This document discusses steps that small nonprofits can take to improve security and decrease risks. It begins with an overview of six security basics: strong passwords, anti-malware software, using an updated browser, keeping devices patched, backing up data, and installing a firewall. However, it notes that these alone are not sufficient, as there are ways to circumvent defenses like using cloud services, USB drives, rogue wireless networks, smartphones, and social engineering. The document provides tips on how to assess and respond to risks through mitigation, transference, acceptance, or avoidance. It suggests easy initial steps like inventorying devices and software, changing defaults, training staff, and limiting administrative privileges.