Nonprofit Radio for December 9, 2016: Leveraging Expert Or Tech Volunteers & 7 IT Security Pitfalls

Big Nonprofit Ideas for the Other 95%

I love our sponsors!

Do you want to find more prospects & raise more money? Pursuant is a full-service fundraising agency, leveraging data & technology.

It’s not your 7th grade spelling bee! We Bee Spelling produces charity fundraiser spelling bees with stand-up comedy, live music & dance. It’s all in the video!

Get Nonprofit Radio insider alerts!

Listen Live or Archive:

 

My Guests:

Steve Heye, Erin Dieterich, & Princessa Bourelly: Leveraging Expert Or Tech Volunteers

(L to R) Steve Heye, Erin Dieterich & Princessa Bourelly

We’ve got what you need to know about managing volunteers with special expertise. Where do you find them? What about screening and scoping? Our panel is Steve Heye and Erin Dieterich from NetSuite and Princessa Bourelly from Juma Ventures. (Recorded at the 2016 Nonprofit Technology Conference)

 

 

 

Leon Wilson & Dan Rivas: 7 IT Security Pitfalls

(L to R) Leon Wilson & Dan Rivas at 16NTC

Not sexy but very important. Leon Wilson from The Cleveland Foundation and Dan Rivas from Idealware walk you through bad habits that you need to change so you don’t put your precious data at risk. (Also from the 2016 NTC)

 

 


Top Trends. Sound Advice. Lively Conversation.

You’re on the air and on target as I delve into the big issues facing your nonprofit—and your career.

If you have big dreams but an average budget, tune in to Tony Martignetti Nonprofit Radio.

I interview the best in the business on every topic from board relations, fundraising, social media and compliance, to technology, accounting, volunteer management, finance, marketing and beyond. Always with you in mind.

Get Nonprofit Radio insider alerts!

Sponsored by:

Vertical_Color
View Full Transcript

Transcript for 318_tony_martignetti_nonprofit_radio_20161209.mp3

Processed on: 2018-11-11T23:37:45.001Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2016…12…318_tony_martignetti_nonprofit_radio_20161209.mp3.676684126.json
Path to text: transcripts/2016/12/318_tony_martignetti_nonprofit_radio_20161209.txt

