Tag Archives: donor data

Nonprofit Radio for May 12, 2017: Your Cyber Risk & Beyond Online To IRL

I love our sponsors!

Do you want to find more prospects & raise more money? Pursuant is a full-service fundraising agency, leveraging data & technology.

It’s not your 7th grade spelling bee! We Bee Spelling produces charity fundraiser spelling bees with stand-up comedy, live music & dance. It’s all in the video!

Get Nonprofit Radio insider alerts!

Listen Live or Archive:

 

My Guests:

Marc Schein: Your Cyber Risk

Bad things can happen to all that data you store on donors, volunteers, employees, vendors and others. But, there are ways to minimize your risk and protect your nonprofit if a breach occurs. Marc Schein of Marsh & McLennan Agency shares his wisdom.

 

 

Maria Semple: Beyond Online To IRL

Maria Semple

Maria Semple, our prospect research contributor and The Prospect Finder, reminds you that real-life conversations (remember those?) can tell you so much more about your potential donors than online research. Book those meetings!

 


Top Trends. Sound Advice. Lively Conversation.

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.

Get Nonprofit Radio insider alerts!

Sponsored by:

Vertical_Color
View Full Transcript

Transcript for 339_tony_martignetti_nonprofit_radio_20170512.mp3

Processed on: 2018-11-11T23:40:51.720Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2017…05…339_tony_martignetti_nonprofit_radio_20170512.mp3.365018991.json
Path to text: transcripts/2017/05/339_tony_martignetti_nonprofit_radio_20170512.txt

