Nonprofit Radio for December 6, 2013: Brandraise to Fundraise & Safeguard Your Donor Data

Big Nonprofit Ideas for the Other 95%

I Love Our Sponsors!

Sponsored by RallyBound peer-to-peer fundraising for runs, walks and rides. Also sponsored by TBRC Cost Recovery, getting you money back from phone bill errors and omissions.

Listen live or archive:

My Guests:

Sarah Durham: Brandraise to Fundraise

Sarah Durham and Tony at Fundraising Day 2013
Sarah Durham and Tony at Fundraising Day 2013

Sarah Durham is principal and founder of Big Duck, communications consultants for nonprofits. People need to know you before you can ask them for money. What is brandraising and how does it pave the road to fundraising? (Recorded at Fundraising Day in June)

 

 

 

Scott Koegler: Safeguard Your Donor Data

scottkoegler2009-150Now that you have donors, how do you best preserve and protect their information? Scott Koegler is our tech contributor and editor of Nonprofit Technology News.

 

 

 

 


Top Trends. Sound Advice. Lively Conversation.

You’re on the air and on target as I delve into the big issues facing your nonprofit—and your career.

If you have big dreams but an average budget, tune in to Tony Martignetti Nonprofit Radio.

I interview the best in the business on every topic from board relations, fundraising, social media and compliance, to technology, accounting, volunteer management, finance, marketing and beyond. Always with you in mind.

When and where: On Fridays at 1pm Eastern: Talking Alternative Radio

Sign-up for show alerts!

You can also subscribe on iTunes to get the podcast automatically.

Sponsored by:
rallybound-banner logo

TBRC logo

View Full Transcript
Transcript for 170_tony_martignetti_nonprofit_radio_20131206.mp3

Processed on: 2018-11-11T23:05:22.294Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2013…12…170_tony_martignetti_nonprofit_radio_20131206.mp3.295926801.json
Path to text: transcripts/2013/12/170_tony_martignetti_nonprofit_radio_20131206.txt

