And welcome to Tony Martignetti Nonprofit Radio. Big nonprofit ideas for the other 95%. I’m your aptly named host and the pod father of your favorite Hebdomadal podcast. I’m traveling for several weeks, so my audio is not gonna sound as good as it usually does on the road with my laptop. But the, uh, the quality is still there. It’s just that, the, the, the substance, of course, still high quality. It’s just the sound quality, not so good. Oh, I’m glad you’re with us. I’d suffer the effects of urethral incontinence if I had to leak the idea that you missed this week’s show. Here’s our associate producer, Kate, with what’s up this week. Hey Tony, here’s what’s up. Disaster recovery and incident response for accidental techies. Our conversations from the 2026 nonprofit Technology conference continue with your DR and IR plan. Cyberattacks, hardware failure, or human error can cause big problems, but get minimized when you have the right plan in place. Amanda Bach helps you keep calm when everything crashes by working ahead of time to identify your critical systems, create actionable response steps, test your plan, and maintain resilience. She’s with Paths for Families. On Tony’s take too. Under pressure. Here is disaster recovery and incident response for accidental techies. Welcome to Tony Martignetti nonprofit radio coverage of the 2026 nonprofit Technology conference. We’re wrapping up our day two coverage with Amanda Beach. Amanda is IT support and operations specialist at Paths for Families. Amanda, welcome to nonprofit Radio. Thank you for having me. I’m glad you’re with us. Your topic is disaster recovery and incident response essentials for accidental techies. Oh, that’s great. So you obviously do not need to be a tech person to understand what to do in case of disaster or bad incidents. Could you just give us an overview before we get into it deeper? Um, of incident response and disaster recovery, you wanna be prepared for anything from, um, floods, fires, anything that can happen to your agency or your house, um, and also incident response like cybersecurity and ransomware, um, so you wanna be prepared for either of those incidents and have a policy so you’re not making the decisions on the fly and in the panic. OK, you want, you want us to keep calm during these. All right, thank you. Thanks for that. Look, it’s like 30,000 ft overview. So let’s, uh, let’s dive in a little bit. Um, yeah, so it’s not all bad actors, like you said, floods, fires, right? Uh, technology fails. You may have heard rumors about that from time to time. Hardware fails. OK, OK. Uh, but it could also be bad actors. Yes, that will the cybersecurity, that’s we’re gonna tie that into bad actors with cybersecurity and then the incident response. OK, OK, um, would you like to talk about the, the cybersecurity first? Is that, is that the best way? Or we can tell the disaster recovery and then um there’s other plan called business continuity. Um, business continuity is kind of where you want to keep all of your business essentials in one place and basically I call it a table of contents of any incident policies you may have and you wanna just think about like your what what you’re gonna do in a disaster, what you’re gonna do in an incident response, and then what you need to do to get back online. OK, OK, so let’s start with disasters. I don’t know, we wake up, uh, and there’s a flood, right? I mean it happens, uh, there’s a fire. Um, all right, so what do we need to be thinking about in our. Disaster recovery plan so that we’re not Panicked and we are well we’re still gonna be a little panicked with a fire or a flood, but we’re not as panicked as we would be if we had no plan. You want the first thing you wanna think about is how you’re gonna communicate with other staff and how you’re gonna make sure everybody’s safe. That’s the biggest thing is we wanna make sure they’re safe. Um, if obviously we’re gonna call people or email them, but it might be the Internet’s might be down like wireless communications could be down, um, in which case you can create like a meeting spot. And we, so we have two offices in Maryland and we created a park or uh designated a park in between the two offices and within a certain time frame after that incident we all go and meet at the park in person in order to make sure we’re actually all physically safe and to see if anybody needs any support. Um, another piece of advice I give everybody is buddy system. So if you have somebody that lives near you, go check on them. Like, does anything, you know, do they need anything? Are they physically OK? And then the last piece is we have to um have two forms of communication like um emergency contacts for somebody and this is also good for our remote workers who might work in another state and let’s say a hurricane has hit Texas before and we have a worker in Texas we couldn’t reach her because she was out of power so we were able to. That family that she had in the area and they were able to confirm that she was OK she just had lost power so it’s a way to also include remote employees who are not physically in the state that you are in OK and those forms of contact and that includes other people. I thought you were taking like sell an email, yeah, but like sell an email might be down so then you got to think of an alternative way to make sure everybody. is safe. OK, so there’s an alternative contact person for everybody on the team. OK, OK, um, and who’s managing our, our plan, our disaster recovery and incident recovery plan? The plans are made for the people. Like they help avoid confusion and panic, but the point we like the basically the agency will develop the plan. Um, the IT team, like our IT team is developing the plan, but