Oppcoll hello and welcome to tony martignetti non-profit radio big non-profit ideas for the other ninety five percent. I’m your aptly named host. Oh, i’m glad you’re with me. I’d go into burbage oration if you repeated the idea that you missed today’s show your cyber risk bad things can happen to all that data you store on donors, volunteers, employees, vendors and others, but there are ways to minimize your risk and protect your non-profit if a breach occurs, mark shine of marsh and mclennan agency shares his wisdom and beyond online. Teo i r l maria semple are prospect research contributor, and the prospect finder reminds you that ria life conversations remember those little things i can tell you so muchmore about your potential donors than online research. Plus, she has conferences you need to know about on tony’s take two i’m wagging my finger, responsive by pursuing full service fund-raising data driven and technology enabled, you’ll raise more money pursuant dot com and by we be spelling supercool spelling bee fundraisers. We b e spelling dot com here is mark shine with your cyber risk. I’m very glad to welcome mark shine to the studio he is a risk management consultant with martian mclennan agency and an authority on cyber insurance providing strategies to protect sensitive employee, customer and business information. He’s a c i c a c l c s and are i am to find out that very shortly on dh the company is at mm. A hyphen. Any dot com mark is at em. Shine that’s s c h e i n c i c c l c s mark, welcome to studio. Thank you for having me. My pleasure coming closer to mike so we can hear you even shatter. Okay, um, we won’t talk about cyber. Cyber exposure would share what is define it for us first everybody’s talking about the same thing. Sure. So when we look at a cyber attack, you know certain industries think that it has to do with a nation state coming and hacking and things of that nature which which it does it could be, which it does absolutely. Okay, but there’s other exposures that really come tto tto light as well. Three idea we look att information and the type of information that businesses or not-for-profits have. And it really falls into three silos. Person identifiable. Information. P i at nonpublic names, phone numbers, so security numbers, email addresses, physical addresses, things of that nature. Ok, then when we look at p c i, the payment card industry that’s really looking at the credit cards, how many credit cards do you have on file that kind of that kind of information? And then you take a look at p h i information, which is the health care information, and so we look at it from three different from three different segments on dh for not-for-profits when we take a look at it, typically the way that they’re asking their donors to donate is video website and when they go on to the website. Typically what we’ve seen from our clients is you have to put in your name your address, your email addresses, personal latto personal info, a tremendous amount on, and then they ask you for your credit card information in order to make the donation. So now when we look at not-for-profits several years ago, the cyber exposure didn’t necessarily exist. Now there’s certain first party legal responsibilities in the event of a data breach that these non-profits have to comply with. Ok, ok. And you mentioned a whole bunch of acronyms p c i and c i a, which i’m glad you’ve defined because i’m non-profit radio. We have george in jail and i would hate to put you in there on the outside. Sit on. It reminds me that i forgot to go back and look at your acronyms. So you’ve got a bunch of letters after your name? Yes. Ah, i see. I see what’s the c i c commercial. Certify insurance counselor. Sort of what you even get. Confuse yourself, eh? So many. So many seas after my name that yeah, there are. There are three. Ok? So certify insurance, counselor. And then you’re also a c l c s yes, commercial lines covered specialist commercial lines covered specials. Now you must be especially proud of those because those were in your twitter id. Yes. Okay, but then rim what’s his rimming work. You know, what’s rim. I’m not sure what the rim that you’re referring grimm are i am response. The responsible that rim counts. I sit on the rim. Counsel for the pondimin institute, which is the leading organisation for cyber stats in the country. Cyber stats open among latto department institute looks like pokemon but it’s not a problem on that end. Exactly. Okay on dream is responsible information management correct at the pokemon that the bonem mind the parliament, its ottoman parliament. Sorry. Alright. Thank you. Okay, um all right. So we’ve got your credentials are clear. You got a lot of letters, a lot of professional certifications. All right, um, now i i mean, when we think of cyber breaches, i mean, i think of yahoo and target on dh even the democratic national committee meets off these highly sophisticated organizations, i think, a toast in terms of i t i would think that they are are vulnerable than surely small, a midsize non-profits have vulnerabilities to be concerned about. Sure. So so what you’re saying? And again, we’re not going to comment on any specific client just because of the nature of the business and who we are. But we’ll talk about is the exposure’s they all do face on dh. I mean, if these big organizations are at risk with yahoo five hundred million user i ds and, you know, passwords and things, right? I mean, this is so again when you’re looking at a hacker forgetting who the company is, you take a look at the breaches that are going on there now targeting the vendors of some of these larger entities because they realised that the vendors don’t have the same protocols. They don’t have the same budgets to implement the cybersecurity best practices that some of the fortune one thousand companies that you know you previously mentioned half alright, so sometimes it za something that’s, a contractor’s exactly it’s the low hanging fruit that they’re looking for. All right, so there’s a real easy. They don’t want to work any harder than anybody else does. So if they’re able to get into a smaller entity who has access into another larger entities, well, that could be the treasure so that they were just looking for okay, so that raises a good point if we are outsourcing any database management in terms of the of the type of data that you were talking about those three different categories we need to be sure that the vendors were hiring have have either insurance well, insurance, which would you’re not going to talk about and or on dh really should be end high. High levels of security. Correct. So we gotta make sure our subcontractors are vendors. Basically, you want to make sure that you’re doing your due diligence when it comes to your vendor selection. That’s a very important step on duitz something that businesses are now starting to pick up on something of march that we march my client agencies that we recommend when we’re talking to our clients and you hit the nail on the head. Ok, ok, it doesn’t happen often. So thank you for acknowledging the one of the rare instances. All right, right now, if we happen to be ah, ah, a target or a victim of ah, of a cyber exposure. I’m the first thing that occurs to me is a bad press. Yeah, what else? What? One of the risks are way suffer. I mean, not in terms of the data, but just in terms of costs and things like that. Sure. So so when you look at a data breach and you see what the average cost of a data breach was and, you know, the parliament institute, which were just reference the average cost of a data breach was about seven million dollars. In two thousand sixteen and when we look at it, what is the first party legal responsibilities that the business has or the non-profit has to do in the event of a data breach? First, they have to notify they put in a call to there hyre insurance broker they want put the carrier on notice, let him know that the possibility of a claim might be coming down the pike line. Let them work with the prefer providers that the cyber insurance provides toothy entity, then they’ll work with the data breach coach, which is the attorney who let them know what they’re for with their first party league responsibility’s ours builders that forward on then the notification because you not only have to notify the affected individuals in your non for-profit that were affected. But you also have to notify the estate attorney generals where those individuals reside as well. Okay, all right. We’re gonna unpack some of that. We got to go out for a break. Sharon, we come back, mark and i are going to keep talking about that and some of the other the hard costs of recovery. And then, of course, the ways of ensuring against a loss stay with us, you’re tuned to non-profit radio. Tony martignetti also hosts a podcast for the chronicle of philanthropy. Fund-raising fundamentals is a quick ten minute burst of fund-raising insights, published once a month. Tony’s guests are expert in crowdfunding, mobile giving event fund-raising direct mail and donor cultivation. Really, all the fund-raising issues that make you wonder, am i doing this right? Is there a better way there is? Find the fund-raising fundamentals archive it. Tony martignetti dot com that’s marketmesuite n e t t i remember there’s, a g before the end, thousands of listeners have subscribed on itunes. You can also learn maura, the chronicle website, philanthropy dot com fund-raising fundamentals the better way. Welcome back to big non-profit ideas for the other ninety five percent. We’re talking about cyber exposure, cyber breaches and what can happen if you and your constituents are our victim with marke shine, risk management consultant with marshall mclennan agency. Okay, mark, um, before the right before the break, we return about notification. Yes. All right, you gotta let the individual’s no. Yes. And the angels that were affected, that information could be compromised. Attorney general, you mentioned so when the state where the individuals reside, you have to also notify that a state attorney general all those states exactly could be notifying fifty. Well, forty general, forty seven different states have forty seven different state breach notification laws, which make it so complicated in the event of a major breach where you have donors, you know, across multiple different sametz one of the three states where they don’t care about their residents breach of data where those three states, when the close call in after we’ll play the game and we’ll let them call in and figure out if they could guess that. Oh, way. Don’t have way don’t have life callers. Okay, you got to reveal it. Shocking. What are the three? Sure, so, it’s. Some of the provinces province’s, yes way, have forty seven different states that have it it’s. I put you on the spot. Hey, gip. No, no it’s, not a problem. Okay, i get it. I’ll get back to way. We got about fifteen or eighteen more minutes. Ok? That’s right. Just seems to me like those states aren’t protecting. Their citizens are thin this narrow respect. Okay, um, attorneys general, individuals, of course. And you mentioned carrier if you have. Ah, if you have to have a cyber insurance carrier, they have obviously no. Also, exactly. Because the cyber insurance pays for these exposed the first party legal responsibilities the notification that we just went over then the forensic cost. You need to figure out how the breach happened. What did they take? When did it stop? Did you fix the issue now? Carries will pay for the forensic investigation. You also have to provide credit monitoring for the affected individuals. Roughly about twenty dollars per an up individual to provide credit money. Let me ask you about that part. The credit monitoring that i’ve seen the breaches that i’ve been notified about. It’s so it’s. Always been a year. A year of credit monitoring could be too it’s. Okay, i guess i haven’t been lucky. I’ve always been one, so now is that? Is that really valuable? Because i’ve read that this data is actually valuable three or four years later, after it’s been sold and those of us who are the victims have for gotten about the breach, so we’d like we can’t identify where it came from because it’s like two, three, four years later and the credit monitoring is long expired, then sure is that is that true? I mean, is the data more valuable to up to a bad guy? A few years after the breach? Typically the data when it’s out in the market, it’s its most valuable when it first comes out first, comes out when he first comes out. Precisely. You know you look at you. Look at a credit card. You know my credit card has been compromised before. Where there’s been fraudulent charges the next day, my credit card provider sends me a new credit card. Right? Ok. Ok. Credit card. I could see that. But what if it’s ah, date of birth. The address, you know, maybe maybe it’s password to for ah site. I mean, does that? It doesn’t have residual value, you know. Like, years later? Sure as well, you always want to make sure that you have it for when you’re when a company is goingto offer credit monitoring in the event of a data breach, you always want to make sure the year taking the full limits of whatever they’re giving, whether it’s a year or two can information be used. Five, six, seven, ten years down the road. Yeah, absolutely. But if the entity is going to be able to provide you with two years of credit monitoring it’s better than running around without after your information was just out there compromised. Okay? And i guess in terms of the credit card example and that it would cover you that way, but usually goes get a zoo. Said it was get canceled immediately. All right. Um all right. So we’re going to get to the insurance, you know, like the details of insurance. Um, so does that. Does that cover? Like what? That cover everything that the organization should do if they do suffer a breach each. These these notifications. Anything else? So? So they provide the notifications. They deal with the data breach, coach. They could do a forensic. Investigation. You know, some entities will be responsible for pc i fines or penalties or re issuing debit cards or credit cards. The’s a role different coverages that khun b now implemented within a privacy. A network security policy within insurance when we look at most other insurance policies, whether it’s, worker’s, comp, general liability, ah, professional and, you know, exposure, whatever it may be it’s all based off of an isil form and with the ghisolf whoa jargon job. Okay, s o form. Yes, what’s s oh. So i suppose the insurance services organization on dh what they are is they basically provide a vanilla form or vanilla suggestion and each carriers than able to change it a little bit and that’s what they have done to help develop property liability auto so on and so forth, when we look at cyber, there is no isil form, so one carrier can be all the way on one side of the room offering terms and conditions. Another carrier can be all the way on the other side and the prices and the terms khun b wildly different. And the coverage is okay, okay, we’re still going to get to that. More detail. I want to flush out a little something that you mentioned now. Twice. The data breach. Coach? Yes. What is his or her job? Who is that? Sure. So typically, what happens is each insurer will have ah, panel counsel or they’ll let you select your data breach, coach. And they will walk you through what your liabilities are, who to speak to who, not to speak to what you should be saying. What? Just not what? Your first party legal responsibilities are there going to be your end? All be all guide. Okay? On dh, they come from the carrier. Typically us okay? Or recommended by the carriers, like, typically comes from a panel counsel that the carriers have already selected. Ok, ok. Um all right. So why don’t we get into a little bit of detail about, um, different types of policies now, there’s there’s to protect yourself? Particular organization? No, that i know. There’s. Cyber insurance and there’s cyber liability. These two different categories of coverage. What? We’re all interchangeable. Okay, so same thing. Really? Okay. Privacy in network security is the technical term cyber insurance or cyber liabilities? The street name, if you will. Ok, i’m a street guy. We’re going to be okay, so what what what are we looking for? If where if we want to be out in the cyber insurance policy marketplace, what features should we be looking for? Well, you think it really depends on, you know, the entity and what their concerns are, because you want to make sure that this coverage specifically is highly customized for the specific business, so one of your not-for-profits that might have five hundred employees might have a dramatically different exposure than a company who has fifty employees out in north dakota, so we need to again figure out what their true exposures are. So we work with a client like we do on a daily basis, talk to them, figure out what their risk tolerance is, because cyber insurance, although it’s a technical challenge, the risks still is transferred to an insurance carrier or it’s held within to ah, an anti itself now are their policies that are for small organizations like suppose an organization has just eight or ten employees, maybe they have fifteen hundred donors, two thousand donors, they have some credit card info that they’re saving, which i guess we’re talking about whether they really need to save it. Or just transact with it, but they’ve got they’ve got that they’ve got some personal information because they like to send paper mail as well, and they’ve got is email addresses. Is there coverage for, ah, smaller organization like that? Absolutely they i mean, you could get privacy in network security first, a company smaller than that. Ok, eso eso absolutely size is not an issue when it come comes to obtaining this type of coverage. Okay, um, i don’t suppose it’s possible tow the premiums could are gonna vary wildly depending on what the what the risk precise exposure is like. So you can’t really ask, no point really, and asking what? Like what a premium thing would look like. All right, i don’t think, you know, i mean, you hit the nail on the head. It varies dramatically between the amount of records that you have, the type of information that you’re collecting the way that you’re storing the information, all of those play factors. And when trying to quantify what the premiums would be a first, i relied bilich policy, i have no one had twice, twice in one interview. It’s don’t get that’s a record, thank you now should i should’ve vendor of of these kinds of policies be able to help you determine whether you’re saving info that you don’t need to save and, you know, going to the point that you just mentioned if you are with the info that you are safe, so are you savings stuff you don’t need to do and what you are saving. Are you saving it in the right way under security under the right security? Is that is that part of this or that something separate? No, no, it’s absolutely. We want to make sure that we understand the culture of the business, and we want to make sure that they take cyber security to the highest regard in two thousand seventeen. This is one of the crown jewels, the intangible information that a business has on their donors, their clients, etcetera s o typically, what we like to recommend is some type of vulnerability and penetration testing an ongoing test that will say where where you guys are from a security standpoint right now, what the culture looks like, which changed? Andi in-kind gives you a snapshot in time of where we currently stand. Oh, this sounds like a very sophisticated vulnerability and penetration testing. Correct? Excuse me. Who does the who runs a test like that? I mean that something has been sighted. Offers cybersecurity firms, firms. Okay, it doesn’t have to engage a firm. Exactly. Go on, attack your precisely your size or your social media ate your internal networks, your servers, that nature. Exactly. Okay. Um, all right, what else? What else should we be thinking about? Is we’re going out into the marketplace? E think it’s, even before you go out to the market place that’s really, what your listeners need to think about is the proactive steps that they could do in order to make themselves a better risk. So when they’re out in the marketplace, a carrier wants to give them more favorable terms. So doing things like creating an incident response plan that basically says who’s in charge of what information who’s going to be notifying who in the event of a data breach which information was classified? Where, who had access to what? All of those different types of questions you want to make sure that you have that document in hand? It’s kind of like a fire. Drill back when you’re in elementary school, you want to make sure when the fire happens, you knew exactly where to meet the teacher the you know, the corner of the road, it’s the same thing when a data breach happened, you want to know exactly who is going to be dealing with the vendors and who had access to the information. The time to figure this out is before breach not after you in a crisis, their precise that’s the third time in the interview here, here, if they knew this guy’s coming back. Oh, my god. Okay, yeah, you’re in crisis and yeah, all right, what else? Things. These are things that you mentioned underwriter. So these are things you can do that will bring your policy, your premium down, you’ll look more favorable to an insurer. You will be a more favorable real scared. The more that you put involving your in growing efforts on cybersecurity, the more better off that a business is going to be going forward. Okay, don’t see intangible property going away any time soon. More people more aunties or collecting mohr information in two thousand seventeen than ever before. There’s a trend? That’s not going away. So we advise our clients to be proactive rather than reactive when that’s what we work with them on what else besides the incident response plan, could we could we be doing proactively? Sure what you want to engage with attorney to again draw the instant response plan? You will make sure you doing your vulnerability and penetration test. That’s what? I want to deal with your cyber insurance broker to make sure that things on the applications or actually being done and you’re not making a material misrepresentation when filling out an application. So if you spat that’s bad, absolute if you’re claiming claiming you have a plan or you’ve done vulnerability testing or something, and then then there’s a claim, and it turns out that you haven’t. Yeah, yeah, that could be trouble. Precisely. We don’t want to line an application. We make sure that our clients are truthful on. We work with them to find the best carrier for their certain circumstances. Okay? Okay. Anything else we can do proactively before we’re in crisis mode or, you know, we just maybe it’s part of our strategic plan. We’re planning for this. What if? There’s one thing that i can recommend to the management of the not-for-profits that listen to this organ, this radio station, you want to make sure that your training, your employees, the employees error factor can be the difference between a data breach in a non data breach if they know to what to look for in terms of a phishing attack on that can lead to some type of rain somewhere. These rural types of methods now that entities are individuals are using to try and breach a company, so we want to make sure that we train our employees thoroughly. What to look out for what to click on what not to click on that’s one of the biggest things that i would recommend when i go out and i do my talks, his employee training because employees era unfortunately causes a tremendous amount of breaches. Ok? Yeah, we’ve been thinking about the bad actors coming in, but you can keep them from coming in precise don’t click on the attachment there sametz expecting or doesn’t look familiar to you. Yeah, and on the same point of the employee training, what happens when the employees sent an e mail to jane doe and i’m supposed to go to john doe. And now all of that census information or the credit cards from your donors are now out there in the public. Well, now you have a data breach. So again, making sure the right protocols are in place. So an email doesn’t get sent. Teo, you know john dahna supposed to go to change original employee training. I can’t stress it. Enough is one of the biggest thing. I get your passion here. I feel it it’s it’s palpable in the studio. What else can we be training on them? This because this is valuable for people who even may not be. Then there may not be in the insurance marketplace or they may not be out looking. But but there are things that they can do to help protect themselves. Or what else can we include in employee training around this? Sure. You wanna make sure the policies and procedures in place classifications, policies things of that nature. Pacification of the information. What information was segmented? Was all of your information on your server? Was the secretary ableto access the same information? Is the ceo yes, levels? Right. So levels of employee access exactly. People classification. Okay, okay. You find that in database precise programs are apt aps typically, you know, somebody’s a super user. Only certain people can see social security numbers. Percent have access to things like that. And you want to make sure again the ceo is able to see certain information that perhaps the you know, the rank and file doesn’t necessarily need to see. Okay, so if there’s information out there that is highly sensitive and employees don’t need to see it there’s no actual there’s. No reason to give them access to it. Right? You have a business need exactly exactly, exactly so, it’s, just again. Doing your due diligence ahead of time rather than post. Ok. Anything else? Try employee training. This is gold. This is charlie’s gold for listeners. So what else can what else could be, including employee training again, i think we hit on a bunch of the major. But this way, you know, if you like one of your guests, i could put you in touch with a good friend of mine who does some of the training. And they could go into more detail. But my really okay experiences qualifying. Quantifying what a breach could come or cost and not for profit. And how come the bottom line of their piano? Right. Okay. Okay. Uh, now we still have some more time left. Eso let’s. Okay, like two or three minutes left to share. What happened? I asked you that you want to talk about i think the trends of the way that the breach has been happening. We’re seeing now certain thie carriers are now changing the policies because of the way that the attacks are happening. You know, what’s happened things like social engineering, social deception, that’s now you can now get incorporated into the cyber liability policies. What is this social engineering, social deception with so have you have you have you heard about the types of emails that are coming to the c suites? Were the rank and file from the c suite saying, can you make a payment to x y z company? We’re looking to acquire somebody, right? We call it voluntary parting of funds and this is now the need for a holistic point of view from a risk management standpoint when looking at a cyber exposure because this is a part where the crime policy and the cyber policy can interline to try and provide coverage so it may not just be crime may not should be cyber, but if yu of the overlap of the two, that might be the best form. So we want to make sure that we truly again understand the client specific needs. Because what we talked about today was all generalizations way need to understand their actual risk profile that you mentioned a crime policy. Now, this is something we haven’t talked about. This is something unrelated, right? Precisely. Coverage against crimes against the organization. Different types of crimes. Could be. You know, for this, the voluntary parting of funds, if somebody’s willing to transfer monies if sounds so innocuous. Voluntary parting of funds that sounds like i write my niece a check. That’s a voluntary parting of fund. I gave her fifty dollars for a birthday. It was young that’s. Why? Fifty dollars is enough. Don’t you think, uncle, you wanted to give you you needs to fifty dollars. Typically when these air going on this is ah, bad actor that it tricked and employees to release the funds like your example? Okay. Precise. Alright, thank you