Hello and welcome to tony martignetti non-profit radio big non-profit ideas for the other ninety five percent i’m your aptly named host feels so good to be back in the studio after our thanksgiving break. I hope you loved your thanksgiving and i hope you were with me two weeks ago. I’d be forced to endure ketoacidosis if i came to learn that you had missed empower your volunteers. Karen brewster is executive director of wreaths across america. They have grown their volunteer support enormously, and she explained how that was recorded at bebe khan twenty thirteen this past october and what’s their style. Maria simple returned she’s, the prospect finder and our prospect research contributor. We talked about the disk assessment tool to figure out whether your potential donors are dominant, influencing steady or cautious. Plus she had her sixty seconds style stop this week brandraise to fundraise. Sarah durham is principal and founder of big duck communications consultants for non-profits people need to know you before you can ask them for money. What is brandraise ing and how does it pave the road to fund-raising that was recorded at fund-raising day in june and safeguard your donordigital now. That you have donors, how do you best preserve and protect their information? Scott koegler is our tech contributor and the editor of non-profit technology news between the guests tony’s take to create a culture of philanthropy throughout your non-profit it’s a panel discussion that i hosted were supported by rally bound peer-to-peer fund-raising for runs, walks and rides, and by t b r c cost recovery. Getting you money back from phone bill errors and asians here is brandraise to fundraise welcome to tony martignetti non-profit radio coverage of fund-raising day two thousand thirteen, we’re in midtown manhattan in times square at the marriott marquis hotel, and my guest now is sarah durham. She is principal and founder of big duck, and her seminar topic is brandraise to fundraise, build your house before you throw a party. Sorry, europe. Welcome. Hey, thanks, tony. Thanks for having me. My pleasure. Tell me about the big duck agency. So i started big deck in nineteen ninety four and so were nineteen years old. We work exclusively with non-profits to help them communicate more effectively. I love the conciseness. Thank you. Thank you. What is brandraise ing brandraise thing is a model. We’ve developed over many, many years of working with non-profits to help wth, um, rebrand largely in order to be more effective at communicating with donors, clients and other key constituents, and it’s, a model that integrates, um, best practices from the for-profit world with some non-profit reality’s like, where should the board be involved in branding, or how does your vision mission of values integrate into the work? So we do recognize that there are lessons to be learned from the corporate side there definitely are, although i would say that many a non-profit i don’t think you can be too black and white about that. I think there are lots of great lessons to learn from the for-profit world, but what works in the for-profit world does not always work in the nonprofit world, and so, you know, that’s the challenge for sure, yeah, all right, how do we get started with identifying our brand and starting this process? Well, a lot of organizations usually back into thinking about their brand because there’s another challenge that has forced them to deal with it. So for instance, they want over how their website and their thinking before we overhaul. That web site we should really sort out, you know, the problems. We have their name or the challenge with our logo, and so they kind of end up, you know, sort of through the side door getting into branding. But we’re big advocates for rethinking your brand any time you go through a significant change after strategic planning. So strategic planning should come first. But then, if your strategic plan mandates a shift in communications, that’s a really good time to revisit the brands are now brand is much deeper than just logo and name and tagline, right? Absolutely. Help us understand how how what death is. Yeah. It’s. A great question. And i would argue that your brand begins with a clear strategy that everybody in the organization is aligned with what’s. The big idea you want to communicate? We call that positioning there’s a strategic plan it’s for grows right out of your strategic plan. And then also, what is the personality of the organization? What? How does it, what tone and style does it want to use to communicate? For instance, an organization like pita has a very different communications personality than the cia. Right on. Dh that personality can influence not only communications but programs themselves. Okay, the other piece i would say about a brand is that it’s not just what the organization produces it’s also, how you’re perceived externally and your reputations so there’s a very fluid wall between what happens inside and what happens outside. But how do we find out this, how we’re perceived outside, you really have to do some research, and sometimes that research is done in a very on the flaw, i’ve seen organizations to great kind of on the fly, a qualitative research, they just talked to their clients, talk to their donors really kind of have a feeling for how they’re perceived other organizations it’s done through market research, you know, focus groups, surveys that kind of stuff, okay, so it doesn’t have to be a formal process now with a lot of money and expensive, not at all and that’s. One of the reasons i wrote the book brandraise ing is that none of this is rocket science. It’s it’s pretty easy to do the hardest part is knowing what to do and facilitating process, particularly with non-profits that have the right people involved and has buy-in at key junctures, so but doing research is pretty easy to do on your own. In fact, um, i talk about in the book, and i years ago recorded a podcast about how to do your own research. Okay, well, let’s, take one of the time i was going to give you a shout out for the book at the end. You go ahead. You mentioned it. So, what is the name of your book? The book is called brandraise ing and, uh, yeah, it came out in twenty ten. Published by josie bass. Okay, on dh your podcast. What was that called? The podcast is kind of. You can find it on itunes and other places, but we don’t keep it up to date is called the non-profit jungle. And we did want about doing your own research, which is about how you create a facilitators guide and facilitate informal focus groups. You can also just use two is like serving gizmo and surveymonkey to do some interesting research. If you have a list to send it to. Oh, interesting. I say a little more about that. How can we use these free tools? Well, so for instance, if you’ve got let’s, say you’ve got a donor database of a few thousand people who give to you in a mid level, and those people also get your e news, you might embed a survey and your e news and ask them just two or three questions that might help, you know, help get a sense of of what they think about your organization or why they’re connected, and and that often informs the branding work you do. But but oftentimes with branding it’s also really useful to go back to that group and to test so if, for instance, we’re re branding in non-profit we might create two different brochures