The One Extra Step that Protects Donor Trust in Chicago Nonprofits: MFA

Plain‑English guide for busy nonprofit leaders across Chicago and the near suburbs.

Let’s make this simpler

I see how much you juggle—board deadlines, year‑end appeals, volunteers, and a hundred quiet tasks no one sees. You don’t need a scary security lecture. You need one extra step that keeps donor and client data safe without slowing the mission.

That step is MFA (Multi‑Factor Authentication).

In normal words: MFA means “put a second lock on the door.” Even if someone guesses a password, they can’t get in.

Why it matters here in the Chicago area?

• Fundraising season is intense. Year‑End and GivingTuesday can light up your inbox. Attackers know this.
• Volunteer turnover is real. Accounts change hands; MFA helps prevent gaps.
• We’re hybrid. Staff might work from the Loop one day and Oak Park the next. MFA travels with them.
• Compliance pressure. If you handle donor payments, health info, or client records, MFA is now table stakes.

We support nonprofits across the Loop, West Loop, River North, South Loop, Near North Side, Pilsen, Bronzeville, Hyde Park, Evanston, Oak Park, Skokie, Oak Brook, Naperville, North Side, Western Suburbs, Southwest Suburbs and South Suburbs. The patterns are the same: one missed setting creates a long week.

A quick nonprofit story

During a security assessment at a large nonprofit (about 70,000 user accounts), consultants uncovered roughly 150 accounts that had already been compromised via leaked usernames. The organization rolled out MFA across its identity systems (along with CAPTCHA, stronger passwords, and a web application firewall). Result: attempted account takeovers began failing at the login screen because attackers couldn’t pass the second factor; no donor or client records were accessed during the cleanup.

What this means for Chicago organizations: you don’t need to be huge for this to matter. Turn on MFA for your donor systems and email first, then expand. It’s the fastest way to stop the most common attacks.

Where to turn on MFA right now

• Email & files: Microsoft 365/Outlook, OneDrive, SharePoint; or Google Workspace/Gmail/Drive.
• Donor systems: Salesforce NPSP, Blackbaud (RENXT, Financial Edge), DonorPerfect.
• Finance: Online banking and expense tools, HR and payroll systems.
• Case or client data: EHR/case‑management platforms if you store sensitive records.

Tip: Start with accounts that touch money or PII (personally identifiable information). Then cover the rest.

Fast setup: 3 platform mini‑guides (non‑technical)

Microsoft 365 (Outlook, OneDrive, Teams)

1. Admin Center → Entra ID / Azure AD security → turn on Security Defaults (or create a simple Conditional Access policy) to require MFA for all users, including volunteers and board members.
2. Ask staff to enroll the Microsoft Authenticator SMS is okay as a bridge, authenticator app codes are better.
3. Add break‑glass access for emergencies (we’ll handle this so it stays safe).

Salesforce Nonprofit Success Pack (NPSP)

1. In Setup → Identity → Multi‑Factor Authentication: require MFA for all internal users.
2. Users: Advanced User Details → MFA → choose Authenticator/App Passcode.
3. For occasional volunteers, set Session Timeout shorter and enable Login IP Ranges if needed.

Blackbaud (RENXT / FE NXT)

1. User profile → Account Security → Two‑Step Verification → turn on.
2. Use an authenticator app (codes every 30 seconds). Keep recovery codes in a secure shared vault.
3. Review admin accounts first; then finance; then everyone else.

“But what about…?” (real‑world hurdles)

• Board members who hate smartphone apps: Offer text codes at first, then move to the app later.
• Event volunteers: Create temporary accounts with end dates. MFA still required.
• Lockouts fear: We set up backup methods including self-serve password reset ability. You won’t be stuck.

Plain‑English check: If a person can move money, see donor data, or open HR files, they need MFA today.

Minimal time, maximum coverage

Microsoft 365 Cloud Assessment:

1. 15‑minute MFA Readiness Check (remote): we map your critical logins by inspecting your MS365 environment.
2. 90‑minute enablement (remote or on‑site): we turn on MFA for priority apps, add backups, and test.
3. 30‑minute training per cohort (staff + volunteers): calm, hands‑on, zero jargon.

Result: your mission runs; your data stays put.

FAQ

Will MFA slow us down? After the first week, it’s quick. Most apps remember trusted devices.

Do volunteers really need it? If they touch donor lists, yes. If not, we’ll scope access correctly.

Is an authenticator app required? It’s best. Text codes are acceptable as a starting point.

Can we do this during Year‑End? Yes. We start with finance and donor systems, then expand.

We’re in the suburbs—will you come on‑site? Yes. We serve nonprofits all over the Chicago metro area.

Next step (zero pressure)

Book a 10‑minute MFA Readiness Check. We’ll show you exactly where MFA helps most, turn it on, and train your team—without drama.

On‑site available across Chicago & beyond. Remote works great too.

• Preferred contact: Book a 10‑min MFA Check 
• Or email sales@rwksolvesit.com | Call (877) 795‑4801

About us

We’re a Chicagoland MSP focused on nonprofits. Think of us as your calm, plain‑English tech team. We sponsor local events and partner with community organizations. Ask about our GivingTuesday MFA Readiness.

Service area: Loop, West Loop, River North, South Loop, Near North Side, Pilsen, Bronzeville, Hyde Park, Evanston, Oak Park, Skokie, Oak Brook, Naperville, North Side, Western Suburbs, Southwest Suburbs and South Suburbs and beyond.