very much. We’re going to be there. Absolutely. Thanks for having me. Thank you for being in the studio. Mark shine. You’ll find him at m a c h e i n and then his credentials c i c c l c s thank you very much again, mark. Thanks don’t appreciate the very timely discussion we had because just today ah, sixteen health facilities in britain were breached. People couldn’t reach their own data. Medical facilities couldn’t reach patient data. Patients had to be diverted. So that’s, just today’s headline we got maria simple coming up with beyond online to hell first. Pursuant, they’ve got a new paper it’s free. Of course. Lots of free content from pursuant breakthrough fund-raising achieved the impossible with a new way of thinking. What is brick troop? What does break through thinking? And can you say it? And how do you get it? To help? Ah, use it to help you overcome your organization’s challenges like speaking and moving lips and tongue in move in precise ways that will actually form syllables which turn into words and sentences. How do you do that? Breakthrough thinking of course. How do you set a breakthrough outcome? How do you make sure that that outcome is going to reach far enough and achieve something that seems out of reach to you? But is not all right identifying actionable strategies to create a culture of breakthrough that’s, what’s all in this paper? Learn breakthrough fund-raising you can learn it, go to pursuing dot com click resource is than content papers. I hope you have more success reading it. Then i did talking about it. We’ll be spelling. Do you need to raise more money? One engage millennials, perhaps host of fund-raising spelling bee it’s a night out at a local place that’s devoted to raising money for your non-profit check out their video at we b e spelling dot com, and they get in touch with ceo alex greer. Very nice guy, stupid, stupendous guy, he’s an amazing guy. I love this guy, alex career ceo on duh you’ll find out more he’ll fill you in now. Time for tony’s take two. Are you properly registered in each state where you solicit donations? I’m wagging my finger at you if you are a northern louisiana charity, perhaps and you’re sending email to southern arkansas needs a register in both states if you’re in eastern oregon non-profit and you’re hosting an event in western idaho, you need to register in both wherever you are. If you mail solicitation pieces to retirees in florida, you need to register down there. Don’t get caught with your shorts down, please. That reminds me i wrote that. But then this reminds me of ah, this company truck that i saw once said ganz or electric, let us check your shorts. I love that. Ah that’s another that reminds me of another one. Um, it was roofing fiedler roofing it’s only done right if there’s a fiedler on the roof. I love those. I don’t know if ganz or electric and fiedler roofing. They’re out there somewhere. Okay. Charity registration back to that. I can help you. If you want help, i can help you do it. The video explaining what you got to do and what this is all about is that tony martignetti dot com. And that is tony’s. Take two. You probably very much looking forward to maria semple because i’ve i don’t know. It’s it’s, philo rough today. So let’s zoho maria semple to do a lot of talking and ill will just have sam bring my mike down. She’s the prospect finder she’s, a trainer and speaker on prospect research. Her latest book is magnify your business tips, tools and strategies for growing your business or your non-profit she’s our doi and of dirt cheap and free she’s at the prospect finder dot com and at maria simple. Welcome back, maria. Thanks for having me, it’s. Great to be here. And you’re in the studio today. Absolutely. That’s that’s, always special in the studio share is it’s not a great day to be in the studio with me, even though the first part was pre recorded. I don’t know how you can help me change the trajectory. There you go of my performance. Yeah, don’t don’t take your mic down because then it’s no fun. Okay, well, that’s ah, today that’s a debatable question. Typically, i would agree with you. All right, so we’re talking about going on beyond online and this is actually a topic that i think brought you and i together in early days, back when i used to write blawg posts actually write words i wrote something. On the value of going not only is researching online, but the value of actually talking to your potential donors, and i’m pretty sure you commented on it. Yeah, probably, yeah, there was one of the only things yes together. Yeah, yeah. So, you know, so many times when you think about prospect research and even on the shows that we’ve had, we’ve really focused a lot on the online stuff, you know, the technology and, you know, how can we get information? But, you know, we we haven’t spent a lot of time talking about, well, what are some of those offline strategies, those people, two people strategies that you can use to elicit cem, great information. And, you know, sometimes when i’m sitting there typing up profiles on individuals, there are things that i just, i guess, out of curiosity really want to know about that person, you know, i want to know more about what makes them tick and, you know, the strength of their marriage, strange from their kids, like those kind of questions, maybe no, but we have to get along with her parents just really what, what, what their interests are what are they? Really doing in the non-profits more conventional. Yeah, yeah. How are they spending? You know, even how, but but maybe even how are they spending there? Ah, they’re free time. Like how do they spend it? Are they volunteering? Are they? You know, vacationing? Are they advocating? You know, what are they doing so very often? I wish i could, you know, call up that person that i’m researching and say, hey, i got a couple of holes missing here in this profile and a love to ask you a few questions, and i have thought and going back to that blood posted i wrote years ago, you know, talking to the person and there’s other people who could talk to do we’re going to we’re going to talk about that, but talking to the person i’ve always thought is just a great source of information just ask open ended questions, right? And you find out about not only about their interests within the organization, but they’re family circumstances where they like to vacation, you know? I mean, who they who their friends are that might be affiliated with the organization that they might be willing to bring in and you know, you just you find out so much if you would just, uh yeah, talk to people. Absolutely, absolutely. So, you know, if if you know, if you’re doing the prospect research for the organization, i’m going to give you some some questions to think about. But also, you might think about ceding your your your development staff, your executive director and you’re bored with some of these questions that they might just curious, you know, in their conversations with people they might be ableto ask so that you can fill in maybe some some holes that you might have on the donor profile that you might be, you know, compiling on this person or just, you know, at some point filling in night now you and i have talked about boards being valuable for prospect research and occasionally or you think you advocate even regularly making part of boardmember or period board meetings or periodically list of prospects? Yes, a swell as institutional funders, funders and people thes air these these are the people in the organizations that are on our screen right now. Yeah. How can you help us with any of these? Right? Right. So it could be it could be through that process that you could elicit the information another way you could potentially do this is, you know, tony, you’ve, you’ve probably heard this phrase where if you want to get money, ask people for their opinion, has them for their opinion and they’ll give you money. So if you can figure out a way, tio, engage people either through a formal feasibility study or bring together some sort of small focus groups where you’re really getting people engaged and asking them questions and making sure that they understand there’s, there’s, there’s nothing behind this, we’re not you’re not being brought in the room to to solicit you in any way. We just really want your opinion, and i think that people start to feel more engaged and and committed to an organization once they understand that. Oh, you know that they want to know what i think about this organization and how to move it forward into the future. So, you know, i you know, kind of came up with my top ten questions that i thought i would love to ask, okay? Okay, we’ll get to those, um we’re going to get there. Um, so we mentioned the board as a good source. Focusedbuyer oops, sorry, focus group staff, you’re you’re you’re might be development staff, but not necessarily could be staff that’s interacting with people in a different in a different way besides fund-raising that’s, right? That’s, right? So maybe it is staff that’s involved with really just ah, organizing your volunteers so you might have a volunteer engagement person on staff that really just that focuses on your special events? Ah, you’re runs your walks, things like that s so they could be sort of armed with this set of questions as well, so they could just happy just be kind of on their radar and be always looking to collect this type of data because the type of data that we’re about to talk about a lot of times, you just can’t even find it on you. Yeah, and ah, and i think it goes to really good development work to be able to source that data and fill in some of those holes and missing piece puzzle pieces, so dismayed now this raises the question of social media, so when you’re researching prospects, do you go to their social media accounts to see what what might be public like if a lot of their facebook posts are public now, some people keep them private, but or only to their friends. But do you do you look at social media? Tio try to fill in hold while i tell you what i actually do? Because one of the things that i do, of course, is i google somebody’s name. So when i do that and on page one of google search results very often will be their social media accounts, they’re linked in their facebook instagram, right? So even even you think okay, well, it’s an instagram account it’s all photos. What am i going to gain from that? But you can really gain a lot of information avectra their second home? Yeah, their boat, their plane? Yeah, i mean, our just, you know, maybe maybe there really into birding, for example. So they’ve got, you know, a lot of pictures around that and you think ok, well, gee were an environmental organization. We didn’t realise they had this particular interest within our scope. Eso you, khun really? Maybe even learn a lot, you know? They say a picture’s worth a thousand words, right before you just filled with the old the old saying, zoho yes, yes, i’ve heard that you have heard that, you know, so you know for sure on dh, then then let’s not forget some of the some of these platforms that also allow for video, so my goodness, when they then not only have photos up there, but then they’re involving video as well. So if it’s if it’s public right? Um and, you know, that’s not somehow password protected or privacy protected, then it’s in the public domain, you’re not going in friending all these prospect? No, no, no, no, to try to sneak in, no, no, and become their friends absolutely know you’re going? No, no, absolutely not. But i will say one thing about the linked in if you’re doing the research there. Ah, there is a way to set your your privacy settings in such a way that you will like if i’m researching you, tony, or if i’m just looking at your linked in profile, i go in as anonymous an anonymous user, so you won’t know that i was looking at your profile really, however, give up the ability to see who’s been looking at mine. Oh, well, i wouldn’t care about that. How do we set that? So you go into the privacy settings, and, um, and one of the options is, you know how you want to appear to others. When you are looking at their profiles, they’re three settings there’s one that’s, fully transparent. So your your your picture will be there. Your name will be there, and your headline will be there. Right? That’s the setting that allows you to also then see who’s been looking at your profile. If you choose that setting, then there’s two private settings. One is semi private, so i could come across as just somebody who’s in the management consulting industry in the greater new york city area. Or i could be anonymous. Okay, so those air, the two private and semi private said they’re either naked, topless for that’s. Fully clue, fully clothed. Okay, um, all right. And that’s. Very interesting. I mean, i would i could care less. Who looks looks at mine. I get those e mails. I know it is an option. I can turn off, but i just haven’t. But, you know, whatever. Twelve fourteen people looked at your your your profile this because i don’t care and okay, but so now so if i turn around but you could turn it on and off you can’t you don’t want to you want to be if you want to be naked sometimes and fully exposed could do that if you want to put your clothes on top and bottom tops and bottoms like jammies like foot season, everything right on the twenty years and everything, you know and hoody you could do that to write. Okay, you go back for all right? This is all online. And what i promised was we’re going to go beyond online in real life. But this is all valuable. So we do whatever the hell i want the okay, um, he’s going rogue it’s my show now, it’s not rogue. It sze mainstream sametz dream it’s twenty martignetti non-profit radio. All right, now you have questions that are good for in real life. Real life questions. So let’s, talk about some of those for aa for a couple minutes before we take a break. So what kind of things should we be putting out into? Our among? Our people, because it is not just for us to be asking, but all the people that we just think about a few minutes ago, and also these would work really well in, like i said, a focus group or or a feasibility study type of the situation. So question number one, what do you feel are the most pressing challenges for our community? And i often can’t find that type of information, right? So you’re now you’re getting into the mind of that individual and you’re getting them to talk about what are the challenges that you see, not only with regard to the service types of services that we provide, but in our community? What are the challenges that you see? And then, you know, hopefully from their conversation will will happen around, you know, how does does this particular non-profit even address any of those challenges? And it may not be appropriate that in fact, that’s your next suggestion? What role do you see? Non-profits playing resolving the issues, right? That that are pressing for you, actually, that you feel, you know, i like this, you know? What do you feel? Because you’re asking the person what’s their opinion where their feelings about write something good, open ended questions. Yeah, yeah, yeah. You definitely want to make sure that they are open ended and not just yes or no questions, right? Because what you’re looking to do here is really just listen, um, and and i think that, you know, this is something that i think especially those of us in the northeast. We’re so used to talk, talk, talk, talk that we have that we have trouble just listening. I don’t know you may have that trouble. I don’t feel i have that trouble. Well, you know, you’re already transitioning to the south so well, slowly but that’s like degree of sarcasm. Okay. So, you know, how do you see us fitting into it? Yeah. How do you see are not fitting into this into addressing this particular in need. You know what? How can we help address this need in our community, in the community? Is it appropriate for us to be addressing this need within our community? All right. Do you feel like this should be? It should be a priority for us. Yeah, it is. Or it isn’t. And some of these i think are things that i mean? I hope that fundraisers, frontline fundraisers have in mind, and they are asking people, you know, a taste. These last couple that we talked about, you know, what are we doing right? How do we, how do you think we fit in? How do you feel about the work that we do have to fit into the community? You know, what else should we be hitting on that we’re not things like that, all right, we got to go take our car break. When we come back, we got live, listen, love, et cetera, et cetera, stay with us. Like what you’re hearing a non-profit radio tony’s got more on youtube, you’ll find clips from stand up comedy tv spots and exclusive interviews catch guests like seth gordon. Craig newmark, the founder of craigslist marquis of eco enterprises, charles best from donors choose dot org’s aria finger, do something that or neo-sage levine from new york universities heimans center on philantech tony tweets to he finds the best content from the most knowledgeable, interesting people in and around non-profits to share on his stream. If you have valuable info, he wants to re tweet you during the show. You can join the conversation on twitter using hashtag non-profit radio twitter is an easy way to reach tony he’s at tony martignetti narasimhan t i g e n e t t i remember there’s a g before the end he hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a short monthly show devoted to getting over your fund-raising hartals just like non-profit radio, toni talks to leading thinkers, experts and cool people with great ideas. As one fan said, tony picks their brains and i don’t have to leave my office fund-raising fundamentals was recently dubbed the most helpful non-profit podcast you have ever heard. You can also join the conversation on facebook, where you can ask questions before or after the show. The guests were there, too. Get insider show alerts by email, tony tells you who’s on each week and always includes link so that you can contact guess directly. To sign up, visit the facebook page for tony martignetti dot com. I’m chuck longfield of blackbaud. And you’re listening to tony martignetti non-profit radio. Big non-profit ideas for the other ninety five percent. We have got live listeners all over the country, it’s amazing, but we’re booming today from new bern, north carolina. Bradenton, florida, and tampa, florida. Basically, we’ve got all this is that this is a first for non-profit radio for sure, we’ve got all five boroughs of the city checked in bayside and rochdale in queens, bronx. Cancel your neighborhood, brooklyn can’t see your neighborhood. Manhattan and staten island got all five boroughs checked in live listener love throughout the city of new york throughout the five boroughs. Also blair’s town new jersey used to go to boy scout camp in blair’s town no, be bosco stood for north bergen boy scouts no be bosco bladders in blair’s town and that’s, where they filmed friday the thirteenth one of kevin bacon’s early movies flight friday, the thirteenth films at that boy scout camp in blast down new jersey live listener love to you blessed town also woodbridge new jerseys with us i’m nowhere altum pandu jersey is where my mother and father are they did not check in they’re checking out there so i don’t know but they’re not checked in we got all way all the way west coast. Can’t washington live? Listen, love out to the upper northwest? Um, i think that’s, everybody so far in the us of a how about germany, multiple cities in germany? Guten tag, spain. I can’t see your city, i’m sorry, but spain, buenos di days. I’ve got a newcomer. Ah, the area of the stars of by john the town is tub breeze and that’s, iran welcome, iran live with their love to you in iran, give us a high five from iran. On the heels of the live listen, love, of course, comes the podcast pleasantries, maria samples getting close to her, mike thinking that’s her time to talk again. But it’s? Not quite because we’ve got to do the podcast pleasantries, she’s trying to cut you off podcast listeners. She doesn’t want me to do it, but her restraints are are ill are feeble against my will to do podcast pleasantries to the over twenty, twelve thousand listeners, whenever you are whatever device i am so glad you’re with us pleasantries to you and the affiliate affections to our am and fm listeners throughout the country. So glad that you are with us as well affections to you on those analog devices glad you’re with us. Ok, marie simple. Now it’s back your turn. You can sit up straight again. Maria sample. You’ll find her at the prospect finder dot com and she’s at maria simple. Um, yeah. So more questions we got. We got some more questions that we’d like to be asking. Yeah, absolutely, absolutely. So these next two questions are very inter related, and they may be difficult for you to ask directly to someone it might work. Better in mohr of aa group situation, and i think it would work really well if you had, i’m going to say, ah, third party may be a consultant or other volunteers, perhaps asking this question, so the questions are, what are we doing right? And what can we improve? Because i think you’re going to learn a lot about how your organization is serving the community. And maybe there is some gaps that that that these potential donors feel thatyou’re not filling but should be filling eso it sounds particularly student to a focus group, right? Or a feasibility study, a consultant asking feasibility study questions of individuals or couples one on one yeah, yeah, absolutely, absolutely. And this next question really has to do more with your communications and how you’re communicating with people and, you know, you know, are we transparent and communicating effectively regarding our programs and achievements? S o you know, i think that fund-raising and communications marketing, pr, whatever you want to call it are they cannot live in silos, they absolutely are interrelated when one one part of that is not going well, it’s going to impact thie other side and vice versa. So i think it is important to have an understanding of, you know, are you over communicating under communicating, you know, sometimes donors feel like, you know, g the only time we ever hear from this organization is when they’re asking for money that’s always about right, right? So, you know, are you adequately communicate? And also, how would you like to be communicated with right? Do you prefer email, paper, mail, phone twitter, you know, how would you like us to be talking to you, right, exactly what channel? So yeah and thiss next question i really like because now we’re going to start to understand, will these people be willing to make a major number seven minutes if you like this one? Where was this number seven? Well, no, i mean, because now we’re getting into more of a major gift flow of questions arc to the right, right? We’re approaching danamon right there, and then we’re going on that we’re goingto leave xena, ok, exactly. Bonem so have you ever made a multi year commitment to a non profit organization? And would you ever consider doing so? So not necessarily to your non-profit to a nonprofit organization ok, you need to go through the next couple quickly. Okay, great. We have a few minutes left and we got to talk about conferences. Okay. Great. Read them off. All right. So how many non-profits do you typically support in a given year? Do you give more to an organization when you are involved in its leadership? Would you like to be a boardmember? Etcetera? Volunteermatch ok. And who else should we be talking to? Excellent. Right? Because you you who have your in your network and you bring to us, right? Who in your circle of influence should we be talking? Teo? All right. Excellent. In real life, go there. Don’t ignore the in real life. It’s it’s it’s part of you being a human being. It’s not all digital. Okay, let’s, go to conferences. If you want to meet in real life, we have a nap. Unconference association of professional researchers in advancement, right? Where’s that that’s, right? So they’re big annual conference it’s their thirtieth actually is happening in anaheim, california. This year on july twenty sixth through the twenty nine, you’re going to be there? I am not. No, i’m not. I’m not going to. Be attending it this year, but i do want to make sure that everybody is, you know, he’s aware that it’s there in case they want to get some extra education and this information as well as a lot of this other stuff i’m going to bring up now is all available on apple. His website, which is a p r a home dot org’s. So that’s apra home dot order s so that’s, the big, the big international conference. A bunch of statewide stuff just passed in in april, but a couple of other upcoming things that i did want to bring to your attention. So if you are members of the florida chapter of apra, they’ve gotta state conference coming up june eighth through the ninth, we’ve got anapa overdrive one day conference coming up in seattle, washington may twenty fifth, there’s a couple of webinars coming up a free one on june fifteenth. Ah, getting the most out of wealth screening and they’ve got one that they’re running in conjunction with a f p called you khun do it research at your finger tips and that’s going to be on august twenty third i don’t know about all these is available on apple home dot org’s. Yes, yes, it iss that’s. That’s exactly where i got it from. Okay, very good. We gotta leave it there. She’s a prospect. Find her again at maria simple and at the prospect finder. Dotcom. Thank you, sir, for being in the studio. I was so glad to be here too. Two force cracked like a fourteen year old is unbelievable. Next week, health care funding options and jean takagi is back. If you missed any part of today’s show, i beseech you, find it on tony martignetti dot com. We’re sponsored by pursuant online tools for small and midsize non-profits data driven and technology enabled and by we be spelling supercool spelling bee fundraisers we b e spelling dot com our creative producers claire meyerhoff. Sam liebowitz is the line producer. Betty mcardle is our am and fm outreach director shows social media is by susan chavez. And this cool music is by scott stein you with me next week for non-profit radio big non-profit ideas for the other ninety five percent. Hopefully i’ll be more articulate, go out and be great. What’s not to love about non-profit radio tony gets the best guests check this out from seth godin this’s the first revolution since tv nineteen fifty and henry ford nineteen twenty it’s the revolution of our lifetime here’s a smart, simple idea from craigslist founder craig newmark insights orn presentation or anything? People don’t really need the fancy stuff they need something which is simple and fast. When’s the best time to post on facebook facebook’s andrew noise nose at traffic is at an all time hyre on nine a, m or eight pm so that’s, when you should be posting your most meaningful post here’s aria finger ceo of do something dot or ge young people are not going to be involved in social change if it’s boring and they don’t see the impact of what they’re doing. So you got to make it fun and applicable to these young people look so otherwise a fifteen and sixteen year old they have better things to do if they have xbox, they have tv, they have their cell phone. Amador is the founder of idealised took two or three years for foundation staff sort of dane toe add an email. Address their card. It was like it was phone. This email thing is fired-up that’s why should i give it away? Charles best founded donors choose dot or ge somehow they’ve gotten in touch kind of off line as it were on dno, two exchanges of brownies and visits and physical gift mark echo is the founder and ceo of eco enterprises. You may be wearing his hoodies and shirts. Tony talked to him. Yeah, you know, i just i’m a big believer that’s not what you make in life. It sze, you know, tell you make people feel this is public radio host majora carter. Innovation is in the power of understanding that you don’t just do it. You put money on a situation expected to hell. You put money in a situation and invested and expect it to grow and savvy advice for success from eric sabiston. What separates those who achieve from those who do not is in direct proportion to one’s ability to ask others for help. The smartest experts and leading thinkers air on tony martignetti non-profit radio big non-profit ideas for the other ninety five percent.