and then informally walk into a programme space and grab a couple clients and say here’s two different brochures, does one speak to you more than the other? Or is there anything that you would find inappropriate or offensive about this content? You can do that with donors, tio, but, you know, that kind of field testing is often a great former research, okay, excellent and this’s all about having people well, having people understand and having a consistent message about what you do, how you do it what the outcomes are absolutely, i often remind people in the nonprofit sector that if you look at big for-profit companies like coca cola or target or starbucks, they have much more money and a much deeper bench of staff than most non-profits due to communicate, but yet you don’t see them change their color change the logo. I had a conversation with somebody here earlier about wanting to create an anniversary your logo, which i was advising her not to do because you want every type of communication you put out there to reinforce the essence of who your organization is, and i would rather that all ladder up to the core rather than being fractured. If tiffany every few years said, you know what, let’s make the box pink this year, they would lose the equity of that blue box, which is, you know, a court of their brand, but we do that all the time in the nonprofit world. It’s a bad habit it is okay, so what is the effect of how would you define an effective brand and effective brand is one where the people internally feel connected to it representative of it and ambassadors of it where everybody in the organization, whether their staff, person aboard person, maybe even a volunteer, could speak in some way about the work and its value, and that it’s perceived externally by its core audiences is valuable to so it’s, both internal and external, and i actually think it has a lot to do with the culture and the values of the organization being, you know, authentic and alive and and the visual identity or the messaging is really just an expression of that, and i could see how this would certainly helped fund-raising you can articulate it better than i can. So, yeah, let’s, just make that connection well, it does. It does have a lot of impact on fund-raising and one of the one of the most significant impacts we’re seeing more most recently is around social media and the idea that if you’re going to push out a fund-raising message, we’re going to do a multi channel campaign, which more and more organizations they’re doing. Those people are not just going to get your email or your direct mail, but they’re going to visit your website. They’re going to be on facebook, they’re going to go to twitter. And we want all of those messages to really ladder up and reinforce the the essence of what the organization’s about what the campaign is about. So, so that’s. A lot of what i’m talking about here. It fund-raising day talking alternative radio twenty four hours a day. Do you need a business plan that can guide your company’s growth? Seven and seven will help bring the changes you need. Wear small business consultants and we pay attention to the details. You may miss our culture and consultant services a guaranteed to lead toe. Right, groat. For your business, call us at nine one seven eight three, three, four, eight, six zero foreign, no obligation free consultation. Check out our website of ww dot covenant seven dot com oppcoll are you fed up with talking points, rhetoric everywhere you turn left or right? Spin ideology no reality, in fact, its ideology over in tow no more it’s time for the truth. Join me, larry shot a neo-sage tuesday nights nine to eleven easter for the ivory tower radio in the ivory tower. We’ll discuss what you’re born you society, politics, business and family it’s provocative talk for the realist and the skeptic who want to know what’s really going on? What does it mean? What can be done about it? So gain special access to the ivory tower. Listen to me. Very sharp, your neo-sage tuesday nights nine to eleven new york time go to ivory tower radio dot com for details. That’s. Ivory tower radio dot com e every time i was a great place to visit for both entertainment and education. Listening. Tuesday nights nine to eleven. It will make you smarter. Hey, all you crazy listeners looking to boost your business? Why not advertise on talking alternative with very reasonable rates? Interested simply email at info at talking alternative dot com by the way, for those around the video, the background just shook there’s, not an earthquake in times square. Somebody on the other side, i’m sure got very exuberant about whatever, whatever any, whatever their business is on the other side, and i was shaking, so no earthquake in times square dahna this is, i guess, another way of saying this is all effective communications absolute, and it needs to be resident throughout the organization you mentioned, even even down to the level of volunteers, and you’re not talking about key volunteers, but but occasional volunteer no, i mean, i think if an organization uses volunteers and they recruit them effectively, and those volunteers have a great experience, the first thing they do is go on and tell their friends about it. So they become brand ambassadors that’s not to say we should train them on the brand, per se, but it is that we should make sure they haven’t experienced that is really aware of that and and use that to our advantage. I used in my workshop this morning an example from an organization called american jewish world service that has a program for rabbinical students and when you look at how they communicate this programme on their website, they actually tell you that if you go on this program, you’re goingto be asked when you come back to do some fund-raising on behalf of it and on the program, you’re getting sort of trained to do that work, and then when you come back, they give you the tools to do that work. So that’s a great example of an organisation using a programs audience and kind of turning them into a brand new master. You have a very vivid example before of pita versus american humane society and different messaging. How does an organization find its niche within all the organizations that are doing work within that same mission? Right? Well, again, that starts with research, and one of the things that i think is very important to do is to do a competitive landscape scans so you have to know who else is out there. George in jail on twenty martignetti non-profit radio? Yes, first we’re competitive. Landscape scan. Yeah. What are we doing? What with what we’re doing is we’re identifying our peers are partners people? I’m with you too, in fact, in fact. Way every year we do like a jargon jargon article on our block, and we have words to avoid for each year, but so, you know, so for instance, if you’re in the animal rights space, who else is in that space? What are their websites? How do they communicate? What? What are the key messages they’re using? What are the colors they’re using? What? How are they describing how their unique and i think it’s really important to always be monitoring that? Always be aware of how other organizations in your space we’re communicating that’s not to say that if they use blue, you’re going to use pink or that it’s, that kind of direct. But it is to say that it’s important to remember that people on the outside