Okay. Hello and welcome to tony martignetti non-profit radio big non-profit ideas for the other ninety five percent on the aptly named host we have a listener of the week, young non-profit professionals network of milwaukee hello, milwaukee! They tweeted learning about non-profit excellence listening to tony martignetti non-profit radio end quote excellence love that thank you so much for that. Plus they’re very loyal re tweeters. Thanks for that also, i’m glad you found us. Thanks so much for listening for loving non-profit radio. I’m glad we’re helping your important work. Young non-profit professionals network of milwaukee they’re at and why p n m e congratulations on being our listener of the week. Oh, i’m glad you’re with me. I’d suffer with bracket nathalia if i had to speak the words you missed today’s show leveraging expert or tech volunteers we’ve got what you need to know about managing volunteers with special expertise. Where do you find them? What about screening and scoping their work? Our panel is steve hi and aaron dietrich from net sweet and princessa bourelly from juma ventures that was recorded at the twenty sixteen non-profit technology conference. Are you signed up for twenty seventeen? You? Need to and seven security pitfalls not sexy but very important leon wilson from the cleveland foundation and dan revis from idealware walk you through bad habits that you need to change so you don’t put your precious data at risk. That’s also from the twenty sixteen and tc. Sign it for twenty seventeen on today’s. Tony, take two your trump challenge reduction director’s cut. We’re sponsored by pursuing full service fund-raising data driven and technology enabled, you’ll raise more money pursuant dot com, and by we be spelling supercool spelling bee fundraisers we be spelling dot com here is leveraging expert or tech volunteers from the twenty sixteen and tc. Welcome to tony martignetti non-profit radio coverage of sixteen auntie si non-profit technology conference in san jose, california. This is also part of ntcdinosaur stations my guests now are steve, hi, aaron dietrich and princessa bourelly let’s meet them. They’re seminar topic is leveraging expert or technical volunteers. Steve is solution consultant for net suite, and next to him is erin aaron dietrich, director of corporate citizenship, and princessa bourelly director of finance at juma ventures. Steve aaron princessa welcome, thank you. You’re very welcome welcome to non-profit radio. Just indulge me for a moment while i highlight our swag item for this interview, which is from black mesh. Everything is in black there’s. A very high gloss notebook with a calendar at the end. And we have a usb drive. Flash driver should tell you flash drive and, uh, upend your basic basic pen. And this goes into our are you our swag pile for the day, which is right here. Awesome. Third for the for the people, for our listeners. Just have audio. Okay. There’s a difference. Hyre let’s. Steve, you explain it off off. Mike let’s, have you explain now, there’s a difference between using experts who are technical and non-technical help us with an overview of this? Sure. So the way we first started, you know, talking about this was, you know, we all have volunteers. We all understand how to work with them when we all have ideas. Part of matthew’s. Um but there is a very fundamental difference between using somebody that just wants to come in for a single day and do a single task versus somebody that has ah, very skill. A very big skillsets and indoors and expert. So you know, with probono the key is they’re coming in and they do legal work for their living, or they do finance work for their living, and they come or technology for their living, and then they want to do that for you, but do it for free. So that kind of volunteer requires a very different relationship with them because you’re allowing them to do work that will have dramatic impact on your organization and is much more critical that you understand what they’re going to be doing, how you’re going to use them and build a relationship with them. All right, erin, is it essential that these technical volunteers be supervised by other people who are technically inclined or who are technicians? So i would say it’s very important that they’re supervised the level of technology knowledge that the person who supervises has will differ at different organizations. And i think the most important thing is just that whoever’s managing thie non-profit ah project and whoever’s, the lead volunteered that they’re on the same page about what the project’s going to be, so as long as they can speak the same language and that’s probably the right skill level. But if you have a volunteer who’s very, very skilled and is speaking a language that you just don’t understand, as they described a project that projects probably not going to go well until you find somebody on your side who can speak the same language and understand what you’re getting involved in, ok, so at least that level of understanding. Okay, now princessa you’re using technical volunteers at juma ventures, we are currently using the probono through net sweet this’s a multi year and the project is going really well, and it is i have been a great experience and opportunity for juma as well as the net sweet probono to come in and offer their experience in what capacity are using technical volunteers, so they are helping us now set up our dash schwartz within the net sweet system, tio take an excel spreadsheet and be able to pull that same information out of net sweet without having to pull all of these different areas together. So it’s going to be sort of easier for us to manage to maintain. So we use their technology expertise to actually do the set up, and i managed the dashboards as well, okay. And do you have some lessons learned to share? Not necessarily. Right now, way. Have another twenty minutes together. But there’s some lessons learned about using technical volunteers. The biggest lesson that i shared today would be for us to be prepared on the non-profit side. Okay, little better preparation. So all right, well, we’ll get there. We’ll get a chance. Talk about that. Andi okay, you have some advice on finding technical volunteers. Erin, you want to start with there, start start stuff. They’re sure one of the things that we shared today in our session was that it’s important to look at who as a non-profit you’re already connected, teo. So you look at who is already, you know, from the corporate side making donations who perhaps is already a partner and look at what their core competencies are as an organization, and see if there is an alignment between their core competencies and what you need help with. If there is, it might be very easy. Next step to go back to them and say, hey, we love working with you, here’s something that were really struggling with do you think that this is something? Your team would wantto look at probono and start the relationship that way. In addition to looking at your corporate kind of connections, there are a lot of really awesome sites out there that can help you find an individual technical volunteer. So we shared a list of resource is today, but among them is the taproot foundation. Catch afire community core volunteermatch linked in latto from empower there’s a bunch community corps for man, power and power and power. Okay, where you could get you could go on there and essentially say, you know, we’ve scoped out this it’s a challenge that organizations having. Perhaps we need a new website and you can go and find volunteers who are taking their personal time after their job to to do that project for you. Okay, i’ve had the catch a fire ceo on rachel chong. Yeah, it was great a couple years, but yes, very true. Okay, is a screening is going to be important eyes? Okay, wait. So we talked a little about finding now we’ve got a prospect pool of whether it’s from real time relationships and partnerships or somewhere we found online screening. We re interview them. Right? I mean, i would think same way you’re interviewing. Ah hyre yeah, so there’s a couple, it varies a little bit. First, the amount of screening, the amount of effort that you’re going to put into the screening process depends on what the type of project that they’re going to be working on. So based on the level of impact of the project was going tohave and the risk that’s involved in this project, you’re going to want a little varying level of screening. So if it’s if it’s a project where they are like princessa talked about, they’re going to be in your financial system. They’re going to be looking at, you know, helping you, you know, adjust you although or if it’s a legal probono where your they’re reviewing contracts