Nonprofit Radio for February 3, 2017: Grow Your Sustainer Revenue & Protect Your Donors’ Data

Big Nonprofit Ideas for the Other 95%

I love our sponsors!

Do you want to find more prospects & raise more money? Pursuant is a full-service fundraising agency, leveraging data & technology.

It’s not your 7th grade spelling bee! We Bee Spelling produces charity fundraiser spelling bees with stand-up comedy, live music & dance. It’s all in the video!

Get Nonprofit Radio insider alerts!

Listen Live or Archive:

 

My Guests:

Allison Weston, Chrissy Hyre: Grow Your Sustainer Revenue

(L to R) Hyre & West  at 16NTC

You want more sustainers? We’ve got the formula: Multichannel. Upsell. Benchmark. Avoid attrition. The panel is Allison Weston & Chrissy Hyre, from Chapman Cubine Adams + Hussey, and Sabra Lugthart with The Trust for Public Land. This was recorded at the 2016 Nonprofit Technology Conference.

 

 

Tracey Lorts & Joshua Allen: Protect Your Donors’ Data
(L to R) Lorts & Allen at 16NTC

You don’t want to be the next headline. You don’t want a fight with a donor over whether you compromised their credit card number. We’ll keep you safe and in compliance. Also from 16NTC are Tracey Lorts and Joshua Allen, both with Greater Giving.

 

 


Top Trends. Sound Advice. Lively Conversation.

You’re on the air and on target as I delve into the big issues facing your nonprofit—and your career.

If you have big dreams but an average budget, tune in to Tony Martignetti Nonprofit Radio.

I interview the best in the business on every topic from board relations, fundraising, social media and compliance, to technology, accounting, volunteer management, finance, marketing and beyond. Always with you in mind.

Get Nonprofit Radio insider alerts!