might be looking at those things a donor who wants to support animal rights might look a lots of different animal rights organizations, websites, and you need to be clear how you stand out in that space. It also again goes back to strategic planning, right cause hopefully in the strategic planning process, you’ve also had a conversation about what really makes our organization unique. And what should we? Be focusing on programmatically. Is this something that a small and midsize shop could do on their own? Absolutely. You don’t feel that there’s a need for expertise to do these kinds of competitive landscape analysis. There are other things. I mean, the difference between the smaller guys and the bigger guys comes down basically to two things. The bigger guys can afford to hire experts who take him through a process. And that’s certainly is nice. But what the small guys have that the big guy’s lack is agility. And i’ve seen some smaller organizations with staff people or with volunteers go through some really exciting, you know, strategic planning and branding processes on their own. Sometimes it takes longer and there’s more learning that has to happen on the way. Really needs a champion. It needs somebody who’s, you know, able to kind of take the work, run with it, make it their own and keep it alive. But it could be done really well. Okay. Could that person be the executive director? Absolutely. Is that you? In fact, i was i was in florida a couple of years ago, and i was giving a workshop and i met a woman who had was an executive director, one man band, no staff, just her and she she had been able to recruit volunteers, developed an incredible visual identity and messaging platform for organization she’s producing all this stuff to promote it. It was great what she was doing looked better than what a lot of large organizations i see do, and it was really about her vision. It was that she understood what effective communication should be, and she wasn’t letting herself off the hook by saying, i’m just one person she garnered these resource is she needs to make it happen. It was amazing. We’re talking about personality, right? I mean, isn’t that just another way of encapsulating everything we’re talking about? Definitely found she found the personality and was expressing her, and she knew howto she knew how to enforce it. And i mean, there are organizations that really get that executive directors who really get that who appreciate the value of great creative on dh then i think one of the reasons it doesn’t happen most often is that there are a lot of organizations where the programmatic work is so important as it’s founded. And everybody’s just putting every every effort that they have into getting those program’s up and running that the name the logo, the tagline, how we talk about the work, etcetera becomes an afterthought and and oftentimes it’s on ly five years, ten years, twenty five years in that the organization starts to say, wait, these things are actually holding us back. We need teo, you know, re prioritize you mentioned something that i want to explore a little more than enforcement. We’ve been through this process. Now we’ve found our niche and where expressing it, how do we keep it in fourth? Yeah, i mean, the old model is brand policing so that’s appointing a person who really, you know is somewhat of a bully about keeping things consistence and on track the person who would write style guide, for instance, it might be it might be bigger, but these days i what i really prefer and what i would really encourage organizations to do because i think it’s much more relevant is to cultivate everybody to be a brand ambassador, right? I mean, if if a staff person, any staff person can’t go to the gala or to a block party or to whatever is going on and talk effectively about the organization that’s a problem, right? So everybody needs to be able to be an ambassador for the organization in whatever way they can. And in order to make that work, it has to be very communications have to be very, very simple, and they have to be very accessible to everybody on staff. So you mentioned a style guide style. Guides are getting more and more common in the nonprofit sector. A stock historically has been a rule book for how to use the visual identity. I actually prefer brand guide, which talks more about the communications strategy for the organization and the messaging like here’s. How you abbreviate our name. Don’t use the acronym, you know to go back to juergen instead of in the workshop i gave this morning, there was one woman whose organization goes by a i x y abila long acronym. And when she unpacks that its association you know exactly what they do with the name so it’s. A cumbersome name. But i’d rather she call it the association if she has two short handed at least there’s a clue. Who they are okay? And this trickles down to i think you’ve made you’ve made the point already everybody in the organization doesn’t your function, maybe very ministerial down to maintenance, perhaps, but you still you need to be speaking with that same organizational voice, absolutely. And if the maintenance person is on facebook and might be posting something about an event that’s going on that they were involved in helping, then you want them to feel empowered to beyond message what else? What did i not ask you that you’d like to share with small and midsize shops about about this process grand raising how it helps supports fund-raising well, i would say, you know, one one one theme we’ve touched on, but i wanted to say again is don’t give up hope just because you’re small and you can’t afford to hire an agency or whatever, that doesn’t mean you can’t do a great job. When i wrote my book, i was trying very hard to write it from a point of view of could somebody who doesn’t do this stuff every day take this and use it, and i’m hearing back from people that they can, but i’m also seeing more and more examples of organizations just really coming up with fresh, creative ways to do it. We built this scorecard that we have on our website where you can go in and sort of answer a series of questions, and it reflects back to you how your organization is doing managing its communications on one of the interesting findings we we have uncovered from that is that this small guys do it, justus well, as the big guys, that that the the having staff people or money for communications does not necessarily make you a better communicator. Excellent website is picked up dot com it’s, big duck. Nice dot com okay, don’t you ignore what i said? First big duck and dot com sarah door. Um, you want to leave one last one last tip. Come to fund-raising days. Great show. I want to see you all here next year. You’ll be back. I’ll be back. I love it here. Yeah. Sarah durham is thanks durney principle. My pleasure. Thank you very much. Principal and founder of big duck leary in n y c her book is brandraise ing and i want to thank you very much for joining me, sara and listeners viewers thank you for joining my coverage of fund-raising day two thousand thirteen marriott marquis hotel. Thanks very much. Thanks. Yes, my thanks to everyone at fund-raising day and sarah durham. To bring this show, we need some help. And i want you to know about the two companies that are helping us bradrick rally bound is a sponsor. They make simple, reliable peer-to-peer fund-raising software. This is software