or they’re doing that, you’re gonna want to ah, ah, lot more screening a hell of a lot. A proprietary information, proprietary and potentially damaging. Yeah. So you want to make sure it fits in the wrong hands, right? So what do some of those, you know, nondisclosure agreement might be in place or, you know, on actual application, ask him who they worked with before. Do some background checks if it’s needed, but if it’s a vendor that you already have a long term relationship, you’re a customer with them and, you know, maybe then the barriers drop a little bit because you’ve already had a long letter longer relationship with that company and because you’re paying them and they have, you know, are already a setup established program is a little bit different on the type of screening you would do, or if you’re just having somebody build a little widget on your website, that isn’t like mission critical, then you’re screening might be a little lower because it’s it’s not like mission critical it’s not going to blow up the whole world, your world, your mission world and there isn’t a finance proprietary data right involved, but still there still going into your yeah, you still have to ensure that they have a certain level of technical expertise because they are going into the back end of your system, your coding and yeah, so i mean, asking could mess things up, right? Asking for examples of work they’ve done before who they worked with or even asking for their resume or having a full out a sample application there’s a number of things you could do just to get some simple information about them. Okay? Yeah, right to screen him. Princessa any any advice lessons learned on screening volunteers? So going through net sweet, we didn’t have to do the screening. We just we applied we the hardest part is narrowing down from this, you know, these grand scheme of ideas that we need internally narrowing that down for the next week team to then matches teo prose that could come in and have the availability to sort of target our project. Okay, so you potentially could have used more volunteers? Is that what you mean? T to other work for you? The beauty of net suite is that they offer it multiple times per year. So even though we didn’t get to address all of the projects there is, there is a possibility that we could get to it. Okay, okay, you’re tuned to non-profit radio tony martignetti also hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a quick ten minute burst of fund-raising insights published once a month. Tony’s guests are expert in crowdfunding mobile giving event fund-raising direct mail and donor cultivation. Really, all the fund-raising issues that make you wonder, am i doing this right? Is there a better way there is? Find the fund-raising fundamentals archive it. Tony martignetti dot com that’s marketmesuite n e t t i remember there’s, a g before the end, thousands of listeners have subscribed on itunes. You can also learn maura, the chronicle website, philanthropy dot com fund-raising fundamentals, the better way. Dahna the errand and steve are both nodding. So i guess you have a shot at this. All right? So instead of talking around, this remains will say, well, let’s, just have aaron, why did you describe the net sweet volunteer technical volunteer program? How this works? Sure so and nets sweet. We donate our software platform to non-profits and social enterprises, and once they start using that platform, they are eligible to apply for probono support from our global employee workforce every quarter, so at the beginning of each quarter and application goes out to non-profits they say, here are the things i need help with. And then internally at the company, we send out an email to all of our employees and say, hey, hear the things that non-profits need help with on the platform. We need your technical skills if you want to get involved, let us know, and then our team actually does the matchmaking. So were the screeners in that instance, we look at all the employees, backgrounds, we look at where they work, what time zone they’re on, what their expertise is and we put together typically teams of two to four employees who we think have the right skills to get that project done. That’s been requested. Okay. How many? How many people on your team princessa there? Ford for max. You got the mac. Okay, now, doesn’t that sweet? Havea probono requirement part of employment is you’ll spend weeks or ten percent of your time or something. Is there anything like that? So, it’s not a requirement, but all of our employees are allowed to spend twenty hours a quarter on a project probono when they get matched up so they could, you know, work it out with their manager that they apply and take on a project every single quarter of the year. But it’s not a requirement. Okay. Okay. All right. Thank you. Uh, all right. So after screening let’s, see where should we wish we go on starting to manage? We’ve nothing scope. Hoping is that we are right now on twenty martignetti non-profit radio. I have george in jail now think if this was a discussion on on hiking in the in the adirondacks, scoping, you know, would probably be pretty simple thing, understand? But in this conversation, i don’t know what scoping is. So get yourself out of jail, what is scoping? So i think the key teo a big differentiator between using an expert or technical volunteer is they will need something that tells them exactly the challenge you’re having, what you’re hoping to solve and how you want, ok, scope of the project so it’s a scope of the project, meaning that you’re going to just both sit down with a document and agree on what are the what is the challenge? We’re trying to solve one of the goals of the project and then talk through that together to figure out what the actual outcome will be. So you know it usually it starts way too big, and then you scale down into something that’s actually accomplish because that’s, one of the channels we have with expert could also employees only have up to twenty hours per quarter, right? And that zoho almost all probono helped that you get will have some sort of ah, limitation to how much help you’ll get and how long the project can last. So the real key to using a technical volunteer is having a chunk of work. That’s, containable, it’s, describable attainable and it’s something that you can easily pass to someone and have them understand. Princessa was this hard? Teo, define the scope. It was hard to narrow down internal given. I mean, you said there were other things get done, and maybe this project was even bigger than it. It could reasonably be i think i shot for the moon, ok? And they had to bring me back down. All right, so i basically put out our, you know, our primary concerns. They chose a a project that they could actually accomplish within the twenty hours. And so the difficult part is on my end, making sure that i’m providing them with the proper information to make the project six successful. Okay. Yeah. You clearly have responsibilities. Yes, a swell as they do. Okay. Okay. All right. So scoping. Yes, of course. We what do we want to see if the out at the end of this whether you know again, this supplies beyond that’s that’s sweet program, but, uh, you gotta have a scope document. Yeah. Okay. All right. Yeah. It’s hopeful about both sides. Not just for the non-profit, but also for the, you know, the probono person because the probono in person and it knows what’s expected of them. And then is mohr able to know if their skills is the right skills and if they’re able to actually achieve it, or to start to understand if it’s even impossible within the amount of time that they’re given to do it? Okay, and that they have to do to donate. Okay, all right, what comes at right now? Snack it’s, savoury snacks are being served and the announcement is being made. That is not theirs, not god. Not on. I’m diffident, it’s. Just somebody who knows that the savoury snacks are being served. That’s awesome that’s extension of a sense of his omnipotence. Chocolate snacks, including big urns of chocolate milk. Here. Then i see which i don’t know about the rest, but i kind of like talking, but it was weird to see a milk in an urn and you don’t see that very clear that they were armed with a silver top. It looks like a three gallons, three or four gallon earned. It looks like to me. Yeah, and with a little with, you know spigot on it. Okay. Okay. After scoping working with our technical volunteers. Aaron, what comes? Next what i’m really getting into the meat and potatoes of getting the project done and, you know, something that’s important to think about there is project management because sometimes you’ll get a really excited set of volunteers. And if there’s not somebody who’s