Sponsored by:

Vertical_Color
View Full Transcript

Transcript for 325_tony_martignetti_nonprofit_radio_20170203.mp3

Processed on: 2018-11-11T23:41:13.912Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2017…02…325_tony_martignetti_nonprofit_radio_20170203.mp3.878948250.json
Path to text: transcripts/2017/02/325_tony_martignetti_nonprofit_radio_20170203.txt

Hello and welcome to tony martignetti non-profit radio big non-profit ideas for the other ninety five percent. I’m your aptly named host oh, i’m glad you’re with me. I’d be thrown into vou care. Arai assis, if you wormed in with the idea that you missed today’s show, grow your sustainers revenue you want more sustainers we’ve got the formula multi-channel up, sell benchmark avoid attrition. The panel is alison weston and chrissy hyre from chapman, cubine adams and husi and sabra lugthart with the trust for public land, this was recorded at the twenty sixteen non-profit technology conference and protect your donor’s data. You don’t want to be the next headline. You don’t want to fight with a donor over whether you compromised their credit card number. We’ll keep you safe and in compliance. Also from sixteen ntc are tracy lorts and joshua alan, both with greater e-giving tony, take two seventeen and tc responsive by pursuant full service fund-raising data driven and technology enabled, you’ll raise more money pursuant dot com and by we be spelling supercool spelling bee fundraisers. Wee bey e spelling dot com here’s, our first panel on growing your sustainers revenue from the sixteen ntc, welcome to tony martignetti non-profit radio coverage of sixteen ntc non-profit technology conference with the convention center in san jose, california. My guests now our chrissy hyre alison weston and several lugthart chrissy is see you’re strategist at chapman, kyu buy-in, adams and pronounce all those hyre directly did even cubine you did? Yeah, i should have asked you before, but we’re rolling now. Alison weston is, uh, also with chapman, cubine adams and yep. Okay, what do you do there, though? Does have a title for you. I’m a digital account executive. Okay. Excellent. And say piela oneaccord is associate director of annual giving at the trust for public land. It was a very simple one. Thank you. We love everything documented here correctly. Thank you. Before we start with shot out swag arse crack item for this interview is from cornershop, cornershop, creative it’s ah it’s vegetables. We’ve got sure that’s an eggplant got tomato stress balls no pair stress ball also. But all the vegetables items are not stress balls. We have a banana pen. We had a chili pepper osili all from cornershop creative. So thank you very much. This goes into our swag. Pile ilsen would you help me budged? And those items put him up front. There we go. Oh, the implant. Okay, but all this way, swag pile. Thank you very much. Okay, ladies. Let’s, get serious about sustainers now, sabre, you have to depart a little early. So when sabelo leaves it’s not because my questions suck or anything like that because you have to go because we’re running a little behind. So let’s, start with you. Make sure you get. Yeah e-giving for some time. What is the problem that non-profits are not getting things quite right with sustaining don’t? Well, first, i’ll preface that i’m a client of cch that’s, right? I think we’ll give my organization has an example before i started working at the trust republic land way just didn’t have a sustainers program in place there nobody we didn’t have a dedicated staff member. Um, well, you know, sustainers air worth so much in revenue. So, you know, we did all of these things we work towards that teo grow our program and really recruit sustainers so i think, really the bottom line is is over time when you build your sustainers program, it just generates so much revenue for your organization so it’s worth focusing on okay, we’re we’re for some reason we’re not what we what we alison, what do we not quite getting right about building our sustainers base? I think a lot of regulations do get some things right. I wouldn’t marry you. What herself not getting quite right, i think you know, a big factor for continued, most like sustainers growth online is continue testing so there’s a lot of things to do with donation forms and, you know, i think once you find something that works, that doesn’t mean it’s going to continue to work. So i think one thing we talked about in our sessions, they was keep testing online and keep holding it on things in your donation form and making sure that, you know, you’re continuing to grow and try new things, okay, chrissy, if you want to add to our overviewing this point, i think, you know, maybe two things that i would add to what these ladies have said that, you know, having organizations make sure that they’re taking a multi channel approach to sustain a recruitment that they’re using all the same channels. That there, soliciting one time, gibson for sustainers recruitment and then really evaluating on the back end. Making sure that once they go to all of the trouble of making sure that folks have become monthly donors, that they’re staying monthly donors. And they’re staying engaged in the organization. Why do you think some organizations aren’t taking st multi-channel approach for sustainers that they are for other types of dahna with what’s happening disconnect? Well, i think that, you know, i think that people get a little bit overwhelmed sometimes by, you know, the number of thing are the kind of logistical set up that it takes to start a sustainers program, and so it seems, i think sometimes like, oh, the easy way to do this would be just to do it online let’s, just sell this through email let’s just do a light box, let’s just do it digital ads, you know? And that seems like kind of an easier kind of entry point into sustainers e-giving whereas you know something like telemarketing, for example, which is what i really focus on with my clients can feel a little bit scarier, a little bit more, a little bit bigger, maybe a little bit tougher to bite off, okay, yeah, i think also for a lot of non-profits data is just a challenge, even just getting everything set up in the back, and i know sabra, you had a lot of leg work to do before you got started so i would say, yeah, just getting your house in order before you can even get started and keeping it in order and keeping your data clean. It’s a big challenge, especially with this scene. E-giving okay, all right, so let’s, start with our multi-channel approach to sustain. E-giving now, of course, we’re talking about monthly monthly. Sustainers is that right? Is that we’re all so everyone’s on the same page, okay, monthly sustainers huh? Our multi-channel approach are we trying to convert existing donors to sustaining or we try to require new donors? Sustainers or both, you can do it all, you can have it all. So, you know, i think that’s sort of the lowest hanging fruit is converting the people who are already connected to your organisation as donors and two monthly givers. I think that a lot of organizations also find tremendous success with kind of warm prospects, online activists and that kind of audience and then certainly alison and sabelo could speak to this, but one of the things we find works really well, digitally is using sustainers e-giving is an acquisition tool. Yeah, so i mean, i think there’s, the biggest factor we’ve seen in converting to see here, has been doing a recent cso like christie said, making sure that you’re getting people that sustaining ask after they’ve made a one time gift anything there’s a lot of ways to do that online, trust me publicly, and they do, you know, a few different things. One of them is a rolling email out to you one time donors, ten days post donations so that’s a good way of you know, reaching out to people when they’re current. In recent donors, you’re tuned to non-profit radio. Tony martignetti also hosts a podcast for the chronicle of philanthropy. Fund-raising fundamentals is a quick ten minute burst of fund-raising insights, published once a month. Tony’s guests are expert in crowdfunding, mobile giving event fund-raising direct mail and donor cultivation. Really, all the fund-raising issues that make you wonder, am i doing this right? Is there a better way there is? Find the fund-raising fundamentals archive it. Tony martignetti dot com that’s marketmesuite n e t t i remember there’s, a g before the end, thousands of listeners have subscribed on itunes. You can also learn maura, the chronicle website, philanthropy dot com fund-raising fundamentals, the better way. Dahna oppcoll okay, let’s, let’s, drill down. But what does that email saying? Thanks them for their gift? Sabelo what does it say? Yes, so the again the emails sent out ten days after the after donor-centric thank you, basically, thank you very much for your recent gift that builds a case for support of why sustaining gifts are so important and it’s all wrapped around the mission of our organization at the end, it says, would you please consider becoming a monthly donor and that’s about what’s in the mail and a link to click to, of course, yes, all of the links to other clip now, when they get there, do they also get a written acknowledgement for their one time give if in our organization, if they give online, they get an automated and they get an automated email and sustainers get a different kind of automated email. So okay, we’re not going out there, and i’m still the one time donor. If they make an online gift to get a in ordinated email on our ana made it basically, thank you eat tax receipt online and then if they don’t, it makes a gift off line they get, you know, they get mail ok in that in that offline, direct mail are they also invited to become sustainers in direct mail? Yeah, so we do dio way doo doo like a b r e slip and direct mail asking has a sustainers ask, and we do do some segmentation and email like we recently sent out a tax receipt that asked people to become, you know, if they had recently given a one time gift, asked them to become a sustainers consider becoming a sustainers and i think that that’s actually really speaks to kind of some of the multi-channel approach that we’re talking about, which yet, you know, it’s, not even just which channels you’re inviting people to become a sustainers through, but branding the program across everything that you send a donor so thinking them with that, you know, and making that sustainers asking, just kind of keeping that in the forefront of their mind as they go through. Sort of their donor life cycle. Okay. Uh r r one time donors asked again before their other once on gift if they hyre turn down the first sustainers nasco they then asked, like i said before there before their other annual gift. Yeah, good question we solicit our month. Well, we are monthly donors on a limited mail solicitation track, so we only send the mailings three times a year. Um and yeah, so we will when it that time is appropriate. The year and campaign. We will ask them to make a one time contribution or we’ll ask them to upgrade their gifts. So we do. Sorry, i’m kate reverting back to monthly donor is not one time your gifts. Sorry, my question was, how often do you ask one time donors to become sustainers you ask them the first time after ten days after their first there one time gift, how often after that? Before their next one time. We don’t have a player friend. Yeah, we don’t have a plan for that right now. Okay? Alison and christine, do you think that is advisable? Or should you just continue to wait until they made their other? Their next one time? Well, one of the things that we find to be really successful is again, kind of, you know, you’re asking the multiple times, but maybe you’re not asking them in the same way, so you’re, you know, you’re thanking them for their gift and there’s this kind of soft asked for them to become a sustainers then you send them an email and explain the program to them and ask them to become a sustainers that way, then you call them and ask them to become a sustainers and then you follow up from that and say, thanks so much for listening. Is this something you would consider so it’s? Not it’s, kind of a cohesive strategy that asked them multiple times, but it’s not necessarily like these kind of random, you know, isolated asks it’s, sort of an overarching okay, okay, that make sense. Yeah, it sure does. And allison, to your point about the importance of data earlier now, obviously way. Have to have good data for all these channels. Christy just described we need a phone number. I need their e mail. We need accurate mailing address, right? The importance of good data. Before we could do anything. Yeah, no, that’s that’s. Definitely right. Okay, way also need to know piggybacking on that how they want to be communicated with. So suppose somebody doesn’t want to receive phone calls. Yeah, i mean that that definitely has to be taken into account. You don’t make the donor injury. You want to communicate with them in the channel that they prefer to be communicated with thin. But that doesn’t necessarily mean that someone who donates online is only ever going to donate online that’s. Why i keep talking about the multi-channel approach. So in fact, forty five percent of the stayner’s that we see recruited into programs are actually recruited as a sustainers by a different channel in the first channel, they gave a gift to the organization, and so we brought them in through mail. But then they became a sustainers through the phone or online, or they came in on line. And then we made the ms sustainers half convert. They’re giving channel. Exactly. Okay, use the right language that you did. It was very krauz. All right, so we still have a good amount of time together. Sabelo before you have to. Go now. Yeah. Okay. She was taken by your sorry have really thank you. Nothing duitz conversation. Okay, thank you for saying that. Even if not sabelo breaks down. So it was like that. All right, thank you. Say thanks for joining us. Okay, now we’re now we’re just left with the consultant. So now we’re in a big, big loss. I did play e-giving fund-raising. Well, it was not it was not serious. Where should we take this next? Right. We talked about how i’m gonna convert at a game. What else have we, uh, not talk about that? We should in this hole multi-channel topic. Campaign ideas. You have some campaign ideas? Yeah. I mean, i could talk a little bit out some different things that we’ve seen we’re calling, why don’t you? Okay, i hold out on non-profit radio. Sure. So i think one of the things we’ve seen work really well with a lot of clients in a lot of different areas has been sustainers up so light box. So that means basically, on your one time get form, somebody makes the onetime gift and before their gift actually process is a light box pops up. And says, hey, things for your let’s define like box everybody doesn’t know whether it’s opaque shoretz i’m not okay. You know, when you go on a site and kind of the site gray’s out and then something pops up to the forefront that’s basically what? George in jail on non-profit radio yeah, try to help you out of it. Sorry, so you can still see through? You can still see through it. So pictures yeah, so picture this you’ve made, you’ve made a gift, then you know you’re you hit process, and then the screen kind of gray’s out in a box pops up and it says, you know, has a nice image and it says, you know, thanks for your gifts before we process your one time gift, would you like to turn this into a monthly gift and you can click no or you can click x and x out of it, and you’re one time gift will still process. But if you could yes, then it will convert to you become a sustainers so you’re catching people right at the moment when they’re making a gift and you just get people to convert and we’ve seen that works really well for bringing a new sustainers, but also doesn’t depress one time. Revenue does not. Okay, okay, what do we know about what? What amounts to ask them to? Would you like to make this gift to sustaining you? Well know, the mountains is different. So in the back end of the light box itself, there’s kind of an ask string tree, so basically gives a range. So if you make a gift between, say, five and fifteen dollars, and you ask for a five dollars monthly gift or, you know, if you kind of move up and you make a thirty two fifty dollars, gift your ass for a little bit hyre maybe, you know, fifteen or twelve dollars monthly gift so it’s kind of tiered. So you’re making sure that you’re asking for the right amount from people what we call that strategy. That’s the sustainer, upsell, lightbox okay, sustainers yeah, i terminology, yeah, as long as you define it joining way don’t like talking about it. Criminology sustainers upset like box, of course, who doesn’t know what that is like? Everybody who listens to cop radio does now that you know, you just treyz down. So i don’t think so. Sustainers upsell white-collar christine woman a woman who sat in your seat before this interview was so that was misty magog a chrissy hyre christy, what other campaign strategy can you share? Well, campaign strategies? Um, you know, i think that as alison alluded to one of the most important things that we see for organizations to remember, no matter what channel they’re trying to recruit, sustainers through is really the recency of the gift. So i think that a lot of times organizations have a little bit of a fear that if they asked too close lead to this is to the person’s original gift that it’s going to seem ungrateful to be like. Well, now, could you do ten dollars a month? Like ten days? Seems to be okay. Ten days a spine. In fact, the most successful phone programs we do call people within thirty days, which that’s really close? I mean, they just gave a gift. But you really want their commitment and their passion for the organization to be top of mind. And any time in the thirty days, not the next day. Not the next day. No, typically. The window starts kind of two weeks after their gift for two weeks to thirty days, you’re safe in asking for sustainers gift after someone made a one time yep, absolutely and of course, you know you want you want to thank them, you want to appreciate them for the amazing donorsearch es are but that’s, you know, that’s totally acceptable. And i think the other thing that we talked a lot about today and that we could go into a little bit more now is sort of what to do with sustainers once you bring them on, and so i think that you know, sustainers support is great because it’s the stable monthly revenue, but it’s not a set it and forget it kind of strategy and so there’s a lot of work that has to be done once you actually bring these folks to the table to become monthly donors, to make sure that they stay engaged and passionate and interested and that they continue to give and you don’t lose them because their credit card expired or they just sort of became disa passion with your organization. Okay, very important too. Yes, yes, we don’t, we don’t. Want to lose? You don’t want to lose our donors. What do we know about out? After someone becomes a sustainers do they then keep up their their annual giving, too? So this is something that a lot of organizations kind of go back and forth with. Do you continue to ask sustainers for one time gifts? Do you try to just upgrade their sustainers gift, like what is the perfect mix of howto results in them? And so one of the things that we found is that, you know, thes air your most committed, passionate donors, and so it is completely acceptable to ask them for a one time gift. A lot of folks use a strategy called the thirteenth gift, where in december they’ll ask sustainers to give sort of the thirteenth gift of the year. If you have, like, a key matching gift campaign or something really urgent happening within the organization sustainers air great group of people to reach out to on dh, then organizations have seen success upgrading sustainers is close to their original sustaining gift is three months after they give it. So you know, there’s there’s really no hard and fast rule it’s kind of about testing and finding what works best for the organization. Okay, even okay, things. That that sound unusual to me, even just within three months of their first sustainers gift it’s okay, in some cases to ask the upgrade that absolutely so we worked with a really large non-profit that has an extraordinarily large sustainers program and what they they tested six months versus three months in terms of a sustainers upgrade and found no difference. At three months that is many people upgraded the donor’s weren’t displeased to be getting called again so quickly that folks felt really engaged and excited. They kind of under you just always have to explain what their support is doing. Why is that additional three dollars, a month so important? Allison, could you help us with went to be thanking our sustaining donors? I think is pretty well recognized don’t think them every month, but do we thank them every year? What’s appropriate? Yeah, i think i think they definitely need to think them, but not overthink them, but i think something else that you can do more often is kind of keep those engagement touches going, so send engaging emails that aren’t just asking people for money, sending them something that’s going to keep them tied. To the mission of the organization and kind of keep the organization top of mind without asking them for money every single time they’re opening an e mail from you. Eso whether that’s a quiz about your organization reading article, you know something, something fun like that to keep them engaged, it informed, i think, is really important and sustainers going, of course, be lumpkins that along with everyone else on your email list on your contact list, but i think you know it’s nice at the end of the year at the beginning of the year to send out a nice impact email or an impact, you know, whatever you’re doing to show, um, you know how much their support meant to you over the year and all the stuff that you were able to do because of all the, you know, consistent support that sustainers gave you okay? So generally recognized that end of the year is is the best time or if there’s, another key bowman in your organization? I don’t think it’s a problem to thank donors, but i think you can do really consistent engagement emails, teo, to keep folks, you know, tied to your organization okay, way too little a budgeting conversation. Okay. Dahna what? What are expense items that we need to factor into creating a sustaining sustainers? Provoc well, i think that in some regards and allison definitely jump in. I think that when you think about sustainers recruitment, you almost have to think about it in the same way you think about acquisition, and so, you know, you’re going to invest in acquisition, but it’s a long term kind of long game strategy and sustainers recruitment is the same way, so you know that obviously one of the biggest cost is making sure you have the back and systems to process the spokes monthly, that you’re not gonna lose track of that. And, you know, all of that is part of the organizational budget i would assume and then additionally, you know, making sure that you are kind of realizing that if you’re starting a program from scratch, this is like the long game, this isn’t something that’s going to pay off in three months. This is something that you’re looking at in some cases, if you really want to build a large program, the big net is going to happen. After a year, maybe two years, maybe three years, depending on how big you want to go. Okay, so you gotta be in it for a longer term, right? Any other budget type factors? Allison, you want to jump in? No, i think you pretty much well covered it, but i think, you know, if you’re sending out e mails, you obviously have to have a sierra. So i think a lot of the stuff you know, most organizations already have but it’s a matter of using it for recruiting sustainers but definitely i think the biggest hurdle for a latto organizations is getting that peanut processing set up. Okay, got a meat processing that you trust? Are there payment processors that you like? You want to give a shout out to particularly well. Okay, what about strength? Yeah. So, you know, i think that this isn’t so much about the actual monthly processing, but, you know, there’s there are a lot of great tools out there right now, like stripe or a man tive that help recapture credit card information before it lapses, which really helps organizations that are trying to build sustainers program stem. That sustainers attrition on. Dit could be a really huge factor and turning around sustainers avenue. Okay, now, what was the second advantage vantive used to be? Lytle now, it’s canton. Okay, so we know that when credit cards laps, we’re likely to lose sustainers donors so just kind of some quick stats i can share with you, so i work with pretty large sized political action committee, and they’re very committed growing their sustainers program, they spend a lot of money investing in this new sustainers growth and so this year or in twenty fifteen, rather we saw this pattern where we were exceeding our budget projections for new sustainers revenue every single month and our sustainers number was decreasing every single month, so just, like, made no sense, right defied logic, so we dug in to see, you know, what’s going on? Why are all these people falling off the file? Because the problems really attrition and of those folks who are falling off, eighty percent of them were falling off because of bad credit card numbers. So this was sort of during that time where we all got this new chip cards or their expiration dates were expiring, theyjust were getting new cards and we weren’t able to contact them quickly enough to get that new credit card back on file. So with this process all of a sudden, you know, we implement this in december, and we go from losing thousands of dollars every month to seeing, like, twenty three percent growth since december through february. Okay, so what are we doing in advance of the credit card lapse? So a little bit technical and that’s? Not really my bailiwick, i will tell you, but so basically, what thes companies do is they contract with banks so that they have a relationship with the bank to update your credit card before it ever even expires. So, for example, if you have a netflix account, you probably notice that your credit card never actually expires. No matter what. You know how many cards your bank is sending you in the mail and that’s because they’re contracting with them directly to get that information so that you, the consumer, don’t have to go in and update all of that. Oh, i see. Ok, so it’s all happening transparent to you. It happens automatically, right? You never have to decide. I’ve given enough. To this organization, exactly it’s a customer service convenience that actually saves organizations a lot of money. Yes, it’s also non-profit exactly. All right. All right. We still have a couple of minutes left. Zoho some benchmark benchmark’s is for sustainers growth. Allison, help us with that. Yeah. I mean, i think it depends where different organizations are in their sustaining journey about growing their program. So i think, you know, when folks are thinking about starting or growing at sustainers program, you have to kind of set your own benchmarks that i can throw it a couple stats. I think you know, some things to consider. You know, overall good, healthy benchmark would be about having ten percent of your revenue comes from sustaining, giving. So, you know, that varies from organization organization, but i think that’s kind of ah, national benchmark it like a good back of the napkin calculation on that. I also think some other things to consider are just, you know, benchmarking and kind of setting some goals for how much revenue goals you want to have come from a scene e-giving and also thinking through, you know, looking at how much you want to spend to acquire these donors and then what’s the return on investment. How long are these sustainers staying on the file? Are they lapsing off? Is there a certain channel that’s? Not really working very well. Maybe honing in on, you know, tweaking your strategy a little bit. So i think there’s different things and it’s it’s going to be different for every organization you know, not everyone is the same place in there seeing e-giving program. But those air something’s toe consider. Okay. Okay, christy, i want to leave us with i think that ultimately what i would say is that while building a sustainers program is an investment, it ultimately is so worth it. It is probably the number one thing that organizations khun due to help grow their files. Folks who become a credit card sustainers will stay on your vile for thirty seven months or longer. They’re your best prospects for plan giving. They’re your best prospects for mid level upgrading. And they are ultimately kind of the core of your fund-raising once you develop that audience is ideal, concise, beautiful. Thank you, ladies. Thank you. Ok, they are christy hyre and she’s, a senior strategist. At chapman cubine adams and she was right. Okay on. Alison is also there doing marcus ellis, a digital account exec. You can’t exactly fucking watch, ladies. Thank you. Martignetti. Non-profit radio coverage of sixteen non-profit technology conference san jose, california. Thank you so much for being with us. Protect your donor’s data is coming up first. Pursuant. Have you checked out their white paper overcoming the major donor dilemma? It’ll help you. The research is free. It’s valuable it is. I can make it any simpler. This stuff is helpful. This one, the overcoming the major dahna dilemma covers identification, engagement and cultivation of new major donors. So you’re finding them, you’re getting them active and then you’re cultivating for the solicitation. Overcoming the major donor dilemma it’s at pursuing dot com you click resource is and then content papers. We’ll be spelling spelling bees for fund-raising have you checked out their latest video, it’s from a night that raised money for help for children raised over one hundred ten thousand dollars, the organisation needed help. It turned to re be spelling. You can see it all documented. They’re documentarians it’s all there on the video at we b e spelling dot com now for tony’s take two, the twenty seventeen non-profit technology conference so we got two interviews today from twenty sixteen. I urge you, i can’t be seat you because that belongs elsewhere, but i urge you, i implore you to check out the twenty seventeen non-profit technology conference it’s march twenty third, twenty fourth, twenty fifth in washington d c there’s always there’s like one hundred or more there’s more than one hundred smart speakers, smart seminar leaders they’re all talking about how to use technology smarter, more efficiently, brighter all just better to help you do your work and is not only for technically oriented people mean, i go and i interviewed people and i can hold my own in the conversation so you can too on you don’t even have to converse with them. I mean, if you don’t talk to somebody and then just don’t talk, just listen but it’s not on ly for geeks, which is no longer a pejorative now than it was when i was growing up. But now it’s ah, people boast about being geeks but it’s not only for them, so if you’re using technology and ah, you’re odds are you’re listening on a smartphone, so guess what xero embedded in your life