Employees are critical to your nonprofit’s cybersecurity. If they aren’t knowledgeable about social engineering schemes or safe browsing, they could open the door to hackers. Teach them how phishing, “vishing” and “smishing” scams work, and how to evade them. Also discourage mixing of personal and work accounts. Staffers shouldn’t access your nonprofit’s accounts on their own phones or visit sites unrelated to their work from your nonprofit’s computers. Finally, keep in mind that while substantive content is critical to an effective training program, the format should be interactive.