responsible for keeping the project on track, as with any project you’d work on probono or not, you know, khun, go kind of off the rails or can get delayed, or people can kind of wander away, and it doesn’t get accomplished on the time that you really had set aside for it. So focusing, having that timeline, having a project manager who’s going to lead everybody through the process is really critical. But now we are working with volunteers. So where do you draw the line between? You know, team, this is you’re too slow and okay, team i understand. We understand who will will extend the timeline. You are volunteers and we don’t want to lose you because we’re twenty five percent of the way into this now, right? How did we manage that? Well, it’s a collaboration. So i think that’s one of the most important things about using technical volunteers is that it’s not like you’re saying i want this project done, go do it and let me know when it’s done it’s that you are saying, i’m going to work with you and we’re going to get this project done together, so if it starts getting delayed because of your timeline or their timeline, you’re kind of in that together and you can re adjust expectations vs if you just kind of set it and forget it, then you have no idea what’s going on on the scenes, but if it’s a true collaboration, then you’re both coming to the table. You’re both taking on work in order to get this delivered and the project’s going to be something that really resonates with your organization and that you can continue using for a long time if you were part of the process versus if non-profit volunteered just came in. Did something said, here you go and then left. You might not know how to use that thing in the future, okay? I don’t know, princess is i don’t want to put you on the spot and say that sweet volunteers volunteermatch please there, there, there, there, over budget there, behind time. E, you want to you want to get more out of this so you don’t know anything you want to add to this part of the project management internally, we had to make sure that we were prepared for our meetings, okay? You know, you have periodic meetings face-to-face orwell, skype or whatever virtual virtual once a week, and prior to that meeting on the non-profit side, we had to be prepared in order to get the best benefit from the professionals on get their insight in their feedback. Ok, what do you want to say about preparation? You got to get the right people collaborating internally. So internally we have a great team, you know, working with the accounting team and then also communicating that information to the leadership team for their feedback, and they’re circling back to net sweet just to make sure that they know that things are working that were, you know, also to make sure that we’re on track and to make sure that we’re on pretty much on track to complete the project. Okay, okay, i should have asked you earlier. What is juma ventures work? So junior ventures works too. They’re they’re fighting. The poverty, the poverty cycle by providing education and financial literacy to youth. And they employ the use at the ballpark. Ballpark venues around the area and what’s your area. Where are you? We are end. We’re here in san jose. We’re in san francisco. Where in nor new orleans. We have new york. Venue way are growing. Yes. Yeah. Your central. You’re west. Your east? Yes. Nothing north. The chicago. Detroit? Not yet. Okay, but probably definitely on the on the horizon. Okay. Okay. What’s, the budget there, annual budget. The annual budget is eight million. Yeah. Okay. Now, some people might think, why a million dollar budget? Why do they need probono? How come they couldn’t pay for the help that they need? So with non-profits we use most of that that money to sort of support the mission. And it is it is difficult to be able to provide income for this level of professional, you know, services? Yeah. You’re getting roughly eighty hours of technical help. Which several hundred dollars an hour. I imagine if you had to go out and purchase it. Yes. Okay. Okay. Fair enough. Uh, all right. Project management. That seems like a pretty broad topic is there more we could say about strategies for project manager? Upleaf i think the key there is just that collaboration and just trying to have regular scheduled meetings and you even having a regular format to that regular scheduled meeting like, we’re going to start the meeting and we’re going to look at the goal we meet the goal help along. Are we on the timeline? I know there’s not much else to say about the project management, except that it shouldn’t be a, um, attack or, you know, like we didn’t meet the deadline or, you know, managing it that way as much as trying to ensure the both sides are happy with the progress, but i’d say the other big key with that project management that isn’t talked about enough is making sure that the non-profit is in er the probono person is seeing their impact and seeing the progress that is being made and understanding how it is really helpful to the non-profit so the non-profit has sort of has a responsibility to keep sharing back to the volunteer of how appreciative they are from the help and the outcome that it’s going to do and what it’s going to allow that non-profit to do, they couldn’t do without that help. And just because the energy of a probono khun feed over time especially the project, is like three months or, you know that it’s time, you know, when they’re when they first start, they’re not they’re excited, they’re energetic, but then when they get into the weeds and then the problems start or they hit a hiccup part of that project management is keeping that person engaged and excited and reassured. Yeah, there’s value there’s a number of ways to do that of, you know, either to recognition or doing many celebrations of metoo hitting a milestone or doing, you know, small thank you says you go, i think that’s a big part of that project management. Okay, princessa you wantto share what what you’re doing around, sharing the value and encouraging the the probono volunteers? I don’t think i’ve done anything specific, but i think what goes a long way is the fact that they can see that their work is being utilized ized and actually brings value to the organization. How do they see that they don’t see that? During them during the project management phase, so they don’t see it until abila project is finished, right? But during the process, you know the fact that we’re not coming back with a lot of changes, a lot of iterations, you know, a lot of going over the time schedule in the time frame, i think it’s it’s sort of positive reinforcement tio let them know that things are going smoothly and according to plan and will be seen to her through fruition, your work is appreciated, yes, and i think the other thing that she’s maybe down playing a little bit is that she is able princessa did talk about how she was able to share that back-up with our leadership team, and i know that the probono volunteers are seeing the fact that there’s, an investment from the leadership team there’s an engagement through the team and their energy is staying up and excited about it so that just, you know, it plays into it, it doesn’t have to be in actually like a gift or anything like that. It’s just that continued conversation, okay? And i think as the volunteers get the exposure of understanding more and more of what you’re non-profit does they take away a real pride of what they’ve helped you achieve, even if what they were building is, you know, a small widget for your website, they are now kind of feeling a part of the team, and i love when i, you know, ask employees who have done probono projects hey, what kind of a project did you d’oh? What was the organization? And they automatically become the spokesperson for the organization they tell you about they light up there like, oh, and you’re now i donate to them or oh, i just went into the five k run for them and there’s so much more engaged now than they were before, and they kind of feel like they have a real responsibility for that organization because they took on actual technical work for them. That’s wonderful. All right, all right. Are we at project completion? Now? We have. We have a couple minutes left together. We’re okay. Are you anxious to get out of here? I don’t know. I mean, the project. I got to go somewhere way. Chocolate milk. You’re looking really good there in the middle. You can’t leave. Until steve, steve are princessa does okay, what? We’re project completion. Yeah, so i think the big project completion to me then is where we ended our presentation was talking about connecting it back to the mission, so then, you know, the outcome was a great great we created