Information security is a hot button topic across all industries and new reports of security incidents and data breaches is a near daily occurrence. Much is known about recent trends and shortcomings in information security in the public and private sectors, but relatively little research examines the state of information security in nonprofit organizations. The underlying missions of nonprofit organizations, composition of their workforce, and their reliance on grants and donations for revenue generation streams set nonprofits apart from private business. These facts warrant an examination of information security of nonprofit organizations separate from private or commercial groups. This paper examines the state of information security in nonprofit organizations with results obtained by surveying volunteers or employees at nonprofit groups in two areas of Illinois. A qualitative discussion using observations gained from direct analysis of the security status of three organizations as part of student service learning projects is presented as well.