we’re help, like especially disaster recovery, we’re including everybody else’s feedback because we wanna make sure like what do you think you might need in a disaster? Like what do you think would help you? So disaster recovery we are including like other staff people and their feedback because we wanna make sure like. What do you need and what can we do to help you because part of it, well, you just talk about safety and communications. How can we make sure you’re safe and how can we get in touch with you? Yeah, and that’s the other thing is how do we keep people safe, not only how do we communicate with people, but how do we keep people safe, um, so one of the things that we talk about is like if there’s an incident in an office location or your home. Um, evacuate if you need to and then shelter in place. People don’t think about that, so we actually lay it out in the plan and so like shelter in place, turn off any like white lights, any, uh, music producing or, you know, noise producing things, and like if you can move heavy furniture in front of a door to protect yourself, not necessarily for like an active shooter, but it could be fire, it could be anything else. Um, and then the other thing we wanna think about is also sending emergency alerts out. So if you’re, you’re in an office and let’s say there’s something going on in the office, you wanna alert somebody who might be coming in to that location. And say hey there’s a fire in the office. Don’t everybody stay away from this location because somebody just could come into that office and not know. How do you do that? Um, emergency communication sometimes via email or you could do like group text or like WhatsApp text or Teams, um, if you have that, um, information, um, sometimes like we’ve had somebody. Call somebody else and be like I can’t talk. I can’t send this out can you alert the other staff that this is going on? It was just a power outage we had a power outage in the office and obviously she couldn’t get anything out because everything died on her and so like can you let everybody know don’t come in because we have a power outage, um, and then we also say follow local law enforcement instructions so if they’re on scene they take priority and they’re gonna be the ones that help do that do you practice these? Um, we haven’t, but we are going to start. Um, I call them like fire drills. Yeah, yeah, we walk in and there’s all of a sudden there’s, you’re, you’re just, you came into a fire and you were just told to evacuate. All right, so do it and let’s carry out the plan. Yeah, that’s the same thing we used to do in elementary school, like fire drills because you thought we never know. Yeah, and then the next thing we talk about in disaster recovery is how do we return to work? How do we do the work we do if something might be going on. Um, so we always tell everybody to be flexible, like understand, and if we can get a message out to clients, just explain to them like, hey, there’s been a fire, our staff is affected. If we can’t, then we’ll just like maybe we’re re remote work. Everybody just shifts to all remote work, or they, we can work from an alternative location. So if your office has been like had a fire, you can maybe go to a local library. And work at your library in order to um get the work done and then you always wanna have have your leadership obviously they they know they know what’s going on and ensure that they have um clear communication out to the staff what to expect like everybody can remote work, OK. The uh the the office is gonna be reopening. Everybody can come back and so it’s just making sure that everybody can do that safely, OK. Do you have people for each of these communications? Like even the emergency communications, like, is there somebody designated and then there’s a secondary, or it’s we haven’t thought about that, but that’s a really great idea. But if whoever’s in the office, if there is something going on like primary person might not be there, yeah, so it’s like if there was a fire in the office and there’s a person there, then obviously they’re the point of contact to like get the information out, yeah, um, I was thinking more like routine like coordinate communicating with the staff. The, the office is going to reopen in 3 days. Yeah, that would typically. be like the senior leadership and like the CEO like I know our CEO like when we have recently had a snowstorm, an ice storm, we actually did shut down for a while and she was communicating out via emails, hey, we’re gonna be closed for 2 days hey everybody can take a 2 hour delay so she was kind of the one that was like leading the charge and letting everybody know about that. OK, yeah, um, what else besides safety communications, what else belongs in this disaster recovery plan? Um, it’s just everybody just has to remain flexible and remain calm. And the more you can do that, the better everything will be, um, and then like just every just take your time getting back to normal to be safe about it if you don’t feel comfortable coming back yet just communicate with that and I feel like at that point everything is great. Um, the only other thing I recommend is with all of your policies like this disaster recovery and incident response, make hard copies for all of your offices and all of like your IT and leadership have printed copies in their homes in case the Internet goes down and we can’t get to it. We’re, yeah, then we’re in big trouble like, oh what do we do? Well, I don’t know, it’s in SharePoint, yeah, it’s the plan in the cloud and we can’t get to the cloud, yeah. OK, excellent. I was thinking of something, but uh uh it’s escaped me. I will, I’ll think of it, um. All right, thanks. What, uh, so, so, so distinguish