using it to do your work accomplish your mission. Then i would check out twenty seventeen and tc get latto all the info at and ten and tn dot or ge and that is tony steak too. Here’s, our second panel on protecting your donor’s data. Welcome to tony martignetti non-profit radio coverage of sixteen ntc this is also part of ntc conversations. We are at the san jose convention center kicking off our day to coverage. My guests are tracy lorts and joshua. Alan tracy is community marketing manager for greater e-giving on dh joshua is not listed in the program. How come? Last minute addition in addition, okay, joshua, tell us your title and your organization. So students engineer with greater e-giving what kind of engineer? Solutions solutions engineer with greater e-giving okay, they’re seminar topic is super boring. Crazy important p c i and protecting protecting your donor’s data. What? Thank you, joshua. Welcome. Thank you. All right, we have to acquaint listeners with what? P c i is i’m going to assume that a lot of people don’t know a post. We have jargon jail on tony martignetti non-profit radio, so we want to start off with you in prison in george in jail. That was tracy, since you’re most concerned about prison justin, maybe you’ve done time, so i don’t know, but you’re not not it’s. Not about jargon. Jail. All right, tracy, what is p c i? So p c i is an acronym that stands for the payment card industry. So it’s, a set of standards that’s put forth by all major card brains around the world to ensure a set of security standards are implemented by everyone involved in the card processing services. Okay, security standards, if you’re involving card processing, is it also dependent on what kind of data you save and whether you save data? Yeah, s o p c i has a set of data security standards called tell them the twelve pc ideas s going to get more darken. And thats the data security standard. Okay, so it’s a set of twelve requirements that are kind of a minimum standard for anyone involved in card processing that you have to meet those standards in order to be compliant with pcs. Okay, joshua, you’re doing this session so safe to assume that a lot of non-profits i don’t know what pc is my assumption, correct? They may not know what it is or they know what it is, and i’m not sure how to start so that that’s what our purpose far session is to is to get people acquainted with with what they what they should start learning to know and then and protect themselves and their donors. Data. Okay, okay, what is it? What is the best way to get started with learning pc? I mean, is it just a matter of twelve gss is or is there a better way to make entry into this for people aren’t familiar? Yeah, you need to know more if they are a little familiar. Yeah. There’s a four different levels of pc i compliance and it’s, based off of the number of transactions that you’re doing on a yearly basis. S oh, that would be the number of people that would be impacted if your organization were to have a breach so larger businesses processing, you know, billions of transactions annually have more stringent requirements than someone on ly processing in the thousand thousand transactions per year range. I’m so most, you know, most large large companies air having to do really, really strict requirements for p s p c i but if you’re a smaller processor, you really just have to complete what’s called the self assessment questionnaire that’s put forth by the p c i council and you have to do it on an annual basis and it’s basically as self verification that you are complying with all the requirements of pcs. Okay, let’s, just take one step back. Joshua if people maybe you’re in a smaller organization on, they don’t really want to take this on which we’re going to be talking about for the next twenty minutes. They could just accept gifts by check. Yeah, that’s always a possibility. Absolutely they could. But as we’re as we’re going into the digital age it’s very important that organizations open themselves up to the other fund-raising streams, including credit card payments and okay, i just want to put it out there. Yeah, just briefly, you could. This really scares you. And it was really small shop. You could just not accept credit card donation, right? But you’re missing out on the town. Of donations. Okay, this is it. It’s. Really? Not a big scary idea. You know that twelve requirements are really simple. Concepts like having a firewall in place. That’s one of the twelve. So they’re things that should be a part of your security process and your security policies is a non-profit to begin with. So they’re things that you should already be doing. It’s really? Just about ensuring that all of the checks and balances are in place. Ok. Ok. What are what are the four different categories? There’s twelve? No, twelve other. There are four categories based on the tear, your revenue, your number of processes for per year. Yes. Okay. You just lay out what? Those forty years. You could just tears called him. Tier one tier don’t know the terminology. I gotta be on the terminology. Okay? Right here. One through four. There’s. Some specific data. So i think she’s. Yeah. So okay, a tier one eye merchants going to be processing over six million transactions annually. That’s, that’s. A lot of, um a tier two. Going to be processing one million to six million. Tier three is twenty thousand to a million and then tear. Forest. Twenty thousand or less. Okay, so we would expect most to be three or four correct, vast majority for yes, okay, but we’re looking in the three and forty years, yes, level for most for most. Non-profits. Okay, all right, we’re just going to go through the, uh, that twelve. Yeah, we can ok. Have all these twelve applied to the tiers three and four, they d’oh okay, no matter what, okay, okay. It’s, just that simple. Should we just took him off? We can. Twelve. Yeah, okay, is there anything else we need to any other ground work we need to set for people who don’t know this stuff like me and anything else i should know before we go through the twelve? Well, i think it may be important that even though you do these twelve steps, it does not automatically prevent you from being breeched or unable to continue with these steps, right? But this is the industry standard is the industry standard. So even if you are breached, you can at least say we’re meeting the industry standards. But we still got, you know, we still got our data stolen or reached, right? It’s it’s not the it’s, not the end. All prevention from right, there’s. Almost nothing. I mean, if you have a bad guy in your or bad woman in your office nothing’s going to prevent that or right out of your office or out of it, so okay, all right, well, we can’t prevent one hundred per cent. We could be industry compliant, and we’ll get into some trouble. If we’re not industry complaint, maybe we should just have a little a little more motivation. What happens if you decide? You don’t want to do the pc adhere to the pc high standards? Are there civil or criminal? Sametz people there can be yes, definitely if you if you have a breach and you’re not complain with p c i or even if you are and you still have a breech, there are some potential ramifications. There’s actually quite a if you um most notably there’s some fees associate it that that your non-profit can receive on and there could be legal action taken against you. Obviously, if there was something that came up, that was ah, a major issue for your organization. So you’re better off. Obviously, if you’re our complaint can’t find them, tracy can’t okay. Joshua said, fees it’s a lot of information. All right, give us an idea of a penalty regularly. Regulatory notification requirements that just be like letting people know that you had a data breach, which is not good. You’re bad organization. Weren’t you weren’t complaining? Definitely. Loss of reputation, loss of donors, potential financial liabilities like fees and fines. And in some situations, litigation could be taken against you. Okay. Okay. And and all those situations, you’re in a much better position if your pc i compliant. Definitely. Okay, alright. Still more motivation. All right, let’s, start with our, uh we got the twelve. These are the twelve gss requirements. Yes, right. And what is the ss again? Data security standard. That a security standard requirements? Yes. Okay, s the number one isn’t install and maintain a fire wall pretty commonly done across most organizations. But obviously important to keep in mind that it’s up to date and that you’re continually checking on its security and making sure that it’s working accurately. Um yes, but you don’t have a three year old firewall. No, no. That’s. Not gonna do you any good. Okay. Ah, number twos do not use vendor supply defaults for system passwords. Okay, let’s, dive into this a little more now. Passwords. Don’t you? What you want to amplify what we should be doing with our passwords. Don’t use password. Wei had panel yesterday. Password? One, two, three, four, five, six, seven, six and p word or so there was another one. Password with a zero for the o that’s. Really common. We actually cover the top twenty five most commonly used passwords in the last year in our presentation. Right? We’ll roll a few off these. They’re all bad people do not use the first one to say this is a list of what not to do with your password. Not what to do? Yes, exactly. Please don’t use these this’s good information for your daily life as well. S o so some of the top passwords are one, two, three. Four five six password one two three four five six seven eight corti more number strings football baseball welcome let me in, master monkey princess, my two favorite that made the list this year were as solo and star wars solo and star wars. Yes, alright, so they’re related. All right, bad passwords don’t use these, don’t you? You’re opening yourself up means the top twenty five passwords in the country. You’ve got to have something a lot more secure than one of the top twenty five, and you have to bet that that hackers that are out there no thes passwords are commonly is and all the other, you know, simple variations like using numbers to substitute for letters in the top things, you know, just don’t do it for god’s sake, how much plainer can we make it? And if you have passwords protecting your donor’s data, don’t use it across all of your your different systems that use that your your organization that is very important as well you’re saying have different passwords for the different software system? Absolutely all right, so don’t use the user default. I mean, don’t use a default password. What else was buried in that one, tracy there’s, little more. I thought, um, that was it. Don’t use vendor supplies, defaults, orb system, password. Now you’re decent password. Joshua wanted to read the next one protect card stored cardholder data. So this’s big now, yeah, that starts going into your files and being sure that the information that you do collect is relevant and important, too, maintaining accurate files, handup, but keeping them in a locked, stored area where they tried to help me out here. What was the research on this one? You want to cut back your risk of someone getting access to cardholder dahna? Obviously on dso, you wanna make sure that if you were using digital systems that use encryption, truncation are masking of card numbers, which means masking would be if you are, if you have a set of credit card numbers that your entire string except for, say, the last four digits, which is the most commonly used, wait up tio mask a card number, all of those air exes except for the last four Numbers so that would be 1 way to protect to the data that you’re storing. Let me ask a threshold question similar to my, you know, accepting check questions. What have you do? Credit card processing? What? You’re not storing credit card numbers, you’re still going to be able to benefit from no credit card transactions, right? But just don’t they have to store the numbers with the advantage there you don’t. So i would say that most on profits or using some sort of external service to actually process card data they, of course, as the merchant in that situation are having they do have access to card numbers for a short period of time when they’re transitioning it from there, their hands into their processors hands isn’t microseconds it’s, it’s seconds, but you never know what could happen, and you also never know, especially if it’s in a digital situation who could be watching what you’re doing that also includes the last four digits of a number or the expiration date as well. That all pertains that cardholder data. So even if you’re only storing the last four digits, yeah, you have to do this. We’re going to make sure it’s secure, okay, so in storing all sixteen and storing all only for no difference, you have to do all these things. All right, it’s. All right, so all right, so back to my simple minded question, maybe. Do you do you need to start, right? So i’m asking, do you need to store it? You’re saying you do have it in your possession for a short time, the microseconds or whatever that it goes to the processor that’s still considered you storing it right? And how did you get that data? To begin with that’s? The other questions to come encrypted. It has to come in in some fashion. So i mean, could it be a donation envelope that had that information written down on it? What do you do with it after you’ve processed it donation envelope? Can you shred it? What if you just shred it? That would be a great way to get rid of it, okay? Or burn it burning well, about having that’s always dramatic, but it actually works. We’ve talked about having burned piles in the office. You have a pc. I burn party. You could end of every week. Yeah, yeah, but you just want to make sure that it is completely, you know, it’s completely out of your hands, you’re no longer have access to it anymore, especially when it includes all of that. Really important cardholder data. Okay? And we’re talking about address name? Just a number. Correct. Not just the card number, but they’re mailing address their zip code. That’s the kind of stuff you do need to save because you wanted to mailings. Correct? Yeah. And and most of the time, you know, that kind of information is stored on under management system and those those systems are secure, so you obviously have to have access to them using a log in and password on dh. That information generally is going to be going to be secure as long as you’re using a really good password. Obviously, yes, way covered, that one. Don’t go back now way, have twelve to cover. I’m sure we’re gonna get it, but they all were with each other. That’s, your sister, all right. Like what you’re hearing a non-profit radio tony’s got more on youtube, you’ll find clips from stand up comedy tv spots and exclusive interviews catch guests like seth gordon. Craig newmark, the founder of craigslist marquis of eco enterprises, charles best from donors choose dot org’s aria finger, do something that worked neo-sage levine from new york universities heimans center on philantech tony tweets to he finds the best content from the most knowledgeable, interesting people in and around non-profits to share on his stream. If you have valuable info, he wants to re tweet you during the show. You can join the conversation on twitter using hashtag non-profit radio twitter is an easy way to reach tony he’s at tony martignetti narasimhan t i g e n e t t i remember there’s a g before the end he hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a short monthly show devoted to getting over your fund-raising hartals just like non-profit radio, toni talks to leading thinkers, experts and cool people with great ideas. As one fan said, tony picks their brains and i don’t have to leave my office fund-raising fundamentals was recently dubbed the most helpful non-profit podcast you have ever heard. You can also join the conversation on facebook, where you can ask questions before or after the show. The guests were there, too. Get insider show alerts by email, tony tells you who’s on each week and always includes link so that you can contact guest directly. To sign up, visit the facebook page for tony martignetti dot com. I’m jonah helper, author of date your donors. And you’re listening to tony martignetti non-profit radio. Big non-profit ideas for the other ninety five percent. Oppcoll Joshua read another 1 please. The next one encrypt transmission of cardholder data across your open public networks. So if you are a larger non-profit working, you know, with the main central office, you want to make sure that any of the cardholder data that you are sending is encrypted, you know, meaning you’re using. No, sorry. What of encryption protocols are in place? Couldn’t find the words are okay. All right, so you need to know. You need yes. You need some kind of expertise to know that you’re encryption. Protocol is correct. Yep. Okay. And that includes obviously working with your particular vendor that’s processing your cards for you that the system that they’re using is goingto also encrypt the data for you. Okay, that was a two way street that they’re encrypting also. All right, what else we got? Joshua let’s. Go ahead. You would protect all systems and gets malware and regularly update antivirus software program. So that mcafee system that it’s always bugging you in your in your bottom, right hand corner to update. You want to make sure that you’re continually keeping up to date with those. Oh, and updating to the latest software, especially with your your your donor management system software as well. So any bugs could be worked out routinely and kept up to date on this. Okay, okay, that was that was malware was an anti virus that is now wearing it tomorrow. You want to make sure they’re europe today and that that that system wide, teo. Obviously, a lot of you know, large organizations have hundreds of computers that are using that network. So you have to make sure that every single device that’s accessing your network is secure and updated on a regular basis. Okay. Okay, tracy want teo, don’t you give us a couple all right, number six, develop and maintain secure systems and applications. S o that’s just basically saying, you know, there are tons of vulnerabilities out there to your security system, and the landscape is constantly changing, so you need to make sure they hear up to date with, you know, vendor provided security patch is kind of like what josh was mentioning with your dahna management system that you’re keeping it up today if there’s any updates that come out with that on dh, that all systems have software patches and are just, you know, you’re managing and maintaining them on an annual basis. Okay, this sounds like another one. That is a pretty common sense. You should be doing this anyway. Yeah, irrespective of your this storage or not, of your credit of credit card data. In-kind yeah, big cognizant of who has access to that. Data in your in your office as well. Okay. Okay. Area right. And what machines it’s on? Yes. All right. All right. S o the number seven is restrict access to cardinal data by business. Need to know s o that just basically means that the people within your organization that have access to cardholder data is limited. And then it’s on ly the people that really need to know what that data is. Eso you just, you know, you want to have someone who’s, the authorized person to take care of of those transactions and that it isn’t open to just anyone, you know, accessing that information. And you really should just generally have a deny all setting for things like processing cards, denial, setting. What does that mean? It just means that that for the baseline, no one has access to it. But that there is, you know, one or there are one or two people that do so the default thie developed is no one touches him. And then we work up from there. Correct? Okay. Okay. Yeah, yeah. I mean, this should be in the hands of you’re donor-centric gift processing department. Wherever that is, someone on the development team, right? But, you know, like the director of development and the vice president for institutional advancement, do they need to know credit card numbers? Not necessarily not know. Yeah, probono depending on the size of your organization. That’s true, that could be the gift processors. Yeah, director development could be the gift processor. It’s alright, but yet fair. Okay, let’s. Give joshua shot hyre let’s. See, i identify and authenticate access to system components. So it’s really important. Tio this hyre goes back in and ties in some of the other, the last two. You wantto uniquely hold everybody accountable for their actions. So the people who do have access, who are processing the cards, you have a system set in place where they have the checks and balances needed to hyre go through the crucial data and systems that can be traced back to them. So a lot of the love, the systems that that are in place, you can you contract who actually process that credit card to access that person’s record because just record in their dinner, we should be able to track treyz back all all transactions and viewings and things like that all right? Yeah. Okay. Is that standard in in aa cms zsystems? Absolutely. Yes. You just have to make sure, obviously, that when you set it up for your organization that you make sure that each person has their own unique logging. So, like, for example, some limes, it’s like admin doc development that’s not really going to be effective and tracking before people could be twelve people. Exactly. Disaster. If it’s more than one. The chicken finger point yet. So all right. You right. You have to have unique log. Yeah. E-giving each person their own unique identification. Okay, report. All right, go ahead. Who’s. Next restrict physical access to cardholder data, which is ah, tracy is a really good example of this. When she used to work for a nonprofit, she is really embarrassing. Way won’t name the non-profit, but she probably could tell the story better, but i attended this organization’s fund-raising ah, year before i started working for them. And they tried to kind of daisy chain a system together to be able teo capture credit card information. A check in it failed them on of that night and their internet dropped and they couldn’t collect card holder information to process card payments for purchases. Made it the event. So they walked around with donation cards and just had people hand right in all of their credit card information on these donations. Pompel pretty common practice, you know, non usual, however, start working for the organization years down the road. I’m going through some old files and what i find all of the donation forms with everyone’s. Credit card information from that event, which was three years previous was laying in an old just laying in an old file disaster. God, numbers, addresses everything. Expiration date, everything. Security codes. Exactly what you don’t want to have happen. So i you know her. I can attest that. You know, this kind of information needs to be out there in the nonprofit world. And organizations really should be considering following the pc. I guidelines. You should be just doing it. Yes. Okay. What a fine. Oh, my god. I got a chill. I don’t think it’s the air conditioning today afternoon, the air conditioning came on. I would say maybe was the air conditioning. But today is it’s not blasting? Yeah, that’s. That’s really is chilling it. Is what did you do? I immediately started all of it. Yes, absolutely. I think they had a burn party, fire bond fire departments to be on call. And what about now? Did you bring it to the attention of of management? They’re absolutely yes, yes, that changed their yes behavior. Yes, definitely. You know, a lot of things. A lot of things have changed since then. It was just, you know, it was an oversight on someone’s part along the way, and it just kind of got for gotten and in the shuffle. And, you know, it was just one of those things that happened, and you just have to it does have to, you know, really you don’t you want to minimize the risks of exposure to that kind of problem within your organization. Let’s, move on. Go ahead, joshua. You want to track and monitor all access to network resource is and that called cardholder data. So if it is, if you if you are storing the physical copies of the last four digits of the number with everything else blacked out or anything you want, teo have that restricted access in a locked filing cabinet with one person having the key and you want to know who has it as well? Okay, excellent locked access, one person, one person. Qi is pretty common sense. Pretty simple, but, uh, they’re easy to spell out and miss one of these. Yeah. Okay. Now what if that person ah, is sick for a day? You know, should narrow. Shouldn’t be some redundancy. Like we have multiple people who consign checks should there be a second key holder so that if a person is out for a day, we need to access that? Yeah. You know, we definitely encourage that you don’t want to give all of the keys to the kingdom toe one person. There shouldn’t be one individual person that’s accountable for all of that. That data and access to that data so definitely should be more than one person that that’s that’s managing. But they’re still has to be controlled, like, maybe have to sign in cracked, you know which, which is an honor system. Okay? Or or maybe now, don’t we use this to, um where this where this data is stored in this physical location, maybe there should be a camera focused on that spot. Just like we have cameras that focused on the desk where the cash gets counted. Right? Ok, so that would be a method of determining who’s been in there. Okay, go ahead. Um, did you just do ten? Ok, alright, eleven regularly test security systems and processes test. Okay, how do we do this? So, obviously you know what? You know when you wanna have a security policy in place, but if you don’t test it to make sure it’s goingto work it’s not going to work s so there could be a potential gap somewhere along the way that you missed on dh the only way they’re going to find out that it was mrs by testing. All right. So what are we testing? We’re pretending there was a brief if you have that camera set up, are you actually actively looking at the camera? Occasionally. Are you testing? Were you testing your checks and balances? Right? Orders the video get get re recorded over every twelve hours. Exactly north. Maybe. You know, maybe seventy two hours is okay. I don’t know how long it may be. Should be a week. I don’t know, but yeah, if it’s too. Short, the video is worthless. What else? What else? I mean, how do you how do you run these tests? What do you what? You’re testing s o i mean, you want to test all of your, you know, excuse me, all of your software components, those need to be tested on a regular basis on dh that i’m that your network is continuing to be secure, that you’re updating and changing passwords to be able to access your network on you know, this is a this is ah, one of the areas of the pc i that’s kind of it it’s definitely the most important because lots of people don’t conduct those scans. I’m but it’s frequently overlook. Okay, how many do we have left on? I was eleven or twelve. Alright, maintain a policy that addresses information security for all personnel. Gotta have a policy, right? Absolutely information. Security name just took off a couple of things and then we got to wrap up. That should be in your policy. Yeah. So you want to make sure that you have ah, usage policy for technology. So if you’re giving access to computers to your users, you want to make sure that, you know, you have things in place to ensure password security. So you want to have restrictions on what passwords can be? How many characters it has to be on let’s. Joshua would give the last word another tickle. Fight him on this number twelve. And this needs to be policy. Yeah. This needs to be incurred grunts with your privacy policy that that that you display with your donors as well like that, they know that you’re being good stewards of their data. Okay? Data as well as biographical and all the other demographic info that you have on them. Absolutely. Okay, we gotta wrap it up there. That’s ah, tracy lords, community marketing manager for greater giving. And joshua alan is an engineer. Solutions lucien’s engineer that’s also a greater e-giving. Okay, tracy. Joshua. Thank you very much. Thank you. Tony martignetti non-profit radio coverage of sixteen ntcdinosaur profit technology conference. Thank you for being with us next week. A new accounting rule that you need to know. Do not roll your eyes. We will make it interesting. I will. I guarantee it. This is going to be with the huge tomb who’s been on. The show before. If you missed any part of today’s show, i beseech you, find it on tony martignetti dot com, responsive by pursuing online tools for small and midsize non-profits data driven and technology enable pursuant dot com, and by we be spelling supercool spelling bee fundraisers. We b e spelling dot com. Our creative producer is claire meyerhoff. Sam liebowitz is the line producer. Gavin dollars are am and fm outreach director shows. Social media is by the excellent susan chavez, and this cool music is by scott stein. Be with me next week for non-profit radio. Big non-profit ideas for the other ninety five percent. Go out and be great. What’s not to love about non-profit radio tony gets the best guests check this out from seth godin this’s the first revolution since tv nineteen fifty and henry ford nineteen twenty it’s the revolution of our lifetime here’s a smart, simple idea from craigslist founder craig newmark insights orn presentation or anything? People don’t really need the fancy stuff they need something which is simple and fast. When’s the best time to post on facebook facebook’s andrew noise nose at traffic is at an all time hyre on nine a m or eight pm so that’s, when you should be posting your most meaningful post here’s aria finger ceo of do something dot or ge young people are not going to be involved in social change if it’s boring and they don’t see the impact of what they’re doing. So you got to make it fun applicable to these young people look so otherwise a fifteen and sixteen year old they have better things to do if they have xbox, they have tv, they have their cell phones. Me dar is the founder of idealist took two or three years for foundation staff to sort of dane toe add an email address card. It was like it was phone. This email thing is right and that’s why should i give it away? Charles best founded donors choose dot or ge. Somehow they’ve gotten in touch kind of off line as it were on dh and no two exchanges of brownies and visits and physical gift. Mark echo is the founder and ceo of eco enterprises. You may be wearing his hoodies and shirts. Tony talked to him. Yeah, you know, i just i’m a big believer that’s not what you make in life. It sze, you know, tell you make people feel this is public radio host majora carter. Innovation is in the power of understanding that you don’t just do it. You put money on a situation expected to hell. You put money in a situation and invested and expected to grow and savvy advice for success from eric sacristan. What separates those who achieve from those who do not is in direct proportion to one’s ability to ask others for help. The smartest experts and leading thinkers air on tony martignetti non-profit radio big non-profit ideas for the other ninety five.