this financial dashboard, but i think taking a minute there and just saying, yeah, you just created a finding dashboard, but now what you’ve done is you’ve eliminated hours of work that i was doing every week in a manual spreadsheet that now i can really spend time analyzing that data and actually changed the way my organization works based on this data and just taking time to celebrate that, connecting it back to the overall goal and of inviting leadership, maybe to come in and talk to thank the volunteers. That could be a real way to wrap up and close the projects that leadership leadership touch again. Yeah, valuable aaron, anything. You know, i think revisiting the project maybe five, six months out is also really important for the volunteers just to hear from you about hey, you know, for six months now, we’ve been using these new dashboards. And here’s, what we’ve seen that’s happened at the organization, i had a probono project that some colleagues were working on a few years ago, where they helped build a social media strategy for a non-profit and a year later, the non-profit came back to them and said, hey, you know, because of that strategy that you helped us build, we want to grant to get a full time social media person on the other hand, it’s like gravel or the amazing, amazing stories, but had that non-profit not come back to the volunteers a year out and told them that they would have never known that we’ve just been happy about the project, but now they felt real prime glee that’s, magnificent. Princessa is your project finished? It is one week away from ove r being done there. Go deliver balls have been sent to us, the dashboards are set up, the reports are active, and it is now on me to actually play around with them and make sure that they’re functioning properly and any changes or anything like that, we would have to communicate back to the team, but we’re pretty close to signing off on that. Okay. This’s is exciting. Time was cool and, uh, what’s planned for the for the for the mark. The occasion of the completion dahna we hadn’t thought that far. That’s only you only got a week left. I got to get to ceo onboard is gonna be some something dramatic. Okay. Okay. Uh, all right. This is wonderful. Lots of great ideas are durney project management tools. Online tools that you you recommend that you like. If not, you could say no, but i think the project management for me, for this kind of a project, it depends on the severity or the scope of the project. But i think keeping it simple, askey, let’s say scope, not severity also. Very. Yeah. Yeah. E i think keeping the tool is simple. A za project. So you know, if it is something something as simple as a google doc just having a quick outline, they’re keeping your mini me meeting minutes. They’re keeping, you know, the record of what happened and what got done. You could do something more complicated now, but i don’t think it really needs to be anything more. Okay. All right. Should we wrap it up there? Hands alright, excellent, great ideas, lovett and that was leveraging expert or technical volunteers with steve hi solution consultant at net sweet also aaron dietrich, director of corporate citizenship at that sweet and princess bourelly director of finance for juma ventures steve princessa thank you so much. Thank you, thank you, tony martignetti non-profit radio coverage of sixteen ntcdinosaur non-profit technology conference thank you for being with us. Seven security pitfalls coming up first pursuant, they have a new content paper for you, it’s free and easy to get overcoming the major donor dilemma. How to identify and engage new major donors and also optimized your cultivation process. You’ll find this paper at pursuing dot com, and we’ll be spelling spelling bees for fund-raising are you kicking off millennial engagement in twenty seventeen? You can do it with stand up comedy, live music, dancing and raising money. Check out the video at we b e spelling dot com now, tony steak too you’re trump challenge re ducks director’s cut it’s still up it’s the reduction of the reduction check out to lula, the jack russell terrier. I’m telling you she has great insights into donald trump’s. Potential impact on non-profits and i have minor contributions. Check out the video. The director’s cut. The video is at tony martignetti dot com. And that is tony’s take two. We got to live listener love. I would do it quickly. And then, of course, the affiliate affections of podcast pleasantries. If you’re listening live love out to you you know who you are you know where you are. Thank you so much for being with me. Podcast pleasantries i still got to check you know i keep saying way we’ve been spiking twelve thousand on some shows. However many there are is way over ten thousand could be his money is twelve or thirteen thousand pleasantries to you, our podcast listeners and the affiliate affections to our am and fm station listeners nationwide, you thought of anything to say throughout the country, but i nationwide affections to you. Let your station know thatyou listen, i’d be grateful for that. Thanks so much for being with us. Here are leon wilson and dan revis from the twenty sixteen non-profit technology conference seven security pitfalls welcome to tony martignetti non-profit radio coverage of sixteen ntcdinosaur non-profit technology conference. We’re in san jose, california, at the conference convention center in san jose. My guest now are leon wilson and dan revis. Leon is chief technology and information officer at the cleveland foundation. And he’s sitting right next to me. And dan revis is managing writer for idealware. Gentlemen, welcome. Thank you. Welcome to non-profit radio. Pleasure to have you. Yeah, a pleasure being here. Your session is seven. Highly risky habits of small to midsize non-profits security pitfalls. That’s great. Leon let’s. Start with you. Why? Why are non-profits just not paying enough attention, teo. Security? Well, a lot of in the whole emphasis behind presentation was just my travels over the last four years of working with small and midsized non-profits and constantly seeing the same challenges that we’re dealing with. Some of it is just naive nous ignorance, complacency, poor slumming that it really doesn’t impact them until it does impact them. So we felt that this session was critically important to just remind them of some of the simple, basic and black lean tackling things. Okay, we’re trying to avoid crises here. Is that right there? That’s? Right? Dahna i mean, how bad can it be? Security, dan, don’t you have an actual example of or just making hypothetical, but how bad could it be? Well, yeah, i don’t have examples. We worked on a report recently where we talked teo security experts and sort of learned from them what are the things that non-profits they’re dealing with? And we found that, you know, non-profits are in an interesting space, as we all know, low budgets, very little time security often gets overlooked, gets neglected, it’s not particularly sexy, no it’s, sort of the vegetables, you know, the non-profit world. We were surprised by how many people came to our session because the reality is it’s the last thing you really want to do, but i think people have seen enough of the data breaches they’ve seen enough of the issues come out like weekly there’s, there’s, data breaches and that’s on the commercial side where they presumably have so much more money toe to throw with us. Absolutely on dh that’s where we see so much of trouble. Yeah, all right arika okay, i mean, it’s pretty simple stuff, i mean, the way you do, i don’t mean the topic metoo details of it, the way you’ve organized seven highly risky habits. Right. So all right, you know, you shouldn’t be sleeping with a bad partner. What? All right, why don’t you start us off? Well, leon, but you bring up anything point, they were all very common sense things that are happening. What we want to do is share with them if you’re going to do these things, but we wanted to educate you on how you can mitigate the risk. For example, one of the first things we talked about wass bring allowing people to use personal computers in the workplace. We know it’s going to happen because for a lot of non-profits it’s the way that they can save money because you don’t have to worry about purchasing a computer for someone. But keep in mind that you have toe put some provisions around that, like making sure that they have the most up to date somewhere running on that computer, making sure they have anti virus running on that computer, otherwise and who’s had who who else has access to the computer when they’re at their homes, their family members, friends, other type of disaster. Exactly. So we know it’s gonna happen. And that’s