, 8am–6pm PST. For urgent security incidents, call (888) 221-0098 — available 24/7.