Nonprofit Radio for November 20, 2015: Get Creative & Safeguard Your Donor Data

Big Nonprofit Ideas for the Other 95%

I love our sponsor!

Do you want to find more prospects & raise more money? Pursuant is a full-service fundraising agency, leveraging data & technology.

Sign-up for show alerts!

Listen Live or Archive:

My Guests:

Lissa Piercy: Get Creative

Lissa Piercy

Thought about poets and other artists as part of your board meetings, trainings and conferences? How about open mics? Lissa Piercy reveals why you need to consider these and how to get them done. She’s executive director at Strength of Doves.

 

 

Scott Koegler: Safeguard Your Donor Data

Scott Koegler has tips on how to preserve and protect your donors’ sensitive information. How much do you need to save? He’s editor of Nonprofit Technology News. (Originally aired on December 6, 2013.)

 

 

 


Top Trends. Sound Advice. Lively Conversation.

You’re on the air and on target as I delve into the big issues facing your nonprofit—and your career.

If you have big dreams but an average budget, tune in to Tony Martignetti Nonprofit Radio.

I interview the best in the business on every topic from board relations, fundraising, social media and compliance, to technology, accounting, volunteer management, finance, marketing and beyond. Always with you in mind.

Sign-up for show alerts!

Sponsored by:


View Full Transcript

Transcript for 267_tony_martignetti_nonprofit_radio_20151120.mp3

Processed on: 2018-11-11T23:25:56.877Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2015…11…267_tony_martignetti_nonprofit_radio_20151120.mp3.41143129.json
Path to text: transcripts/2015/11/267_tony_martignetti_nonprofit_radio_20151120.txt