this again between disaster recovery now and incident response. Yes, so the way that this disaster is like you’re recovering from a disruption, a major disruption that has happened with your agency. The incident response plan is now something has happened. Now how are we gonna fix it, and that’s gonna be a lot more involved than disaster recovery, um. So the first thing you want to think about, I’m sorry, before we get to incident response, I thought of the thing I was thinking about disaster recovery, um, we’re, we’re gonna be remote maybe for a week. We had a fire, flood, whatever. What if everybody doesn’t have the tech at home that they need. To to do the work remotely and their laptop was in the flood. Yeah, I mean it’s something we’ll definitely work with staff on um thankfully our like our office we all have laptops and we all work from home, but if need be like we would make sure they have what they needed to. Get you know the work done like again if you’re if you have a buddy system or like if there’s a way we can like FedEx you something if you live like externally but you’re like something happened and you need us to send you a new laptop because you’re burned up or something we can obviously FedEx and get you what we need. It’s time for Tony’s take 2. Thank you, Kate. I’m feeling under pressure with my book. The editor is the next step, and she needs enough time with it. Before we get it to the graphic designer who also needs time with it. And this is, this, this is all just feeling, uh, a little stressful. A little, uh, you know, like deadlines are imminent. I’ve got, I’ve got to finish my part within the next like 788 days or so. And there’s still a fair amount to do, so. That’s why I say feeling under pressure like the uh. Queen and David Bowie song from 1981 Under Press. Uh, that’s all I’m saying. Uh, trust me. So just uh sharing that, you know, book. Publishing, self-publishing is uh still fun. And I’m enjoying it. Uh, it, it’s, it’s a challenge, but I’m up to it. Just uh feeling. Under pressure for the next week or so. And that’s Tony’s take too. Kate. Well, if singing doesn’t work out, at least you’ll have a book. Singing is not likely to work out, so the book better do very, very, very well. We’ve got just about a buttload more time. Here’s the rest of disaster recovery and incident response for accidental techies with Amanda Beach. Incident response, um, it’s like what are you gonna do when something happens, um, so the first thing I like to lay out in my incident response plan is identify what your three tiers are for your, your, um, software. So tier one would be the most critical software and that can’t go down like you can’t function as an agency if it goes down. And so our, our example would be email, our website, um, like our phone system, things like that because we need to be able to get in the clients and get the support out. Tier two would be something that can go down for a like small amount of time for a small disruption. But has to come up in order for us to function a little bit, um, so our example would be like Zoom and Teams because that’s how we do like our video calls and our trainings and then tier three is some like things that can go down but they don’t need to come up right away and you can find workarounds so such as like. FedEx.com stamps.com. Like if we need to send something out we can just get in our car and take it to there. So you want to start by thinking about what are the most critical things first so when you do have an incident or a disaster, you know what you need to bring online 1st, 2nd, and 3rd, yeah. So with an incident response, yeah, so you wanna think about the first thing you want to think about is who is going to be on the team you have to have an incident response team like who is going to. Be on the team to help run the plan when something goes wrong, um, so, yeah, great question. So that that you could, it can vary depending on the agency and who wants to know. See, on ours we have about 5 people, but you could have up to like 67, or 8 people. So one instance is the IT manager and IT lead. They’re gonna be the person. That kind of liaisons between all of the members of the team kind of making sure everything’s getting done we’re on track with things, things like that you can have your IT support and uh IT vendors so like we use a managed service provider and we also have an MDR vendor so we would include them because they need to know what’s going on uh. Oh, I can’t remember right now, so, so they, they monitor all of the, the back end like the, uh, vendors and stuff and all of our, um, security. Um, that’s, that’s blanking on me right now. All right, they, they manage your back end. They, they, they watch your butt, yeah, and like they’ll alert us if like somebody is logging in from like Sweden or something, so they just kind of help monitor our logins and like what’s going on, um, and then you, if you have, um, communications and PR team, so if you need to get anything out to the media, you wanna have somebody on your team if you need to do that. You wanna have legal counsel so in case there is law enforcement involved or anything we wanna have legal involved in case you need legal advice. Um, you’ll have HR in case there’s any staff or personnel issues that are going on, and then the biggest thing is cybersecurity insurance, a vendor, so just a little caveat, I highly recommend everybody has cybersecurity insurance because they will help you along the way. And like we did have an incident 3 years ago but we we we didn’t know what to do so yeah so somebody clicked an email signed in and then they got their credentials and they were able to log in as that person and I caught it. I called the person I’m like, did