why we said that? We’re not telling you something that you don’t already know, but what we do want to do is provide you with some wisdoms and some thoughts as far as how can you mitigate, prevent or least contains some of the challenges that you’re going to be dealing with that so that’s a good example right there. Okay, so way need to have policies, i presume they’re absolutely around the use of the personal technology in the workplace. What are some of these policies? Well, i mean, just having a policy thinking ahead of time, what should we allow and what should we not? You know, that’s probably the first most important thing just to think it through. So you’re not doing that at hawk way or that people aren’t sort of making it up as they go along. But then from there, you know, some of the things we talked about our session things that you already know you need anti virus software, you need to make sure it was on your phone that your aps are not downloading something malicious. That’s pulling data from your phone, you know, there they’re things that you have probably all heard somewhere in. Your life. But, you know, in the work context, we sort of forget that, you know, we assume that there’s someone on the and who’s taking care of everything and we forget once we bring it home, you know, it’s up to us now, and so if you as leader of your organization, aren’t making sure your employees, they’re doing those things, they’re helping them do those things, there’s a lot of risk in that we did it, we did it really a straw man pole where we asked a lot of people had about forty or fifty people in our session, and we ask him how many of you have any virus software on your cell phone? I was expecting to see about release half only about maybe six people raise your hands, and i don’t even think most people know that that exists. There you go. So now wear allowing folks to share to sync up their email, sync up their email that context also get access to certain files off their mobile devices, because, again, it’s how we operated these at these days, and it works for a lot of us, but what happens when that smart? Phone gets stolen, lost or if you’re constantly upgrading, you’re a smart phone and you don’t properly clean out here clean out your smartphone well, if you don’t have password protection and also, if you’re not using anti virus software on their, imagine how others can get out that information. Where are we even gonna find auntie? But where do we start to look for anti virus software for our phone? It’s right out there? I mean, if you go out to the iphone store and just search for any virus software, if you go to the google play store and search for anti virus software, it is out there it’s just again. It’s not sexy, it’s, not something you’re downloading, usually downloading games and absent things that nature, you’re not down lee office productivity, our office, productivity, aps as well as in the especially for android phones because they’re not as police. The acts that are not a police there’s a lot of malicious acts that are out there, so you’re downloading what you might think. It’s a free game, the software but it is designed to then go after your contacts, your emails and other type of other types of information that could end work its way into your organization. Leon let’s, stay with you. How did we enforce these policies that both are saying are important on the in this? This this one on the personal technology side? How do we make sure that people are doing with their equipment what we’re asking them to do if they want to use it in the workplace? Great question. And that question came up a couple of times in our talk. Part of it is human police enemy some of it you can, you can you can afford through technology through right, so certain kind of tools, but sometimes it’s just about writing that policy in place, right creating a b y o d policy and and require all your staff members to comply with that were to sign off and understand a lot of his education, and then try to do sometimes basic auditing and checking with people’s equipment. Verify that they have this, that they have, that they’re compliant with those policies. So if you have the luxury of adapting technologies to enforce those rules and some of them are very commonplace with microsoft exchange and often sixty five you could do some of those things, but you you can’t it cost you nothing to write a policy, to put it in place forces, but enforcement. So there is actual verification. We actually going to look at their device and see that they’ve got on it what we are asking them to put. Well, imagine if you’re working for social services organization and you have health and human services information on there that information get lost, would you would you rather not go after and once a year check and verify that they are in compliance with that as opposed to falling prey to a hip, a compliance issue? Okay, okay, then let’s move on to number two are you know what a second? Why don’t mean necessarily in sequence, but what’s another one out of the seven? You know, another one that i think falls in line with it’s a bad habit that people just aren’t really necessarily very aware of is they’re. They’re not always very discerning about which cloud platforms they’re using so often people wanting his drop box. It’s easy. They probably have a personal account already and so, you know, you jump. On dropbox and you’re putting your data files from your organization on there, the reality is that consumer based called services just aren’t as secure as ones that air oriented, more towards business and enterprise type. I’m called service, so you know, people think they’re doing fine, they think they’re doing good, they trust drop box, but they don’t really understand there is a difference between using that and a more business orian commercial. What were some of the more? What are some of the commercial ones? Leon leon for-profit says that well, i mean what again, what we’re talking about rather than using the dropbox to personal version used to run blocks for business or dog bites for team rather than using dahna g dr usedto get a partial use g driver’s part of blue collapse whether than using microsoft one dr that you get for free if you haven’t outlook dot com account, use it as a part of one dr for business on the part of your opposite sixty five you have greater securities, the i t department or whoever is your tech support provider has greater control over containing who has access to that information. Plus you can retrieve that information more efficiently. Imagine it wanted you using your own personal dropbox account and it’s sink to, like five or six other different devices when you leave that organization. How do we get that information back from your personal rot box account? We don’t basic. There you go. So information’s out door now you’re basically are storing your data and everybody’s home when everybody’s personal device you’re probably not a magic. I don’t know how many people have tried to return. Retrieve a lot of information off a dropbox personal account’s been successful at it. Okay. Okay. So you thank you because you let your name three resource is there on top. Your head. Excellent. Ok. Alright. So safe for use of the cloud of cloud services. Okay, what else we got of our seven? Well, the one thing that we always harp on and people get a chuckle out of it. But we have deal with it is proper password management strong password using stronger passwords and insurance, and requiring that your staff members whether they’re using their personal devices or if they’re using company own devices to use strong passwords and not just using one, two, three, four, five, six or password as your password, but also changing that passed were periodically will do with that that’s still out there, we showed a church, we showed her chart and still one, two, three, four, five, six password no past are still the top passwords being used by most folks. So we again we think that we’re past that, but we’re really not and what we’re what we’re doing in our talk is really just reminding folks and educating them of things that they know, but they just need to be reminded of people. Please have a secure password do not use one, two, three, four, five or password, no path, no pan out used you’ll be, you’ll be, you’ll be better than probably two thirds of users if you just eliminate those three things that i don’t use them. What oppcoll yeah again, you’re right. These things were here, but we’re not doing it exactly when i do it, there should be numbers that should be symbols. It should be a word out of a definition of what a lot of people are talking about. It now is maybe using phrases so you can’t you can’t assume you