for runs, walks and rides it’s friends asking friends to give to your cause. You get a discount as a non pas provoc radio listener. Get that claim that discount you can go to rally bound dot com or just call them up on talk to joe mcgee and he will answer your questions and help you build your campaign. And, of course, explain how rally bound khun do that for you. They’re at rally bound dot com or triple eight seven six seven nine zero seven six and we are also supported by t b r c cost recovery yourselfer benowitz runs t brc. He will go over your past phone bills looking for errors when he finds them, which he does ninety. Percent of the time phone cos it turns out, are not so good about billing correctly. Then he picks up the phone when he finds these errors and he fights the phone company to get you money back. These are not only errors in billing, but also services that you didn’t order or you’re getting the wrong pricing, not what, not what you were supposed to be charged for, a service and also he can fight well above market pricing when he finds that, um, i had mentioned a couple weeks ago that recently he saved a non-profit almost twelve thousand dollars after finding errors in their phone bill that went back three years and you only pay ti brc if they actually get money back from the phone company, they can also save you money looking far word, because if you’ve, um, if there have been mistakes in the past, then there’s savings to be accrued going ahead as well. Trc cost recovery yussef rabinowitz i’ve known him for almost ten years. He’s at tbe rc dot com or two. One, two six double four nine. Triple xero ask for yosef twenty steak too. I hosted a panel discussion. For the new york ilsen chapter of a f p about two months ago or so that’s, the association of fund-raising professionals, the discussion was about creating a culture of philanthropy throughout your non-profit very similar to what sarah duram was talking about in having everyone be a brand ambassador from the receptionist to your ceo. There were three very smart people with me. They were terry, billy, matt bregman and brian saber. It was informative conversation, and i love the topic because it does come up a lot. How do you encourage everyone in your non-profit two treat the people they come in contact with as potential donors. It was informative, and we had some fun as well. There’s a link to the video on my block at tony martignetti dot com and that is tony’s take two for friday, the sixth of december forty seventh show of the year. Scott koegler is with me, you know him he’s, our monthly tech contributor. He’s, the editor of non-profit technology news, which you’ll find it n p tech news. Dot com and on twitter he’s at scott koegler. Scott, how are you? I’m doing well, tony, how you terrific lee. Thank you very much. You have a good thanksgiving. I did way too much turkey. But, you know that’s to be expected. Alright, good. You had fun. He did. We’re talking about safeguarding your donordigital. What are the, uh what of the potential risks here if donordigital is compromised? Well, there’s a lot of risks. You actually tony and what’s probably the biggest one is that not just the the data is stolen, but the information about your donors is compromised and that’s something that has made a whole lot of headlines recently well, over the last few years actually, um about, you know, different different companies having having their data breached, having there credit card information stolen and now people losing, losing the privacy of the credit information identity theft by another word. So there are implications that are certainly public relations you don’t want to be, you know, it may not be a headline if you’re a smaller midsize shop, but you can have a public relations problem among your donors and volunteers without it being in the headlines. There’s legal implications and you couldn’t even have, like some financial problems mean if people if it comes to the point of people suing you? Are you having to pay for damages? Definitely. Definitely. You know that i moved to south carolina recently, and last year i think that was earlier this year. Actually, the the the state governments website was breached. And supposedly all of the information that that anyone who has filed tax returns in the state oh, my goodness is stolen. So, you know, i mean that’s bad enough. I haven’t actually heard of anyone who was, you know, was affected by having their identities going. But what happened was that the state, aside from the, you know, the political and and other kinds of just general discussion about how things were handled badly, they had to offer a free subscription service to an identity theft, monitoring service to literally everyone in the state. Oh, my and a couple people. And so on, top of on top of having to rebuild their infrastructure, you know, tighten down their security, you know, they have that financial burden, you know, just added things. So yeah, financial consequences definitely did this stuff the car during the five days when governor mark sanford was off with his girlfriend in in argentina is that when that happened, it could have i don’t know, i you know, it could have been an argentinean internet connection get part of the story his reputation has since been rehabilitated because he was he was elected. Tio what the house of representatives, i think for for south carolina? I think so. Although i have to have two admit that i haven’t really followed much of the south carolinian political situation, even though i should have. Okay, well, you’re you’re new resident. Well, i am your break now. Good vote. So, i guess it’s good. What part of the problem with identity theft, though, is that people the bad people don’t use the data right away because they know that everybody who’s data was compromised is on the lookout, but they’ll wait. I mean, they’ll wait three for five years and use the data then when your date of birth and social security number haven’t changed and maybe even your address hasn’t changed. And and by then people are not on the lookout for the for the theft. Because it’s been so many years since it occurred. Exactly exactly. And then it’s also hard to track down. Where that breach came from because if it wass, for instance, a small provider, small company or a small non-profit that got that breached, uh, may not have been reported, right? Not everybody owns up to it, and actually not everybody actually knows that they’ve been breached. Right rights, it’s not in the hacker’s best interest to notify anyone that had that data. Yeah, yeah, now it gets it gets discovered by some audit. Or maybe the hackers will sloppy or something like that, but yeah, i’m sure there are lot of instances where organization don’t even know that it’s happened. All right, so if we’re going to protect our donordigital what we need to be thinking about first? Well, the first thing is pretty obvious stuff is that, you know, if you don’t need the information, don’t keep it, don’t collect it, don’t get it one of the pieces of information, of course, that non-profits do. On whose credit card information, uh, and some sites you know, amazon in particular, and pretty much any e commerce site collect credit card information and then there’s a convenience to the chopper. We’ll store that information? Yes. And, you know it’s convenient. And in a situation like amazon, people may