Why Free Cybersecurity Help for Non-Profits Is More Than Charity, It’s a Necessity
Afroza Hossain
In an age where hackers can bring down entire government websites and utilities, it’s hard to imagine that most non-profits in Quebec organizations that fuel our communities are left defenseless. Yet that’s the stark reality many face. They operate below what cybersecurity experts are now calling the “cybersecurity poverty line,” unable to afford even the most basic protection against cyber threats.
That’s why the new pilot project led by Polytechnique Montréal, offering free cybersecurity audits to non-profits, is not just a generous initiative it’s a critical public service. Funded by a $1.3-million grant from Google, the “cybercitizen assistance network” is training students to assess digital vulnerabilities under the supervision of professors. In doing so, it helps non-profits strengthen their digital defenses while also shaping the next generation of cybersecurity professionals. It’s a win-win that should be replicated across Canada.
Non-profits may not have corporate-scale budgets or dedicated IT teams, but they are just as exposed to cyber threats as big companies perhaps even more so. From phishing scams to ransomware attacks, these organizations are soft targets. And when they fall victim, the impact ripples far beyond balance sheets; it affects the people they serve, the data they hold, and the trust they’ve built in their communities.
Marc Gervais, executive director of IMC² the cybersecurity institute behind the initiative makes a crucial point: many of these organizations lack even basic “cyber hygiene.” That means no formal incident response plans, no dedicated staff to monitor threats, and no written procedures to follow in case of an attack. It’s not because they don’t care, but because their limited budgets are usually stretched to serve their mission first.
Take the example of Montreal’s Institut du Nouveau Monde, one of the first beneficiaries of the program. Their operations director, Louis-Philippe Lizotte, admitted cybersecurity wasn’t exactly top of mind until they joined the pilot. With the audit’s help, they now know where they stand and how to improve. “We are not that far away from having the best practices,” Lizotte said, sounding both relieved and empowered.
Beyond protection from hackers, this project is also helping non-profits comply with Quebec’s 2021 privacy law a tough but necessary framework that holds all organizations accountable for the personal data they handle. Non-profits are now required to get explicit consent for data collection and maintain records of confidentiality incidents. But without expert guidance, many risk breaking the law without realizing it.
What makes this project remarkable is its adaptability. As project manager Fyscillia Ream explained, the audits are done online, making it possible to reach non-profits across the province, even those far from major cities. The team doesn’t just hand over a report they provide tailored follow-up, from staff training to awareness programs. It’s not just about fixing weaknesses; it’s about teaching organizations how to stay safe on their own.
The truth is, this isn’t just a Quebec issue. As Gervais rightly notes, non-profits across Canada face the same vulnerabilities. The time has come to think nationally. We need a pan-Canadian network that provides free or low-cost cybersecurity support for non-profits a safety net for the digital age.
Cybersecurity shouldn’t be a luxury reserved for those who can afford it. It should be a basic right especially for organizations dedicated to public good. If we expect non-profits to keep serving our communities, we owe it to them to make sure they can do so safely in a digital world that’s becoming more dangerous by the day.
