• Midterms Hub

    Now more than ever, the organizations serving the people harassed by this administration are most at risk—not just from random cyber attacks, but from surveillance and overreach.

    Organizations must be able to operate without interference to keep their communities safe.

Hackers and bad actors may use the US midterm elections as a moment to erode nonprofit privacy and independence. As external communications, social media campaigns, press pitching, visibility at demonstrations and counter protests, and fundraising appeals ramp up in preparation, they'll also increase their scrutiny on advocacy groups.

Privacy is protection.

We put together this list of resources to help organizations get the information they need to remain resilient, autonomous, and safe to do the work that matters. We’ll update it periodically, so make sure to check back.

This year will hold significant challenges. Let’s face them together.

Understanding the Risks

  • As soon as possible is ideal. We offer resources below that you can get started using today, as well as resources that will carry your organization through to the midterms and beyond.

  • We always advocate for nonprofits to proactively secure their data. However, the run up to an election creates a unique high-risk cyber security environment.

    1. Historically, attacks increase during an election cycle both due to increased visibility (more email campaigns, fundraising asks, and press coverage, for example), as well as malicious activity that targets organizations connected to the democratic process.

    2. When political tensions rise, nonprofits are targeted because they gather and store sensitive data.

    3. Disinformation drives election results.

    4. AI threats are predicted to increase in sophistication during the 2026 election cycle.

    5. Disruptions to an organization’s day-to-day operational work disturbs its mission-critical work.

    6. Most nonprofits rely on vendors to carry out important tasks. If a vendor is compromised by a politically motivated attack, the nonprofit may also be exposed.

    These are just a few of the reasons why nonprofit professionals need to be thinking about increasing cyber security efforts before the 2026 midterm election.

  • Cyber security should be a public good. This page provides free and free-ish live resources. Luckily, there is a lot you can do to increase the organization’s security with the hardware and software you’re already using. We’ve put together free resources, blog posts, and live events that will help you start increasing your organization’s cyber security.

  • Short answer: yes. Even if the organization is not legally allowed to support or oppose candidates, it is still worth taking precautions if any external messaging will be focused on promoting civic engagement, voter registration, canvassing, fundraising, or other approved (c) (3) activities.

  • Largely, the risks are the same as any other time of the year, but because of increased visibility, the risks are heightened. They may include:

    • Phishing, malware, and account compromise

    • Ransomware attacks

    • Data breaches, exposing constituent information

    • Sensitive information exposure, putting donor data at risk

    • Website hacks, damaging org reputation

    • Social media hacks, including the creation of fake accounts

    • Disinformation campaigns, which confuse the public and erode trust

    • AI-enabled threats, like deepfakes, impersonation campaigns, and phishing

  • Start with the “Getting Started” section for steps you can take today.

Getting Started

  • Build Consistency and Stay on Top of Security Tasks with Our Calendar

    Add the Calendar

  • Map Out Your Security Inventory to Understand What Needs to Be Protected

    Get the Template

  • Make Progress Today on These Cyber Security Tasks

    Read More

Internal Recommendations

  • How to Get Cross-Departmental Buy-in for Cyber Security Work

    Read More

  • Take These Easy Steps Ahead of a Major Fundraising Moment

    Read More

  • Best Practices For Protecting a Nonprofit’s Critical Data

    Read More

Working with Vendors and Service Providers

Managing Email, Website, and AI

  • Best Practices for Email Security

    Read More

  • Must-Haves For Email Security & Deliverability: SPF, DMARC, & DKIM

    Read More

  • Key Elements of an AI Policy Blueprint

    Read More

Showing Up in Your Community

Get Live Help

Speak Directly with a Cyber Security Expert

Free 30-minute consultations for nonprofits and mission-driven organizations with no obligation

Schedule a Consultation

Cyber Security Office Hours for Nonprofits

A space for nonprofit professionals to drop in and ask questions

Save Your Spot

Cyber Security Foundations

Our course designed to help secure organizational operations alongside a cohort of peers

Learn More

Tools and Resources We Recommend

  • Take extra precautions against doxxing and protect your staff. To protect your social media accounts from security and privacy issues, check out Block Party.

  • If you want to stick with Google Chrome, try Chrome Enterprise for additional controls and security capabilities for your organization.

    If you want to break up with Google Chrome, Brave removes ads and spyware.

  • Password managers like 1Password are a must-have for nonprofits in 2026.

  • Take advantage of Project Galileo, a free service from Cloudflare specifically for nonprofits. It acts as a filter to protect your website from attacks, and they often partner with local organizations to provide support with implementation.

  • If you’re using Microsoft 365, consider using their built-in Purview Message Encryption feature, which allows you to send an encrypted email message to anyone’s email account. The user will receive a notification that they can log into a portal to review the email and reply.

    For Google Workspace users, a similar secure email portal like Microsoft 365 does not exist. You’ll need to pay for a higher-level Google Workspace plan and configure encryption keys for each recipient. For this reason, you might consider purchasing a secure email system.

    • If your organization relies heavily on Google Workspace and you need help cleaning up your Google Drive file/folder sharing, check out GAT Labs.

    • Make sure your Google Drive is in compliance with legal and regulatory requirements. Use Google Vault to define data retention periods.

    • As with most programs, Google Workspace’s default settings aren’t the most secure. Use these security checklists organized by organization size to strengthen your org’s privacy and security.

  • Your Microsoft 365 settings are most likely not as secure as possible. Refer to Microsoft’s best practices to increase privacy and security.

  • Your organization’s Slack settings are most likely not as secure as possible. Check out Slack’s cyber security recommendations to protect your workspace.

Contact Us

If you need further assistance ahead of the midterms, please reach out to outreach@riprapsecurity.com.

Don’t delay. By strengthening your defenses against overreach proactively, we can ensure your nonprofit remains resilient, autonomous, and safe to execute its mission on the road to the midterm elections.