go back there and by things you know, almost daily, and so in that case, it really is a convenience, so you don’t want to. I don’t want to keep entering my my credit card information every time i buy something for a non-profit that that frequency is probably significantly less than what amazon gets and we would certainly hope with it it’s more frequent, but reality is they’re probably talking about a few times a year at the most. Yes, so in those cases allow the credit card information to the energy. Be sure that it’s over a secure line and that’s here’s a jug and peace for https that’s uh uh that’s the secure website connections that links the website that someone beat feeling to the with the back end server some reason, scott, i know that http is hypertext transfer protocol, right? And then i believe that as few yeses for secure okay, sorry, sorry. Nobody cares about nobody cares. Um, so and that part right there just means that someone monitoring are tapping into the line isn’t just catching the data while it’s streaming by them on dh collecting it that way. That’s the first line of security, but the second, you know, use the information, make the transaction, get the get the donation into the bank account, and then just don’t record the critical information, right? Just by doing that i could probably solve. I’m going to say at least fifty percent of the of the problems that a data breach can cause for constituents for donors. There’s other information that would fall into those to that category, i’m thinking, like date of birth, social security number, even even address? Yeah, address an email. I mean, you don’t want those to be compromised. Yeah, here’s an interesting piece of the security information. Did you know if you have a person’s first name your date of birth and their zip code, you can find out through there first name, date of birth and zip code that’s enough to identify? Yeah, yeah, that makes sense way, wouldn’t you? Yeah, when you say it, it makes sense, but somebody wouldn’t think that those if you’re not, if you’re not in a security role, you wouldn’t realize that those three things can be really damaging and you could find everything about those so i mean, date of birth, i mean, probably non-profits don’t have to save date of birth, right? Date of birth, you know? Krauz they probably do need address information in order to send maybe a ten, ninety nine, you know, donation form at the end of the right, right? But certainly so security number is not necessary. I don’t. I don’t think that’s required for a ten, ninety nine. Well, non-profits aren’t sending ten, ninety nine’s. They’re just sending the just sending acknowledgement letters. Okay, so, yeah, ten. Ninety nine’s that’s for contractors. So so wouldn’t you wouldn’t need it. You wouldn’t need you would not need it for donors. All right, but so there’s there’s information that we should save, but we should look scrupulously at what we are actually preserving is the point. Okay, what we need and don’t even ask for what you don’t need and those things that you do need, you know, on a on a short term basis, like credit card information. Just really okay. Okay. There’s still information that you need and there’s information that you want to keep. You want to keep the name, you know, the donation history, maybe. Their activities, you may want to keep their their their address, and they want it. Particularly if you do send out snail mail. Kind of, uh, information. You know, newsletters do still go by on paper. And so there is information that you want and here’s one of the ways that south carolina system was breached. No, if they could have avoided the entire disaster with the effects of the disaster. Maybe not for a public relations standpoint, but from the effect on its citizens. By encrypting the data they have. So wait, he talked about, you know, using a secure internet connection tps. And that applies and encryption to all of the information going across the internet wire. But once it reaches the program of stories that data, um, you know, that data is stored in a database and the database is usually, um, pretty transparent. In other words, you can open the database. Look at the information and it’s you know, it’s in english. It’s in what’s, commonly called clear text. So it’s, you know, you can look at it with a human being can read it and understand it. And i know it’s easy and it’s the way that things are stored most of time. What south carolina did not do on. Actually, a couple of others didn’t dio notable ones are adobe and link them okay. Not small names of people that you would think would know better. Um, they did not encrypt the contents of their database. So what that means is if the data is not encrypted, hacker gets in, they download the database and they can use it’s all visible in clear text. Okay. Okay. All right. So so the data that we do store, we should consider encryption, right? Absolutely. Absolutely their encryptions pretty easy. Most databases have it as a non option. You could just, you know, take a box and bingo. It’s all encrypted. So we have to also consider where this data is safe, right? It’s lots of different places and including portables buy-in night. Um, sure, cellphones get lost, laptops gets stolen, all those kind of things happen. I don’t know that. There’s an additional answer there. I mean, certainly you can password protect cell phones and laptops for typically people don’t do that. Yeah, well, we’re going to get to policies that they should be doing so. But they’re also the data is on servers. In your and hopefully your server closet is secure. I’ve seen a lot of servers that including businesses, small businesses where, you know it’s in a like a ah whole janitorial closet or something up on a shelf, not secure it all, but data can also be in the cloud. Uh, exactly that it could be in the cloud and it’s kind of a counterintuitive. I’ll just give you my personal take on this. I think on i believe that the data that’s stored in a no properly created cloud environment it was much more secure than something that’s residing in your server. Have your office. Okay, why don’t i tell you why? First of all, servers in officers are managed fly, but people in those officers typically and except for, you know, very large non-profits most of those people are not, um, it’s, not a full time job to manage the security of the service right there doing other things. They have a full time job for a part time job and a piece of a part of a tiny portion of that time maybe to make a backup of the server, on the other hand, cloud based systems it is their business, it’s, the only business, and not only are the, uh, typically bound by terms and conditions of the contract with that you have with them to protect your data, if if they’re breached, uh, they stand to lose their entire business just from the bad p r so it’s in their best interest to keep their, you know their customers, clients, data secure, you know, they those kinds of environments, too, support the https secure connections they do typically encrypt the data. I’m not saying you don’t need to check those things, but i do believe that it’s, no overall, safer environment, leave it in the hands of the professionals. Okay, way. Have to go away for a couple minutes when we come back. Scott. Now, keep talking about safeguarding your donordigital. We’ll get into some of the policies that you should