can’t you can’t expect your staff member to come up with a cryptic pass where like a b capital, jay lorts see one, two, three oh, the ampersand sign and all that sort of stuff, but they could come up with a phrase always use the example of it. He used big mac fries but capitalized, obey in the a m and neck and then using empress stand for the a m a that is going to be far harder to increase, to break to crack, then some some more simple password, but you’ll remember it. Or maybe a phrase that’s just known to you or your family or your yeah, yeah it’s in your from your grandparent’s something, and then you choose the first couple of letters of each exactly, exactly, and using symbols and numbers and still those things, too, make it somewhat creek critics still, because really, what? What happens? You know you’re you’re lengthening the time it takes to crack your password, you know, if they if they know there’s a with just twenty six characters a through z, they can do that a lot more quickly than if there’s twenty six. Characters plus, you know, ten digits plus cerini of upper case and symbols. You just magnify the difficulty. Yeah, absolutely exponentially. Okay, okay, give us another one again. Would you throw something else out from our from our seven? Yeah. You know, one that is another pretty basic thing. People aren’t necessarily always backing up their data. They they don’t have a plan for back-up. Yeah. Disaster recovery, you know, not just a disaster. Where, say, a server breaks down or, you know, something gets erased, but like real disasters, what happens if you have a flood and you know, your servers get destroyed? That way, you know, a fire, those sorts of situation, actually, at last, year’s auntie si i interviewed. I remember you could you could search listeners if you want to find this one. Her name was dar geever ca. It was all about you, you know that. You know, you know that, you know, dark. It was all about your disaster disaster recovery plan. So that was just one year ago. But first of all, you gotta have a plan. You’re not the airtight may not be hurricane proof, but i have a plan, right, let’s. Get started well, that’s the key thing, and we were saying that a lot of non-profits have become more mature, smart backing up their data. But david, backing up your data is just one part of it. When you talk about disaster recovery, you’re talking about protecting the entire environment. So if your server crash it’s going to take a lot longer to bring that server back-up depending on how you been, how you been poor, proactive, into that recovery, then just restoring the working files, how long is it going to take for you to get the operating system back-up apply altum security patches and all that sort of stuff and depending on the type of non-profit you are, is that ok or not for you to be dahna day a week, two weeks, so when we talk about disaster recovery we’re talking about you got to go beyond just backing up the data, you’ve got to be concerned with the environment as a whole and what is your strength? What is your what if analysis for if this were to occur, when are we going to do? Like what you’re hearing a non-profit radio tony’s got more on youtube, you’ll find clips from stand up comedy tv spots and exclusive interviews catch guests like seth gordon. Craig newmark, the founder of craigslist marquis of eco enterprises, charles best from donors choose dot org’s aria finger do something that worked. And naomi levine from new york universities heimans center on philanthropy tony tweets to he finds the best content from the most knowledgeable, interesting people in and around non-profits to share on his stream. If you have valuable info, he wants to re tweet you during the show. You can join the conversation on twitter using hashtag non-profit radio twitter is an easy way to reach tony he’s at tony martignetti narasimhan t i g e n e t t i remember there’s a g before the end he hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a short monthly show devoted to getting over your fund-raising hartals just like non-profit radio, toni talks to leading thinkers, experts and cool people with great ideas. As one fan said, tony picks their brains and i don’t have to leave my office fund-raising fundamentals was recently dubbed the most helpful non-profit podcast you have ever heard. You can also join the conversation on facebook, where you can ask questions before or after the show. The guests were there, too. Get insider show alerts by email, tony tells you who’s on each week and always includes link so that you can contact guests directly. To sign up, visit the facebook page for tony martignetti dot com. Lively conversation, pop trends and sound advice. That’s. Tony martignetti non-profit radio. And i’m lawrence paige nani, author off the non-profit fund-raising solution. Dar even went into the possibility that some organizations may need off site places to go. Well, you gotta have some place rented or or have a share agreement for when you needed an emergency for physical location. It is it is conceivable me, obviously, going to the cloud has helped out tremendously as far as people who still itjust dorner information in a cloud using google laps ofthis office. Three, sixty five things that nature there, they have access to their working files, and they could still use things like microsoft office or google docks and things that nature. But if you’re trying to get to your donor zsystems and hopefully that’s in a cloud of swell, but there might be still some things that are on that physical server and what happens if that server was to crash or the building that you’re operating out of two is inaccessible or loses power? Yeah, okay, all right. They’re excellent. What else you guys got? Well, the one of things that we also talked about that we want to touch on was about software management. And this is about basically ensuring that when you’re doing software updates, patch updates and things that nature, that you do it in an intelligent matter-ness not every not every update is a good update. A lot of the hackers thes days are going through the adobes, the job of e ems and things of that nature. So you want to be mindful of that? And you want to make sure that if you’re allowing people to download software and do updates on their own, um what? What are your provisions around that they’re actually downloading malicious software. So we talked about again, more policies the potential the locking down the workstations and required an it person or tech support person, too. Basically white list that particular software patch up days before comes down. Because once you do that, then it help out with on the productivity. Okay. Okay. Anything else, dan, you want to add about the suffering management side? No, i think that covers it that way. Okay. Okay. Don’t want to go through these two fast. No that’s. Quite all right. Okay. So feel free to elaborate. Well, well, i will share that one thing that in the office, when we’re talking, we’re going to talk. That thing that came up a lot of security and especially we start talking about cyber security, and they say, well, leon and dan, if you’re telling us we have to be have stronger passwords if we have to be responsible about where we’re storing our data in mohr business, great cloud storage solutions as opposed to consumer grace clouds store solutions, what does that say for cybersecurity were what are your thoughts on cybersecurity? And what we were sharing with them is that we feel that a lot of the cloud stores a lot, a lot of the cloud vendors are doing a decent job as far as doing that. What we need to start looking at when we start talking about password management is looking to some of the clouds cloud password management solutions out there, because now we’re requiring our staff members to remember five or six or seven different passwords because they log into their computer one way they logged into google app susan another password because we were now no longer have single sign on any more, so they were asking questions regarding that and make it, and we were given recommendations on tools like last past and so forth, okay. Let’s not gloss over this. Yeah, yeah. Last last past a cz one of those clouds on password management solutions and there’s two or three others that are out there if you go out there and google them. But what they allow you to do is is almost like a software it’s. Almost like a password vault. You can upload a key and all your primary passwords. And then you have one master password with some kind of token key that allows you to then log in one time. And then those solutions was analog into your sixty five. Those solutions argument with in laws because they have they have they hold on