Cyber Security and the Essential 8 Security Framework for Not-For-Profit Organisations

With cyber attacks on the rise, cyber security is at the forefront of every business operator’s mind and, according to the Microsoft Digital Defence Report 2022, not-for-profit organisations (NFPs) are the second most cyber-targeted industry. The report suggests NFPs are particularly vulnerable to cyber attacks because organisations often don’t have the resources to implement robust security measures.

Fortunately, the Australian Cyber Security Centre (ACSC) has developed the Essential 8 Security Framework as a guide to help all Australian businesses protect their data and systems from cyber threats. Let’s look closer at this framework and how Microsoft 365 and Azure can help your organisation achieve affordable data security.

What is the Essential 8 Framework?

As mentioned earlier, the Essential 8 Security Framework, sometimes called the Essential Eight or ASD Essential Eight, was developed by the Australian Cyber Security Centre (ACSC) to guide organisations in protecting their computer systems and data from cyber threats.

The framework outlines eight key security strategies organisations should implement to reduce their risk of a successful cyber attack. These best practice cyber security controls are:

  1. Configuring Microsoft Office macro settings
  2. Application whitelisting
  3. Patching applications
  4. User application hardening
  5. Patching operating systems
  6. Restricting administrative privileges
  7. Multi-factor authentication (MFA)
  8. Daily backups

Ultimately, these eight strategies have three primary objectives: preventing cyber attacks and limiting attack impact and data availability.

Why is it relevant for not-for-profit organisations?

If you manage an NFP, you’re already aware of your organisation’s growing reliance on technology for day-to-day operations. Whether it’s online banking, managing donor information, coordinating fundraising activities or running your social media campaigns – it all takes place on computers and mobile devices, which are open to cyber attacks. Unfortunately, opportunistic cybercriminals know that NFPs hold confidential and sensitive client data and are perceived as an easier target because of the sector’s limited resources to implement cyber security measures. Consequently, hackers are more likely to target not-for-profit organisations because of the large volume of mobile devices used by frontline workers which gives attackers’ better chances of accessing data or systems without detection.

Considering the impact of a cyber breach to NFPs, which ranges from reputational damage to compromising clients, implementing the Essential 8 Security Framework protocols to protect against potential cyber threats is essential. Ultimately, the Essential 8 Framework provides your organisation with the basics to ensure your data is secure from malicious cyber attacks.

“Also, what many not-for-profit organisations don’t realise,” says Brenton Harris, Managing Director of Bremmar, “is that many grants available to not-for-profit organisations require a minimum level of cyber security to be in place to qualify.”

Get your free Essential 8 Security Assessment Report

Protect your valuable customer data from cyber-attacks with Essential 8 security framework. Assess your baseline today. Take our free assessment to get a summary report of your compliance level and secure your not-for-profit organisation.

Assess your level of compliance against the Essential 8 Framework with this tool developed specifically for Not-For-Profits
Take our free assessment now!

How can Microsoft 365 and Azure help achieve the Essential 8 Framework?

Microsoft 365 (M365) and Azure provide a comprehensive suite of cyber security tools to protect your organisation’s data.

With Microsoft 365, for example, you can implement multi-factor authentication, one of the key components of the Essential 8 Framework. This provides an extra layer of security by requiring users to enter a code sent to their mobile device or email address in addition to their username and password.

However, Microsoft 365 Business Premium licensing comes with many other security features to help you achieve the Essential 8 framemework:

On the other hand, Azure allows you to take advantage of advanced security features such as threat detection, which can detect and alert you of suspicious activity on your network. Azure also provides a secure cloud-based platform for storing and managing data and tools for monitoring user access and activity. M365 and Azure each offer advanced analytics that allows organisations to understand potential threats better before they become serious issues.

As an NFP, you will have access to Microsoft licenses and security tools at a discounted price.

“As an NFPdigital transformation consultancy, we love nothing better than helping clients save costs by taking full advantage of their available software.” 

“If you have a Microsoft 365 Business Premium license, you already have access to all the tools you need to comply with the Essential 8 Security Framework level 1 (most basic). Microsoft also offers USD3.5k in donations towards NFP Azure subscriptions,” explains Brenton.

What else can NFP’s do to boost your cyber security?

Further to implementing the Essential 8 Framework and cyber security tools, your

organisation should consider other measures like:

  • Establishing a security owner within the organisation
  • Knowing where you stand right now
    • a) Understand full scope of what needs protecting
    • b) Ensure you prioritise the biggest risks first
    • c) Use our online Essential 8 Assessment for NFP
  • Leveraging security frameworks & tools, such as NIST
  • Evaluating what external security help you require
    • a) Evaluate in house capability
    • b) Evaluate capability of existing partners
    • c) Consider engaging a cyber security partner
  • Training volunteer staff on cyber security best practices.

Similarly, it is now best practice to ensure a data breach response plan is part of your policies and procedures. All Australian businesses with an annual turnover of $3 million must report data breaches or cyber attacks to impacted customers and the Australian Information Commissioner (OAIC) within 72 hours.

By taking the time to implement the Essential 8 Framework and other cyber security measures, protecting your NFP against malicious cyber attacks is possible.

Get professional help

At Bremmar, we understand your unique challenges as a not-for-profit when protecting your organisation’s digital assets from cyber threats. That said, we specialise in helping all our clients navigate the complex world of new technologies and ensure their data is well protected. 

“The good news is if you already have Microsoft 365, you have the tools to comply with the first level of the Essential 8 Security Framework,” says Brenton.

Unlike other IT service providers, Bremmar has extensive experience providing tailored solutions designed specifically for not-for-profits. So, talk to us when you want to learn where your organisation stands against the Essential 8 Security Framework, including a full report on your compliances and risks.


The Essential 8 Security Framework is an important tool for your not-for-profit organisation in protecting its data from cyber threats. Microsoft 365 and Azure provide a comprehensive suite of security tools to help organisations comply with the framework.

Other measures to boost cyber security including assigning a security owner within the business, knowing where you stand from a security standpoint right now, evaluating if you need external help  and training volunteer staff on cyber security best practices.

Finally, it is essential to have a comprehensive incident response plan in case of any data breaches or cyber attacks.

At Bremmar, we understand the unique challenges you face as an NFP and are here to help you navigate the complex world of new technologies and ensure that your data is well protected. We aim to make it easier for you to implement cyber security best practices so you can focus on doing what you do best – making a positive impact in our world. 

Free Essential 8 security assessment
Take our free assessment to get a summary report of your compliance level and secure your not-for-profit organisation.

Further reading

Are outdated manual processes holding your business back?

Transform the way you digitise your business processes.

How to build a comprehensive security suite with your existing M365 licensing.