have. Stay with us. You’re listening to the talking alternative network. Are you stuck in your business or career trying to take your business to the next level, and it keeps hitting a wall? This is sam liebowitz, the conscious consultant. I will help you get to the root cause of your abundance issues and help move you forward in your life. Call me now and let’s. Create the future you dream of. Two, one, two, seven, two, one, eight, one, eight, three, that’s to one to seven to one, eight one eight three. The conscious consultant helping conscious people. Be better business people. Have you ever considered consulting a road map when you feel you need help getting to your destination when the normal path seems blocked? A little help can come in handy when choosing an alternate route. Your natal chart is a map of your potentials. It addresses relationships, finance, business, health and, above all, creativity. Current planetary cycles can either support or challenge your objectives. I’m montgomery taylor. If you would like to explore the help of a private astrological reading, please contact me at monte at monty taylor dot. Com let’s monte m o nt y at monty taylor dot com. Talking alternative radio twenty four hours a day. I’m dana ostomel, ceo of deposit, a gift. And you’re listening to tony martignetti non-profit radio. Big non-profit ideas for the other ninety five percent. All right, scott, we know what data we’ve got and what we need to save and not save way we know where the data is stored, what kind of policies should we have in place? Yeah, well, as you mentioned, it’s it’s a good thing to have a policy that says, you know, you need to secure your devices with a password so that every time you go to use that needs to be logged in, um, in my experience that that may work in corporate environments where the shop has the ability to actually manage the devices that were used by their weather employees, but in an environment that says generally as loose as a non-profit think becomes pretty difficult to enforce. For one thing, you know, you’re your volunteers may all that they have bones that are being managed by their brother employers. So you get a conflict in that in that area, i’m still it’s a good thing to do. Certainly you want to be sure that the staff isn’t writing things down on pieces of paper, so if they are recording things, they are being recorded in a digital format in a secure format so that whatever protections are being enforced in the inn that digital connection are being used, they may not be one hundred percent, but it’s better than nothing for sure. We should also have policy around who has access to different pieces of data, absolutely, and that has to do with the, uh, the applications that you use in historian information some of the more simplistic application, for instance, locally, you know, homemade databases, spreadsheets, things like that have very limited security options, right? Most of the most of the non-profit applications that are available commercially have what they call multi level rules so you can define a roll of manager out of the data entry clerk, you know, hosting volunteer and different kinds of rules like that, and each one of those can have different levels of access to information. So somebody who’s carrying around a tablet that in the event registering people for the event, they only have access to the data entry function for that piece, it certainly would not have access two historical e-giving and other other information has already been recorded when i go teo cem, clients on i’m using their database there’s data that i can’t see? Social security number. For instance, i i can see that it’s preserved, but all i see in that field is a bunch of stars. Date of birth, i think is another one. Or maybe i see the year, but not the day in the month. Something like that. So there there are there are data, ways of preserving and i log on to that database so it knows who i am and what level of access i have. Exactly. When i was, that reminds me of when i was in the air force, i had i had top secret clearance. And then beyond top secret, there was something called psyop. Yes, i which was it was his top secret. T s psyop was the single integrated operating plan. And then, yes, i was for extra sensitive information. So you could have t s and then you could go beyond that, and then beyond that. And then there’s, you know, obviously there people bled levels of security clearance beyond me. But i had top secret c i a p ece anyway, so so just exactly as you told me that tony means you have to kill me right now. There. Are other reasons i need to kill you. Is that another doing? Just revealed. Okay. All right. So the software can help us. All right. So this is part of our policies is who who has access to what? On a need to know basis, right? That’s, basically, what do you need to know? To do your job? Exactly. And there’s one two things i’ll bring up here one is that, you know most well, most a lot of instances of breach come from, uh, not getting rid of logging access. That is not necessary any longer. So someone leaves the organization. The very first thing that should be done is that log in should be deactivated. Deleted whatever. Yes, at the very least. Password changed. But there are lots of lots of instances where that wasn’t done immediately. And the data, you know, goes away and let’s face it. You know, it’s it’s, not just a friendly departure. That person is more likely to take action immediately than they are, you know, a month down the road. So quick action is is really, uh, you know the right thing to do. Let’s, talk a little about insurance. There’s there’s. Cyber insurance there is dahna and, you know, i haven’t really looked at the prices for those, but i’m sure that there is based on the amount of information, the value of your database, all those kind of things, but i would say that most of the large insurance company i’m looking at the hartford and shove, for instance, they offer what’s called a data breach insurance, which is exactly what we’re talking about here, its protection against loss, its protection against lawsuits from some problems occurring based on the loss, liability, all those nothing i would say it’s definitely something we’re looking into. And of course, you know, hindsight will always tell you that you should have done it. Yeah, but, you know, pryce will make that determination for you, okay? We’re not holding you to the standards of of an insurance broker, so you don’t need to know the price, but but important for people to know that it exists and and as you suggested, you know, if you have a bad person, maybe they left on bad terms or maybe they’re still working for you, and they just have some bad intentions. No policy is going to prevent them from getting what they want if they’re if they’re industrious enough like and an interesting statistic. Seventy five percent of a raw data theft and i’m talking well, i guess it could be called hacking, but they left. This use of data happens internally of that seventy five percent, fifty percent of it is from physical, just physically copying the data onto a thumb drive. Or, you know, some other cd or something like that. So it really, you know, most of what’s gonna happen is really gonna happen within the organization and that’s for anything. And this heartening, unfortunately true. You’re a former ceo, right? Chief information