you send this email? and they were like, no, I’m at my son’s karate practice. I’m like, oh, so I called my managed service provider. I’m like, we have a problem. What do we do? And they were like, OK, well let’s call the cybersecurity insurance company. So and we did. They helped us hire. A forensic investigator, they helped craft the message that we sent out to the clients, help with like the client’s credit reports like credit monitoring. They crafted what we needed to put out for social media and thankfully it was just a small fee deductible that we had to pay. And that was it. But if the agency does not have cybersecurity insurance, they could go bankrupt paying for all of that. And like I said in my session, I probably wouldn’t be here if we didn’t have cybersecurity insurance. So always include them in the team too, because they like they took off running and they did it all, and which was great because we didn’t know what we were doing. Also the rescue reputation to risk your, your public communications, they helped you craft. Oh, it was perfect like. They they kind of did everything, um, but it was like we just kind of went from, but I highly recommend like you’re gonna take one thing away, have cybersecurity insurance because without them it’s gonna cost tens of thousands if not hundreds of thousands of dollars to recover from something, yeah, uh, more on the incident response, yes, yes, so the, um, you wanna establish clear communication, um, so again, essential communication is key. Um, depending on the urgency, so like when we had our incident, I picked up the phone and called, which is not our norm these days to actually physically call somebody, and but if I had sent her an email she may not have seen it until the next day and the bad actor could have been like in the system for even longer than it was so like think about that as well and then you also kind of wanna think about documentation. So that’s the next biggest thing I wanna say about any type of plan and policy if you ever have a disaster or an incident response, you want to document everything so think about how you’re gonna document and like how you’re gonna report how you’re gonna train staff to report an incident. And like set up blogs like it could be a Word document or an Excel and they could just be like like the who, the what the when the where the why just like Tina Smith reported a phishing email and she’s not sure if it’s a real thing or not so we’re just gonna document it. It’s better to have it documented than not sure. Um, which kind of leads us into the next stage of the what I call the life cycle of an incident response plan. Um, it kind of goes in a circle, but then it can kind of jump around the circle a little bit which I’ll talk about, um, so the first thing you wanna do is preparation which is creating your incident response plan, creating the team, getting those documentation ready, those logs ready like. Um, and then explained it’s trained to staff like what phishing emails look like, do the cybersecurity training with staff so they understand what they’re looking at and how to report it, and you also wanna tell them who to report it to like in our incident like you’re gonna report it. Like me and my boss, like we have a little form and then we’ll take it from there and then we’ll, we’ll contact you and then we’ll see if it’s a real incident or not. So that’s part of the preparation is like training everybody, um, and I always say at that point you’re gonna hope and pray you don’t go any further than that, um, but then the next stage is what I call detection and analysis so we’ve gotten. An alert from somebody that they think there’s an incident we’re gonna investigate everything whether it’s like oh I’ve got a phishing email I’m not sure what it is or hey there’s somebody it’s locked my computer out and I ransomware so we’re at that point we’re going to investigate it we’re gonna document the call or the end like the um report. And then we’re gonna like take a look and see like OK this is just a phishing email. Thanks for not clicking this great job to tight you know and then at that point we’ll go back, yeah, exactly, gold star and then at that point we’re gonna go back to the preparation so it’s kind of like like a. Bouncing around a circle and then if at that point if we realize it’s an actual incident like like this we had hacked and we had bad actor in her email we at that point it’s detection and it’s containment eradication and recovery so there’s 3 steps in that part of the plan containment we wanna contain that incident. So like we wanna make sure like the bad actor is getting getting out of that person’s email so we like reset the password reset multi-factor, and we were like looking at how this could happen plus you have a team or or a vendor who can help with forensics exactly and then the back out yeah see where they’ve been and then the back end. You’re like, OK, we know this happened, but how did this happen? So again we had the forensic investigator they like looked into how it happened and then so that’s containment and then eradication is how we’re gonna fix this, um, so it could be like patch on a software when you’re since your computer’s screwy like somebody got in. So, um, eradication is maybe we need to reimage the computer, maybe we need to start from scratch, maybe we just need to remove the software and then once we’ve done all of that recovery is we wanna make sure that everything is working as it should, but we also wanna make sure other staff. Are not experiencing that same incident so like it was an email that got sent out to everybody. I was like this looks weird, but we wanted to make sure that other people didn’t click that same email that caused