Cybersecurity is important, but you don’t need to pay big bucks to improve your organization’s cybersecurity posture. I’ve compiled a list of the top 10 free cybersecurity resources and tools that are available to help protect your organization. 

10 Free Cybersecurity Resources


  1. Enable MFA: This is the most effective tool that is available to protect your digital identity. Research shows that MFA with an on-device prompt is 100% effective in blocking automated bot attacks. Both Microsoft and Google provide access to MFA for free as part of the Office 365 and GSuite Platforms. Here are the enrollment guides for each. 
  2. Password Manager: Ideally each site that you login to should have a unique password to go along with it. If you’re like me, you login to hundreds of sites, which makes the management of passwords impossible. Here are some free password manager tools to get you started. 


  1. Security Awareness: The National Cybersecurity Alliance has put together some great resources to get you started in the area of security awareness Training. The STOP THINK CONNECT site has basic tips and advice along with posters and checklists for good cybersecurity practices.  – 
  2. After Cybersecurity awareness I think that Policy is the next most important thing to get right. SANS has a good library of templates that can be used to provide a reference for your organization’s own IT Acceptable Use Policy. There are also policy templates for backup and disaster recovery and a security response plan.
  3. Community IT offers free webinars on a range of topics. We’ve covered nonprofit cybersecurity readiness, incident response and Windows end of life planning. You can access the full library lof slides and records here:
  4. In addition to our webinar series, we’ve invested in a NIST based Cybersecurity Risk Assessment Tool. This online resource provides a heatmap recommendation of areas to prioritize to improve your organization’s cybersecurity. You can request access to the tool here
  5. If you need more ammunition to educate staff or leadership, Check out Have I been pwned – this website collects the results of published databreaches and allows you to search the results. Put in your email to see how many times data has been leaked. My email is on 4 known breaches, so make sure you’ve got that MFA in place and are using unique passwords! 


  1. Keeping your Operating system up to date is important, both Microsoft and Apple make that process relatively easy. We know that only about half of known vulnerabilities are in the OS, and the remainder are in the applications that are installed on top of the OS. Keeping these third party apps updated is a foundational component of cybersecurity.
  2. Doing the work to secure your infrastructure. A key element of security is verifying that the work you’ve done has actually been effective. Qualys, a big cybersecurity vendor, provides a number of free assessment tools that can validate that systems are up to date and configured correctly:  
  3. We’ve seen a spike in business email compromise attacks. These attacks evade most anti-spam solutions, so a new type of technology is required to combat it. Barracuda has a free resource that you can use to see just how many attacks have make it into your Office 365 environment. You can access the tool here: 

Bonus Targeted Resources: 

Free services are a great way to get started with improving the cybersecurity of your organization, however some solutions are worth investing in. In my opinion here are the three things that are worth paying for.

Three things to pay for 

  1. Security Awareness Training. Equipping your staff to be able to identify malicious links and understand good security practices provides a very high level of return on your investment. We like KnowBe4 because of their robust online platform, deep library of training resources and affordable pricing. Community IT is a KnowBe4 partner and can provide both the platform and the management of the system to ensure that staff are effectively engaged.
  2. Business email compromise protection. You can get a free scan from Barracuda to see what’s slipped past your email defenses, for full protection against spoofed emails you need to pay. I’ve been very impressed with the Barracuda Sentinel tool, which in addition to business email compromise protection also provides DKIM/DMARC management and account takeover protection. 
  3. With the evolution of the cloud, IT was supposed to get less complicated, not more complicated. Organizations now have cloud resources, on premise assets and staff working from all over the place it makes an effective cybersecurity program more complex. Once an organization has the basics down, then it makes sense to invest in a Cybersecurity Assessment. Our assessment process at Community IT is rooted in our deep experience in supporting nonprofit technology since 1993. Our report contains an assessment of the maturity of the organization across 8 domains, and more importantly includes a prioritized list of recommendations with an associated budget and implementation roadmap. 

Contact us (form below) for more resources for your nonprofit. We love talking security and can perform a risk assessment and help you develop your strategic cybersecurity plan. Hopefully these 10 Free Cybersecurity Resources (and 3 to pay for) are helpful as you plan your cybersecurity strategy.

To watch a video on these 10 tools check out our webinar.

Cybersecurity Expertise

As the Chief Technology Officer at Community IT and our resident cybersecurity expert, Matthew Eshleman is responsible for shaping Community IT’s strategy around the technology platforms used by organizations to be secure and productive. With a deep background in network infrastructure, he fundamentally understands how technology works and interoperates both in the office and in the cloud.

Matt joined Community IT as an intern in the summer of 2000 and after finishing his dual degrees in Computer Science and Computer Information Systems at Eastern Mennonite University, he rejoined Community IT as a network administrator in January of 2001. Matt has steadily progressed up at Community IT and while working full time received his MBA from the Carey School of Business at Johns Hopkins University.

Matt is a frequent speaker at NTEN events and has presented at the Inside NGO conference, Non-Profit Risk Management Summit and Credit Builders Alliance Symposium. He is also the session designer and trainer for TechSoup’s Digital Security course.