to your credentials. So as we’re now moving into maur, this hybrid mode where we still have to log into a local network. But we have a lot of our systems out in a cloud. We have to now deal with howie managing our passwords across both in the cloud and on premise. Okay, about dash lane. Either of you familiar with it. Actually. Password management is that you think is in the same camp it’s in that same camp with last pass and so forth. I mean there’s two or three, they’re out there. Octus another one that’s out there that a lot of people are trying to use for a single sign on between their microsoft active directory network as well as in the cloud. So and some of them tie in with things like salesforce. Dot com embraces these kind of things. So the more major players out in the field, the major software vendors are making sure that their cloud management solutions are our being able to be accessible through these cloud password management system. Okay, dash lane, last pass octa okay, and he wasn’t any another one. You want to shout out as worthy? There was another and there’s another incarnation of non-profit radio. So you won passed hyre special one passes another one as well. Ok, very good. What else? But this is in our list of seven. Well, the other thing that we talked about it kind of going to school in size. We are talked about personal computers to introduce it, but i’m going to talk about that. But then, if you want to talk about, we’re talking about the mobile devices and so forth and the issues that come with that mobile, right? So we we talked about bring your own device when your pc or your laptop, you know similar concerns with mobile devices. You know, you need policies in place. I need to make sure that, you know, there’s a reality that people were using their phones or tablets for work. We’re taking our work everywhere now. And so how do you manage that? That’s a there’s a reality there that everyone’s probably living with on some degree. How do you minimize the risk and manage it so that your comfortable with how people using their mobile devices for work? Okay, how do you how do you know? Well, you know, i think some of the things that we’ve already talked about you making sure you have antivirus software on your phone is a really important thing, okay, you’ll be able to manage on some level the device that if someone say, leaves your organization that you can either you know, it’s complicated, potentially, but you potentially could delete some of the information in particular aps you’re not likely probably to be able to delete their whole phone and that’s probably good for everybody, but just having a little bit more control. On how people are using their mobile devices when it comes to work. And, you know, leon mentioned he’s sort of old school, and i think maybe very prudent in the sense that he has his personal device and he has a work device and he keeps those separate, i think, for for an organization, if you could do that, it really is the most prudent approach, because the reality is you can’t control. So what else is device they’re passing around with their family, you know, someone borrows it to look something up or use the phone, you know, that data contract veliz the reality. And so, you know, you have to think about that risk, and if your organization is sort of willing to take that risk, or if it needs to take some steps to kind of minimize the okay, we have time for one more dan you want introduce the last one? Yeah, the last one is the lack of network security, right? So you’re we often using wifi. You have a router. But did you make sure to set a unique password for that round? Or are you just using the factory setting and itjust admin, which is public. Anyone could look that up and get on your router at any time. You know things like that, making sure firewalls are in place. You’re making sure your network is secure altum throughout and i think leon comprise going more. Did you want to have anymore about network security? Yeah, that’s the one thing is it’s a multi layer it’s, a multi layered approach. So you have to have the external penetration protection with your firewall but that’s also where you need to also maybe have a firewall running at the pc level is well along with the a v and malware software. Additionally, what we were talking about, hiss. If you’re providing wifi access within your organization, you definitely want to have a separate wifi space for a guest, contractors, visitors and thea nature versus you definitely want to do that. And you definitely want because again, if you have people just coming in off the street in public and bringing in their laptops, you don’t know what’s running on their laptop you again. It goes back to a lot of the other issues we were talking about it’s, like, bring another personal workstation in there we’ll have to wifi. And exactly you want to have a separate it one where? Even if you give him a password to log again. That password maybe times out after two hours of three hours with boy, they have to re authenticate, separate from your stamp, where they’re always going to be able to go on and have constant access to what? You want to keep it separated. Okay, we’re gonna leave it there. Ok. Cool. So it’s cool, right? They are. Leon wilson, chief technology and information officer at the cleveland foundation, and dan rivas, managing writer for idealware. Gentlemen. Thank you very much. Thank you very much. I have to a highlighter intense wag item. We’re doing that each each interview and i neglected due in the beginning. We have this usb flash from texas, and we had that to the pile of here. You might have thought we just have a message said that’s. Not true. Thean ten swag pile. Very well organized. Cool. See? Very nice. Tony martignetti non-profit radio coverage of ntc sixteen twenty sixteen non-profit technology conference. Thank you so much for being with us. Thank you. Thanks. Next week, zombie loyalists. If you missed any part of today’s show, i beseech you, find it on tony martignetti dot com. We’re sponsored by pursuing online tools for small and midsize non-profits data driven and technology enabled, and by we be spelling supercool spelling bee fundraisers. We b e spelling dot com. Our creative producer is claire meyerhoff. Sam liebowitz is the line producer. Kevin dollars are am and fm outreach director shows social media is by susan chavez, and his great music is by scott stein of brooklyn. You with me next week for non-profit radio. Big non-profit ideas for the other ninety five percent. Go out and be great. Hey! Buy-in what’s not to love about non-profit radio tony gets the best guests check this out from seth godin this’s the first revolution since tv nineteen fifty and henry ford nineteen twenty it’s the revolution of our lifetime here’s a smart, simple idea from craigslist founder craig newmark yeah insights, orn presentation or anything? People don’t really need the fancy stuff they need something which is simple and fast. When’s the best time to post on facebook facebook’s andrew noise nose at traffic is at an all time hyre on nine a m or eight pm so that’s, when you should be posting your most meaningful post here’s aria finger ceo of do something dot or ge young people are not going to be involved in social change if it’s boring and they don’t see the impact of what they’re doing. So you got to make it fun and applicable to these young people look so otherwise a fifteen and sixteen year old they have better things to do if they have xbox, they have tv, they have their cell phones. Me dar is the founder of idealist took two or three years for foundation staff, sort of dane toe add an email address card, it was like it was phone. This email thing is right and that’s why should i give it away? Charles best founded donors choose dot or ge somehow they’ve gotten in touch kind of off line as it were and and no two exchanges of brownies and visits and physical gift. Mark echo is the founder and ceo of eco enterprises. You may be wearing his hoodies and shirts. Tony, talk to him. Yeah, you know, i just i’m a big believer that’s not what you make in life. It sze, you know, tell you make people feel this is public radio host majora carter. Innovation is in the power of understanding that you don’t just do it. You put money on a situation expected to hell. You put money in a situation and invested and expect it to grow and savvy advice for success from eric sabiston. What separates those who achieve from those who do not is in direct proportion to one’s ability to ask others for help. The smartest experts and leading thinkers air on tony martignetti non-profit radio big non-profit ideas for the other ninety five percent.

Leave a Reply

Your email address will not be published.