officer, chief technology officer on the corporate side. Um what? What more do you want to impart? I haven’t asked you about, uh, you know, lock the doors. That’s, that’s probably the biggest and most difficult thing that we had to contend with was making sure that the facility is secure. Now, those when i was doing that, cloud computing was really not a big issue. So locking the doors, you know, for a cloud environment doesn’t really does it really work. That said, there are still, uh, there’s still paper records that your store in camp, almost any organization and locking the doors were locking the file cabinets or some other way, securing access against the paper records. Still it’s still the right thing to do, and we’ll we’ll avoid some of the day. The fact that we’re talking about yes, excellent. We’ve been talking about digitised data, but there’s still lots of paper records and just simple locks on a file cabinet on blocks on doors, andan that server door that you know that those hallway closet server that i see where it’s the maintenance you know, it’s it’s above the slop sink that’s crazy frank, right it is and have one one other issue that we talked about and that is what’s called social engineering and has nothing to do with data. Uh, it’s it’s really old fashioned and involved. Usually telephone, but it could be personal. Personal face-to-face okay, you know, we talked about the three pieces of information that will lead to someone really knowing who you are like that, uh, your first name, date of birth and your zip code. You may not say all those things to the same person at the same. Time, but, uh, social engineering involves people making phone calls into an organization, talking to different people and pulling different pieces of information from those different people and then assemble in those outside so they’re pretty easy to, you know, called secretary and they, you know, i’m trying to get the three owners birthday gift, you know, what? They were on dh, you know, by the way, you know, at another person calls in to another person in the organization and says, you know what? Town today with them? I mean, no, there you go right there. Three piece of information, yes. Wow. That’s okay, those air bad there’s a bad actors, but but if somebody want that they can, they can put it together over time. And andi, even if even a small organization, even if there aren’t that many people, if they can call they could do it over time, they can have a have ah, accomplice maybe helping. So one time it’s a man a couple weeks later, it’s a woman asking different things. Your office isn’t going to protect against that exactly. Then we’re not as people, we’re not wired to think, you know, in that. Kind of devious way to protect ourselves. Okay. All right. All the more reason for thinking about this thing about cyber insurance, i think. Exactly. Exactly. All right, we have just a couple of minutes left. Scott, i’m going to put you on the scott on the i’m going to put you on the scott. I’m going to put you on the spot for a holiday wine recommendation as part of your as your sixty second style stop. Whoa, what wine do you loving? In the month of december? A month of december, we actually we found one that we absolutely love. It’s it’s the two thousand ten it’s called immortal it’s zampa dollars. You might expect it’s just it’s, you know, luxurious it’s. Wonderful. And it’s. Got that typical in-kind of sweetness and smooth with a lot of food. Uh, that fifty bucks and i, you know, been enjoying that one. Okay. That’s a that’s, a red zinfandel or white red’s. Okay, two thousand ten immortals in scott koegler sixty second style. Stop, scott. Always a pleasure. Enjoy your holidays. Thank you very much. Good to talk to you. Thanks so much for your help, scott koegler on twitter. He’s at scott koegler konigstein are and he’s, the editor of non-profit technology news, which is that n p tech news. Dot com next week, the millennials study derek feldman will be with me. I’m pretty sure he’ll be in the studio. He’s, co author of that report also amy sample, ward she’s, our social media contributor and ceo of non-profit technology network and ten she returns next week. Remember our supporters rally bound dot com and tb rc dot com. I’m very grateful for their support. They’re good people. Please check them out. Our creative producer is claire meyerhoff. Sam liebowitz is at the board, as our line producer shows. Social media is by deborah askanase of community organizer two point oh, and the remote producer of tony martignetti non-profit radio is john federico of the new rules. This excellent music is by scott stein. Oh, i hope to be with me next week that’ll be friday, december thirteenth. The, uh i don’t know which friday of the year it is, but it’ll be at one to two eastern at talking alternative dot com. You didn’t think that shooting getting thinking. You’re listening to the talking alternative network duitz get in. E-giving cubine are you a female entrepreneur ready to break through? Join us at sexy body sassy sol, where women are empowered to ask one received what they truly want in love, life and business. Tune in thursday, said noon eastern time to learn timpson juicy secrets from inspiring women and men who, there to define their success, get inspired, stay motivated and defying your version of giant success with sexy body sake. Sold every thursday ad. Men in new york times on talking alternative dot com. Are you suffering from aches and pains? Has traditional medicine let you down? Are you tired of taking toxic medications, then come to the double diamond wellness center and learn how our natural methods can help you to hell? Call us now at to one to seven to one eight, one eight three that’s to one to seven to one eight one eight three or find us on the web at www dot double diamond wellness dot com way. Look forward to serving you. You’re listening to talking on their network at www dot talking alternative dot com now broadcasting twenty four hours a day. I’m the aptly named host of tony martignetti non-profit radio. Big non-profit ideas for the other ninety five percent fund-raising board relations, social media, my guests and i cover everything that small and midsize shops struggle with. If you have big dreams and a small budget, you have a home at tony martignetti non-profit radio friday’s wanto to eastern talking alternative dot com. Are you concerned about the future of your business for career? Would you like it all to just be better? Well, the way to do that is to better communication, and the best way to do that is training from the team at improving communications. This is larry sharp, host of the ivory tower radio program and director at improving communications. Does your office needs better leadership, customer service sales, or maybe better writing, are speaking skills. Could they be better at dealing with confrontation conflicts, touchy subjects all are covered here at improving communications. If you’re in the new york city area, stop by one of our public classes, or get your human resource is intact with us. The website is improving communications, dot com, that’s, improving communications, dot com, improve your professional environment, be more effective, be happier, and make more money improving communications. That’s. The answer. Talking.

Leave a Reply

Your email address will not be published. Required fields are marked *