that. So we were like, is everybody OK? Did you, you know, everybody’s doing everything and that’s, you know, you should be doing, um. And then from that it’s like it’s a full blown incident we’ve contacted everybody we’ve done the plans and now everything’s hopefully back to normal and then what you wanna do is you wanna have a post incident recovery meeting. So once after the incident has completed you’re gonna get your incident response team together and you’re gonna have like a follow up meeting about it and my biggest advice is that we’re here to learn what what happened from beginning to end but we’re not here to blame. Anybody for what they did or what they clicked or you know they didn’t do something right we’re here to learn about the process whether it worked or not so in that meeting you’ll wanna talk about like the timeline from beginning to end like all right like this person caught it we reported it then we did this then we did that um and given that also you wanna also review review all the documentation logs that we have so who did what when. There who talked to whom and like we want to make sure everything is like the I’s are dotted, the I’s are dotted and the T’s are crossed because if law enforcement has us have to get involved they’re gonna want our logs so they would want to know what happened from A to Z and all the details in between, um, and then you want to figure out what worked well, what didn’t work well, um, and then you kind of wanna like go back and review the plan and like. From what went well and didn’t, yeah, like what is this working as it should and then if it didn’t go back and tweak the plan, just start small. That’s like my old big advice is start small even if you have a one page incident response plan, start small and then go from there, as you know, you kind of not to hope that anybody has to go through with it, but just start small with one page and then kind of build on that and figure out what’s needed at that point. OK, OK, um, you had wanted to talk a little about the business. Continuity, yeah, so business continuity is I call that the umbrella of the all the um disaster recovery and incident response plans, um, in there I talk about like the tiers that I mentioned earlier about the software system 123 yeah and like and you also wanna lay out what disasters you’re actually gonna, you’re gonna like cover or what incidents you wanna cover in the disaster recovery and incident response so it’s like the umbrella term. So like are we gonna cover we’re gonna cover natural disasters, active shooters like really be linear about everything that we wanna cover and have policies for because so that way somebody knows like oh if there’s an active shooter in our office, OK, that’s in the disaster recovery plan so it’s kind of like your table of contents of like where do we find this where like if there’s an incident or there’s a disaster where do I go? So it’s like that’s your umbrella and holds all the other information on there, um. The other thing that I get questions about a lot is how do we get buy-in from leadership and board about needing these plans? um, the best way to describe that and get the buy-in from them is explaining the risks like what could happen if we don’t have this plan. And the answer is you are making decisions on the fly in a panic and crisis mode and they may not be the most ethical and like responsible thing you’re just like running around with a chicken with its head cut off because you don’t know what to do and. You also wanna explain to them what’s gonna happen without it because it’s it’s gonna be a hot mess and so that’s a big question that I get all the time is like how do I, how do I get buy in because nobody’s like we don’t need these. I’m like yeah we really do and so we didn’t have a plan when we had our incident and leadership was like oh we were OK we we survived and. You know, everything went fine. I’m like, no, it didn’t really tiny incident. Yeah, you’re talking about the one that you caught that you reported, yeah, yeah, that was pretty small in the scale of disasters and incidents, yeah, and but it was like they don’t need a plan. I’m like it was, it was a little crazy because I didn’t know who to call. I didn’t know what to do. We had to call a forensics like they, we call mat. It was a little crazy and so we were like no I was a little panicked like and if I had had a plan I would’ve been like OK open the book all this I do this OK you do that so it’s really helpful to have like how are we gonna keep our business running when there’s a problem yeah that’s a good way to stop I think. How are we gonna continue business because there are people counting on. Well, people, animals, the environment, whatever, whatever, whatever our work is, there’s, there’s someone or something counting on us. We gotta continue. Amanda Beach, IT support and operations specialist at Paths for Families. Where’s Paths for Families? Oh, we are located in Maryland, DC, and Virginia. OK, yeah, thank you very much. Thank you for having me. I really appreciate it. You’re welcome. Thank you. And thank you for being with Tony Martignetti nonprofit radio coverage of the 2026 nonprofit Technology conference in Denver. Next week, more from 26 NTC with, branding you’re giving programs, and donor retention. If you missed any part of this week’s show, I beseech you, find it at Tony Martignetti.com. Our creative producer is Claire Meyerhoff. I’m your associate producer, Kate Martinetti. The show’s social media is by Susan Chavez. Mark Silverman is our web guide, and this music is by Scott Stein. Thank you for that affirmation, Scotty. Be with us next week for nonprofit Radio. Big nonprofit ideas for the other 95%. Go out and be great