Hello and welcome to tony martignetti non-profit radio big non-profit ideas for the other ninety five percent. I’m your aptly named host. Oh, i’m glad you’re with me. I’d be thrown into tableau paralysis. If it came to mind that you missed today’s show, get creative thought about poets and other artists as part of your board meetings, trainings and conferences. How about open mikes? Lissa piercy reveals why you need to consider these and how to get them done. She’s, executive director. At strength of doves and secure your donordigital scott koegler has tips on how to preserve and protect your donor’s sensitive information. How much do you need to save he’s, editor of non-profit technology news that originally aired on december six twenty thirteen between the guests on tony’s take two five minute planned giving marketing responsive by pursuing full service fund-raising data driven and technology enabled, you’ll raise more money pursuant dot com. Dr a trip or journey in a car also an internal, biologically determined urge to attain or satisfy a need. It is after ten p m on a friday night, and i’m standing alone in a laundry room in boulder, colorado, a student in a social entrepreneurship program my whole life is waiting for me back in boston, i am watching the live stream of a national poetry slam competition. I am watching the first poet i added to our roster win a national poetry slam competition. I am fist pumping the air, i am stumping my foot! I’m screaming to an empty room. I’m remembering yesterday when i questioned why i had taken on the task go starting a business in the first place. I am crying and smiling and balancing computer and cell phone and laundry and coffee and laughing because this is what a start up looks like when i opened my computer one hour before tomorrow on a friday night and cringe at the emails that all seem urgent that all scream no sleep when the coffee wears off and the grant application start to blur when the mission feels miles away from my office when my office is really just a coffee shop or a living room or a kitchen when i stare at spreadsheets that looked like foreign language, like potential failure or future like risk risk, a situation involving exposure to danger. Also, every time i have ever followed my gut, sometimes you’ve just got to throw out the plan and follow your gut, grit, courage and resolve strength of character. Also small, loose particles of stone or sand. And some days i feel like sand small enough to slip through the cracks of this foundation i am building. In those moments, i think of the poet who risks reputation on a national stage to proclaim her love of women. The poet who tells the story of her sexual assault so that a girl in a middle school classroom can finally feel safe confessing the violation of her body. The poet who rejects gender pronouns and reminds me that this world has never been binary. The poet who run straight into vulnerability and somehow comes out stronger for her honesty. These poets so purpose into fists i wanted to raise at a world that took my father away. These poets raised their hands. Up, don’t shoot taught me to proclaim don’t shoot in my name, these poets, the heart of these poets heart, hollow, muscular organ also the center or innermost part of something. And aren’t we all just trying to find the innermost part of something thing? It took poetry and entrepreneurship for me to find the innermost parts of me. Lissa piercy she is co founder and executive director at strength of doves, an agency which is itself a non-profit the represents socially conscious, activist spoken word artists, they connect poets to venues and organizations. They’re at strength of doves dot com and lissa is at lissa poet the sapir c welcome to the show, thank you so much for having me beautiful energy. Tell us what is the story behind that? Well, i was actually commissioned to write that poem by the center for social impact learning, which is part of a graduate program with middlebury it’s, located in monterey, california, and they asked me to write a poem for their launch of this social centre. So i put up a facebook status and asked my entrepreneurial friends to tell me the words they think of when they think of social entrepreneurship and i got a bunch of words and a lot of them are in that poem, so dr grit risk. And so then i put a poem together for the launch of their center, and the name of the poem is is called dr excellent. All right, so we’re talking about maur creativity inside your organization outside the organization, using poets and other artists to sort of open things up. Yeah, and let’s, let’s start with, like, internally intern where where might we bring in? Argast? S o i think that internally creativity and a non-profit you can start with your board meetings or even just kind of your regular staff meetings. So i like to say that you know, a lot of the time we think about innovation when it comes to our programming or our products. We don’t always think about innovation when we’re thinking about how we run a meeting on a monday morning or board meeting so it can start with kind of basic creativity like, for example, there’s, an organization called the millennium campus network. Their board meeting, one of their board members told me recently, was the best board meeting she’d ever been tio, they didn’t use poetry, but what they did was they created a hackathon in their board meeting, so they were really creative about how they put the board meeting together, which i thought was fascinating. So i talked to abigail, who had created that plan, and she said that for them, creativity started with the way they set up the room. So thinking about what’s on the walls of your room in your meeting and what? What are you doing to kind of create a setting that feels different than other board meetings? Do our other monday morning meetings? I think, for example, there’s, a site called button poetry, it’s, a youtube channel and there’s tons and tons of spoken word poems. They’re they’re typically about three minutes long. You could even just play a poem at the beginning of your meeting, and it opens up a part of the brain that gets you thinking in a different way, and i just think so often we look at meetings is something that we dread going to and sitting through. So you start by infusing something different at the top of your meeting, it can really shift and change. The whole energy of the meeting do you think it’s risky toe invite meeting participants, too, do their own performance? No, i think actually you’ll get surprising results if you do that. When i found i run open mic set conferences so, like the opportunity collaboration, i did some stuff with the school world forum, and what i’ve found is when you invite the community to be part of being creative, they bring inside you, that you didn’t know that they had, and often those things can actually be used to infuse organization with new life. So yeah, bring in, bring in creativity from people that already you’re sitting at those meetings with you for sure, and we’ll see another side of people. Yeah, absolutely. It may not be poetry. I don’t know. It might be a song. It might be a guitar that they play someone’s a drummer. Someone has a poem and someone else plays behind them. I mean, the the options are endless when you bring in creativity in new ways. You mentioned opportunity collaboration, which is very collaborative and that’s where we met just like a month or so ago. Six weeks ago. Roughly. Yeah, in mexico? Yeah, and i run there open mike every year. And i talked teo jury in aunt over the team that put it on every year. And they said that one of the reasons why they like having the open mic is that it brings collaboration in a new way on people rave about it because they get to see those different sides of people. Also, something that i’ve often said is, you know, if you meet me and we talked for five minutes, you might find out that i live in boston or that i run strength of doves you’re not going to know intimate details of my life if you see me perform in an open mic, you know how hard it was to start my business, you know, personal details about losses that i’ve been through, and we connect in a deeper way, and then collaboration is richer because we care about each other as people, not just a cz business partners in a collaborative, collaborative setting, listening to drive, we learned some very intimate details about your dad’s death. Okay, very energizing, right? Well, let’s, go out for a break when we come back listen, i’m going to continue, of course, talking about getting creative. We’ll have live listener, love, et cetera. Stay with us. You’re tuned to non-profit radio. Tony martignetti also hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a quick ten minute burst of fund-raising insights, published once a month. Tony’s guests are expert in crowdfunding, mobile giving event fund-raising direct mail and donor cultivation. Really, all the fund-raising issues that make you wonder, am i doing this right? Is there a better way there is? Find the fund-raising fundamentals archive it. Tony martignetti dot com that’s marketmesuite n e t t i remember there’s, a g before the end, thousands of listeners have subscribed on itunes. You can also learn maura, the chronicle website philanthropy dot com fund-raising fundamentals the better way. Welcome back to big non-profit ideas for the other ninety five percent live listener love got st louis, missouri, brooklyn, new york and new york, new york new york’s checking in excellent lovett i’ve listener love yes, let’s go abroad always have very loyal seoul, south korea of listeners. Remarkable. I don’t know if it’s the same person all the time where people it’s multiple multiple in seoul, anya haserot for mexico city, very close to where lissa and i first met because we were in x top a at the opportunity collaboration we were talking about mexico city. Welcome live listen her love to you. What can i do? Keitel look, it’ll there was my thank you anytime and also in japan, tokyo and osaka checking in konnichi wa live listener loved all of our live listeners, and of course, we never forget affiliate affections for our multiple many am fm stations throughout the country. Affections if you’re listening on the terrestrial stations and, oh that’s, ah, terrestrial affection! I gotta work on that there’s something there and station affection, terrestrial and also podcast pleasantries never forget the podcast listeners over ten thousand i’m painting houses, washing dishes, whatever. It is you’re doing as you listen. Pleasantries to the podcast audience. Okay, listen. Thank you for helping. Yeah, now i have tried it with any time. Spanish mexico city that’s. Why? I like opportunity collaboration because i get to be i get to speak spanish more than i do on my regular day to day life. Do you do to poetry in spanish? I have a couple of lines in spanish in my poems. Everyone smile in my international women’s day poem. I talk about the venezuelan constitution, so i say constitutent dahna venezuela, but i typically i like there’s a line about using spanish because i’m not of dissent. That is latin at all, so i’m careful about how okay? You know what, that’s a much larger conversation about appropriation. And don’t betray yourself appropriately. You would feel yes, exactly. Um all right. So, let’s, keep talking about eso these internal. This idea of board meetings? Yes. Now i have had a lot of guests recommend. In fact, one michael davidson was just last last week recommending having people who are benefiting from your services come and deliver a presentation at every board meeting. So they are sharing. Fashion their tears about how your organization save their lives, improve their life, you know, maybe there’s some creativity there, you could ask someone like that toe do a performance instead of just read some paragraphs. Yeah, so one thing that i think is really important to note is, especially with organizations that are working organisations working with youth tons toe already think about maybe creativity, poetry, open mikes. It doesn’t only need to be youth there’s a lot of opportunity to do some writing workshops in any demographic i really believe, and if you’re producing content like that, you can have someone come in. It also, though, gives the opportunity to let’s say, you’re an organization a non-profit that’s working outside of the united states, but your board is primarily in the united states. If you do a writing project with the people that you’re working with on the ground and you bring back some of those writing samples and they’re available on the table during the board meeting during the coffee break, that’s the kind of thing that people in your board can look at even if you don’t have time to be reading their material or having a guest come into the actual board meeting. Okay? I mean, even in that case, you could have maybe someone who’s trained reading those store absolutely a voice artists or something like that fresh rather than just the one dimensional reading painting with a broad what else? Any other ideas? You know, the internal internal creativity as well? One thing that comes to mind is, you know, every organization faces kind of pain points, things that they’re struggling with. There are a lot of conversations now around diversity. And how do you talk about diversity within organizations? There are other challenges the leadership changes that happen or, you know, anything that happens internally. I really think that that organization should think about looking to more creative ways of having conversations around those tough things. Later on in the show got ilsen nasco mrs who the really amazing poet with the dialogue arts project, is going to be reading a poem on air and their organization will come in and do a full training, and they use spoken word poetry at the top of the training to get everyone’s kind of juices flowing. And then they do trainings around diversity around. Pain points within organization, so for those organizations that are going through maybe a transitionary moment or need some kind of a different training instead of just checking the box with, oh, we talked about diversity think about looking for creative resources that are out there to bring into those training’s you’ll have a better experience and your staff won’t feel like you’re just checking the diversity box, which i think is really important. Am i out of touch if i keep saying poets instead of spoken word artist? No, no, i have i missed twenty fifty by mr change of century, i think. First, i think the biggest distinction that often happens is a slam poet versus a spoken word poet. Slam poetry is a form of spoken word. It’s a competitive style of spoken word at least that’s the way i distinguish. But yeah, spoken reports are definitely poets the way that i think about it and this definition is different depending on who you talk to is spoken word or performance. Poetry is performed from, like the tip of your pinkie toe to the tip of your finger out the top of your head and you can also be a written poet that is publishing books as well. You’re also thinking about how am i presenting this poem beyond the page and that’s? Kind of what a spoken word are a performance poet is doing in my definition of it. Okay, so so if i say a spoken word artist. Yeah. That’s that’s what? I mean, that could be the same as poet or official versus slam performer. Yes, exactly. Slam is competitive. Yeah. How did americans turned poetry into a competition sport? Well, it’s gotten a lot more people paying attention to it. That’s for sure. So hey, that’s, it started. It originated in chicago. A guy named mark smith who is a construction worker, and then here in new york. There’s the moth that’s like storytelling. There’s also the nia recon is another location that does poetry slams you’re american. Say it one more time in new york weekend. Okay, mahogany brown is a poet. She’s actually on our roster. And she’s, an amazing poet who hosts their poetry, slams their team when you compete against their team. You come prepared, let me tell you. Okay. New york has some great poets. Okay, now, what’s. Your background you have. Ah, what is this? Oh, so social around? Yeah. How did you get into poetry? I started doing open mikes in college after i lost my dad and i went through two and a half years where i lost seven people in my life. And this is a lot of grief and poetry was the only thing that could really motivate me to get out of bed and go to things. I was running the open mic group on my college campus and then actually turned down the opportunity to apply for a fulltime social work job to figure out how more of these amazing social change poets could be earning a living from their poetry. And now we have strength of doves where we put poets in performance opportunities and workshop opportunities toe to really bring this to kind of communities that haven’t necessarily thought about spoken word. Poetry is a tool because it really is a tool. And the other thing i’ll say is the reason i think spoken word in particular, i think all forms of art are important and open up our brains in new ways spoken word is extremely accessible, so a really strong spoken word artist, in my opinion, is using poetry and using language in a way that someone who’s maybe never thought that they liked poetry or never thought of themselves as a creative person before can now access a really creative art form and begin to open up the idea from themselves that, hey, maybe i could write, or maybe i can open up this creative things, but what do we say to the people whose eyes glaze over? Oh, poetry it so it’s beyond may i don’t get it? Yeah, you know, it just doesn’t reach me. Listen, tio, watch two videos on button poetry or go search dialogue, arts project poets, strength of doves, poets i really have never seen it happen where someone said, i don’t like poetry on. When it’s exposed teo a couple of videos and said, i still don’t like poetry, it’s just not what you’re thinking of when you think of poetry. If you had a boring english class on poetry, poetry does not need to be born, i promise. Give me a subject that you like, email me a subject you like and i will send back a poem. That you will like about that subject. Okay. Do you want to show your email? Oh, yeah. It’s lyssa at strength of does dot com. Okay, listen, l i s s yes, challenge me. I guarantee i will be able to draw you in with someone else’s problems. Okay, cool. Let’s go outside. Our organizations have a like a mirror. So before we bring in carlos yeah. Conferences, galas, gallant fund-raising events. Why are fund-raising event so boring? I’m sorry if i’m offending anyone out there, but i just think we need to address this. So these gallows where you have a dinner, any of a bunch of speeches and so there’s a moment at a lot of these events where, you know, people are eating dinner and kind of talking to each other, and then you want to get everyone’s attention. So someone clicks on a glass, someone in charge of the organization says, welcome, everyone kind of turns their attention begrudgingly to the stage, and then they’re a bunch of speeches sometimes there’s really fascinating stuff in those speeches, but we’re not really our attention isn’t necessarily drawn immediately to the stage. The person sending welcome welcome zoho please hide me. I want to hear my gladstone brandraise oversignt neo-sage chimes. If you’re in a fancy paint bonem bungalow exactly. So it’s dead? I think everyone should try finding a spoken word poet and putting them on that stage. That’s, the way you get people’s attention don’t even say welcome like we just opened our secondly, just drive a trip or journey in a car really loud, really punchy everyone’s going to turn to you if you want to go a step further, you can hire a poet to write a commission to poem about your organization, and now in three minutes you’ve explained everything you’re doing. You’ve got everyone’s attention and you just invested all this money and all this time and creating this event. Don’t you want to vent the people going to talk about after the fact they’re going to be more likely to talk about it? If it’s different bringing a poet if you don’t for some reason believe, listen with all their energy and zeeland enthusiasm, think about what happened in beginning this segment we threw you in with lissa was completely different different format you said you turned into well. What is? That that’s, the only way latto college, did it with their market radcampaign recently. All right, we got carlos andres gomez, award winning poet member of the dialogue arts project, on twitter, he’s at carlos. A g live. Is there anything you want to introduce before before carlos carlos, let me say, just say, welcome, welcome to the show so much. Tony thinks my brother, carlos i’s, anything you want to say, i just want for everyone out there. That’s not, you know, always listening to spoken word. This is such an amazing opportunity. Godless is kind of a titan in the community and just does really amazing work, using poetry to have really important conversations. Carlos, please. Thank you so much. This poem is called tense. I’m holding my friend gino’s hands and asking the army recruiter for more information about the marines. Please, i say he fits with his cufflinks, pause it, his necklace through his shirt drags the back of his hand across the close shaven sand paper of his chin. Gino is staring him down through the island. Artie wears like a middle finger. We watched a stranger caught between the train movements of a machine and the churn butter in his body. Just like mine. Two months before, when i said, hell no toe a trip to the gay club, i just don’t want to leave and he went on it be like colonizing the space, i said which sounds a lot better than i’m uncomfortable i wouldn’t know how to stand what do i do if a song i like come on in zambia i walked the dirt roads of a slum my pinky finger intimately wraps around the smallest digit of the most infamous guy on the block. He was my friend. It is how friends walked the streets there. When i greet my iranian friend’s father, we embrace chief twice in thailand. My host casually patted my leg the first family dinner, i nearly jumped out the window, thinking he was reaching for something else. Everyone laughed, probably confused as to why this strange foreigner had been trained to be so foreign to the gentle touch of a man, a passer by give me and gino matching name i tongue the word around in my mouth. Feel the tender sting, make a home in my torso, stare at the word brotherhood splayed across the camouflage banner. The recruiter stares down the table, and though it holds the secret code to life’s, great questions, it’s corrected, stutter and suddenly overcompensating stands blend into the decorations behind. So much so that i can barely even tell he is still there. He pretended, if we are not, begin sorting and then re sorting the three lonely pamphlets dwarfed by the large rectangular table where they now six boys. Please. I’m just doing my job. His mouth bag in a voice so small and so human. It makes me feel like i have just blurted out a secret. This man has given his life to guard like freedom. Carlos andres gomez! Carlos, thank you so much. Thanks, carlos. Thank you so much. Let’s. Send tony. I don’t know why i have watery eyes. I just first listen, you know, i would need to think about it more, but but it moved me because i do so that’s. The kind of thing that dialogue arts project works. I would start with wood with poems to kind of open up a new space in everyone’s head and kind of i mean, the energy, even in this room, while we’re listening here in the studio just calms down. And there’s, you can start having conversations about your own experiences that can lead into deeper conversations for more shared understanding within your organization. Carlos, we have just like, a minute and a half or so. Do you want to share anything about that? About the poem? Yeah, sure. I mean, i was, i think, there’s there’s. So much to be there’s. Someone is so easy to have a very, i think superficial, topical conversation. If we if we wantto engage someone about gender or sexuality or any of these huge hot button issues or topics or anything related to identity and i think the biggest thing that dialogue arts project believes is that using personal narrative and using something artistic as a medium for that personal narrative that is the most that is the most, i think dynamic way to enter a conversation, because that that home, the true story, right about me walking down the main walk with the university of pennsylvania and i think me telling that story. It immediately invites other people that share stories in a way that that i think invites people into a vulnerable space, as opposed to having an intellectual discussion that doesn’t have any stakes involved and ultimately is not a meaningful conversation. Carlos on, listen, we have to leave it there. Excellent regardless, thank you so much. Thank you so much for sharing. Thank you, much less a piercy cofounder, executive director at strength of doves, its strength of doves, dot com and again on twitter, she’s at lissa poet thank you, thank you, thanks a lot. Coming up, secure your donordigital first pursuant, they reached out to me today to renew their sponsorship, like two months early, before i had even asked the email says their leadership is pleased with the partnership, and that gives me two thoughts. First, you need to check out their fund-raising tools because they are perfect for small and midsize non-profits pursuant, dot com is where they are. Second, if you want a partnership with non-profit radio let’s talk, i get results for sponsors now. It’s time for tony’s, take two my video this week is five minute marketing for planned e-giving it’s, a tiny piece of a ninety minute program that’s packed with easy and smart marketing strategies around planned e-giving if you want the teaser video it’s at tony martignetti dot com, if you want me to deliver the full program to train your office or conference audience, let’s talk that’s tony’s take two for friday, twentieth of november forty fourth show of the year. Scott koegler is the editor of non-profit technology news and used to be our technology contributor. He was there from the beginning for a long time. They’re at n p tech news dot com and he’s at scott koegler on twitter from the december six twenty thirteen show here is secure your donor. We’re talking about safeguarding your donordigital what are the, uh, what of the potential risks here if donordigital is compromised? Well, there’s a lot of actually tony and what’s, probably the biggest one is that not just the beta is stolen, but the information about your donors is compromised and that’s something that has made a whole lot of headlines recently well, over the last few years, actually, um about, you know, different different companies having having their data breached, having there credit card information, solan and now people losing, losing the privacy of the credit information identity theft by another word. So there are implications that are certainly public relations you don’t want to be, you know, it may not be a headline if you’re a smaller midsize shop, but you can have a public relations problem among your donors and volunteers without it being in the headlines. There’s legal implications and you couldn’t even have, like some financial problems mean, if people if it comes to the point of people suing you, are you having to pay for damages? Definitely, definitely. You know that i moved to south carolina recently, and last year i think it was earlier this year, actually, the the the state government website was breached. And supposedly all of the information that that anyone who has filed tax returns in the state oh, my goodness. Stolen. So, you know, i mean that’s bad enough. I haven’t actually heard of anyone who was, you know, was affected by having their identities stolen. But what happened was that the state, aside from the, you know, the political and and other kinds of just, you know, general discussion about how things were handled badly, they had to offer a free subscription service to an identity theft, monitoring service to literally everyone in the state. Oh, my and a couple people. And so on, top of on top of having to rebuild their infrastructure and, you know, tighten down their security. Um, you know, they have that financial burden, but, you know, just added something. So yeah, financial consequences definitely did this stuff the car during the five days when governor mark sanford was off with his girlfriend in in argentina, is that when that happened, it could have i don’t know, i you know, it could have been an argentinean internet connection. I’m good provoc story on he’s reputation has since been rehabilitated because he was he was elected. Tio what the house of representatives, i think for for south carolina? I think so. Although i have to i have to admit that i haven’t really followed much of the south carolinian political situation, even though i should have. Okay, well, you’re you’re new resident. Well, i am your break now did vote so i guess it’s good. What part of the problem with identity theft, though, is that people the bad people don’t use the data right away because they know that everybody who’s data was compromised is eyes on the lookout, but they’ll wait. I mean, they’ll wait three for five years and use the data then when your date of birth and social security number haven’t changed and maybe even your address hasn’t changed. And and by then people are not on the lookout for the for the theft because it’s been so many years since it occurred. Exactly exactly, and then it’s also hard to track down where that breach came from, because if it wass, for instance, of small provider, small company or a small non-profit they got they got breached? Uh, may not have been reported, right? Not everybody owns up to it, and actually not everybody actually knows that they’ve been breached. Right? Rights, it’s not in the hacker’s. Best interest to notify anyone that had that great yeah, yeah, now it gets it gets discovered by some audit. Or maybe the hackers will sloppy or something like that, but yeah, i’m sure there are lot of instances where organizations don’t even know that it’s happened. All right, all right. So if we’re going to protect our donor data, what do we need to be thinking about first? Well, the first thing is pretty obvious stuff is that, you know, if you don’t need the information, don’t keep it, don’t collect it, don’t get it one of the pieces of information, of course, that that non-profits do want whose credit card information, uh, and some sites you know, amazon in particular, and pretty much any e commerce site collect credit card information and then there’s a convenience to the chopper. The store that information? Yes. And, you know, it’s convenient and in a situation like amazon, people may go back there and by things you know, almost daily, and so in that case, it really is a convenience, so you don’t want to. I don’t want to keep entering my my credit card information every time i buy something for non-profit that that, um the frequency is probably significantly less than what amazon gets, and we would certainly hope it’s more frequent, but reality is they’re probably talking about a few times a year at the most. Yes, so in those cases, um allow the credit card information to the energy you sure that’s over a secure line and that’s here’s a jug and peace for https that’s uh uh that’s the secure website connections that links the website that someone’s feeling to the with a back end server store some reason, scott, i know that http is hypertext transfer protocol, right? And then i believe the asas a few yeses for secure. Okay, sorry, sorry. Nobody cares about nobody cares. Um, so and that part right there just means that someone monitoring are tapping into the line isn’t just catching the data while it’s streaming by them on dh collecting it that way, that’s the first line of security. But the second one news, you know, use the information, make the transaction, get the get the donation into the bank account, and then just don’t record the credit card information. And just by doing that, you’ll probably solve. I’m going to say at least fifty percent of the of the problems that a data breach can cause for constituents for donors. There’s other information that would fall into those to that category, i’m thinking, like date of birth, social security number, even even address? Yeah, address an email. I mean, you don’t want those to be compromised. Yeah, here’s an interesting piece of security information. Did you know if you have a person’s first name date of birth and their zip code, you can find out through there first name, date of birth and zip code that’s enough to identify? Yeah, yeah, that makes sense. We wouldn’t you? Yeah, when you say it, it makes sense, but somebody wouldn’t think that those if you’re not, if you’re not in a security role, you wouldn’t realize that those three things can be really damaging and you could find everything about those. So i mean, date of birth, i mean, probably non-profits don’t have to save date of birth, right? Date of birth, you know, probably they probably do need address information in order to send maybe a ten, ninety nine, you know, donation form at the end of the right, right? But certainly so security number is not necessary. I don’t think that’s required for ten, ninety nine. Well, non-profits aren’t sending ten, ninety nine’s. They’re just sending they’re just sending acknowledgement letters. Okay, so, yeah, ten. Ninety nine’s that’s for contractors. So so it wouldn’t you wouldn’t need it. It wouldn’t need you would not need it for donors. All right, but so there’s there’s information that we should save. But we should look scrupulously at what we are actually preserving is the point. Okay, what you need and don’t even ask for what you don’t need. And those things that you do need no dahna on a short term basis, like credit card information. Just believe it. Okay, okay. There’s still information that you need and there’s information that you want to keep. You want to keep the name, the donation history, maybe their activities. You may want to. Keep their their their address, and they want it. Particularly if you do send out snail mail kinds of information. You know, newsletters do still go by on paper. Uh, okay. And so there is information that you want and here’s, one of the ways that south carolina system was breached tonight, if they could have avoided the entire disaster with the effects of the disaster. Maybe not from a public relations standpoint, but from the effect on its citizens. By encrypting the data with health so well, where he talked about, you know, using a secure internet connection tps. And that applies and encryption to all of the information going across the internet wire. But once it reaches the program that stores the data, um, you know, that data is stored in a database, and the database is usually, um, pretty transparent. In other words, you can open the database. Look at the information and it’s you know, it’s in english. It’s in what’s, commonly called clear text. So it’s, you know, you can look at it with a human being can read it and understand it. Um and i know it’s easy and it’s the way that things are stored most of time. Um, what south carolina did not do. And actually, a couple of others didn’t dio notable ones are adobe and link them okay? Not small names and people that you would think would know better. They did not oppcoll the contents of the database. So what that means is if the data is not encrypted, hacker gets in, they download the database and they can use it’s all visible in clear text. Okay. Okay. All right. So so the data that we do store, we should consider encryption, right? Absolutely. Absolutely. Encryptions pretty easy. Most databases have it as a non option. You could just, you know, take a box and bingo. It’s all encrypted. So we have to also consider where this data is safe, right? It’s? Lots of different places and including portables. Right? Um, sure. Cellphones get lost, laptops gets stolen, all those kind of things happen. Uh, i don’t know that. There’s an additional answer there. I mean, certainly you can password protected cell phones and laptops, but typically people don’t do that. Yeah, well, we’re going to get to policies that that they should be doing so, but they’re also the data is on servers. In your and hopefully your server closet is secure. I’ve seen a lot of servers that including businesses, small businesses where, you know, it’s in a like a ah whole janitorial closet or something up on a shelf. Definitely not secure it all, but data can also be in the cloud exactly that it could be in the cloud. And it’s kind of a counterintuitive. I’ll just give you my personal take on this. I think on. I believe that data is stored in a all right. You know, properly created cloud environment. It was much more secure than something that’s residing in your server. Uh, at your office. Okay, what did i tell you? Why? You know, first of all, servers in officers are managed by by people in those offices, typically and except for, you know, very large, non-profits most of those people are not, um, it’s, not a full time job to manage the security of the server right there doing other things. They have a full time job for a part time job and a piece of a part of a tiny portion of that time you maybe to make a back-up with the server on the other hand, cloud based systems, it is business it’s only business. Not only are the, uh, typically bound by terms and conditions of the contract with that you have with them to protect your data if they’re breached, uh, rage stands to lose their entire business just from the bad p r so it’s in their best interests to keep their, you know, their customers, clients, data secure, you know, they those kinds of environments, too, support the https secure connections they do typically encrypt the data. I’m not saying you don’t need to check those things, but i do believe that it’s, no overall, safer environment, leave it in the hands of the professionals. Okay, we have we have to go away for a couple minutes when we come back. Scott. Now, keep talking about safeguarding your donordigital. We’ll get into some of the policies that you should have. Stay with us. Like what you’re hearing a non-profit radio tony’s got more on youtube, you’ll find clips from stand up comedy tv spots and exclusive interviews catch guests like seth gordon, craig newmark, the founder of craigslist marquis of eco enterprises, charles best from donors choose dot org’s aria finger do something that worked and they only levine from new york universities heimans center on philantech tony tweets to he finds the best content from the most knowledgeable, interesting people in and around non-profits to share on his stream. If you have valuable info, he wants to re tweet you during the show. You can join the conversation on twitter using hashtag non-profit radio twitter is an easy way to reach tony he’s at tony martignetti narasimhan t i g e n e t t i remember there’s a g before the end he hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a short monthly show devoted to getting over your fund-raising hartals just like non-profit radio, toni talks to leading thinkers, experts and cool people with great ideas. As one fan said, tony picks their brains and i don’t have to leave my office fund-raising fundamentals was recently dubbed the most helpful non-profit podcast you have ever heard, you can also join the conversation on facebook, where you can ask questions before or after the show. The guests are there, too. Get insider show alerts by email, tony tells you who’s on each week and always includes link so that you can contact guests directly. To sign up, visit the facebook page for tony martignetti dot com. I’m dana ostomel, ceo of deposit, a gift. And you’re listening to tony martignetti non-profit radio. Big non-profit ideas for the other ninety five percent. All right, scott, we know what data we’ve got and what we need to save and not save way we know where the data is stored, what kind of policies should we have in place? Yes, well, as you mentioned, it’s it’s a good thing to have a policy that says, you know, you need to secure your devices with a password so that every time you use that needs to be long, then, um, in my experience that that may work in corporate environments where the item shop has the ability to actually manage the devices that were used by their brother employees, but in an environment that says generally as loose as a non-profit becomes pretty difficult to force for one thing, you know, you’re your volunteers may already have bones that are being managed by their brother employers, so we got a conflict in that in that area, i’m still it’s a good thing to do. Um, certainly you want to be sure that the staff isn’t writing things down on pieces of paper, so if they are recording things, they are being recorded in a digital format in a secure form that so that whatever protections are being enforced in the room that digital connection are being used. They may not be one hundred percent, but it’s better than nothing for sure. We should also have policy around who has access to different pieces of data, absolutely. And that has to do with the, uh, the applications that you’re using to store your information some of the more simplistic applications, for instance, locally, you know, homemade databases, spreadsheets, things like that have very limited security options, right? Most of the most of the non-profit applications that are available commercially, i have what they call multi level rules so you can define a roll of manager out of the data entry work no, no hosting, volunteer and different kinds of rules like that in each one of those can have different levels of access to information. So somebody who’s carrying around a tablet that in the event registering people for the event, they only have access to the data entry function for that piece, it certainly would not have access two historical e-giving and other other information has already been recorded when i go teo cem, clients on i’m using their database there’s data that i can’t see? Social security number. For instance, i i can see that it’s preserved, but all i see in that field is a bunch of stars. Date of birth, i think is another one. Or maybe i see the year, but not the day in the month. Something like that. So there there are there are data, ways of preserving and i log on to that database so it knows who i am and what level of access i have. Exactly. When i was, that reminds me of when i was in the air force, i had i had top secret clearance. And then beyond top secret, there was something called psyop. Yes, i which wass was those top secret? T s psyop was the single integrated operating plan. And then, yes, i was for extra sensitive information. So you could have t s and then you could go beyond that, and then beyond that. And then there’s, you know, obviously there people who had hyre levels of security clearance beyond me. But i had top secret c i a p ece. Anyway, uh, so just just exactly as you told me that. Tony, you kill me, right? Right now. There. Are other reasons i need to kill you. Is that another doing? Just revealed. Okay. All right. So the software can help us. All right. So this is part of our policies is who who has access to what? On a need to know basis, right? That’s, basically, what do you need to know? To do your job? Sabat. Exactly. And there’s one two things i’ll bring up here one is that, you know most well, most a lot of instances of breach come from not getting rid of logging access. That is not necessary any longer. So someone leaves the organization. The very first thing that should be done is that loggins should be deactivated. Deleted whatever. Yes, at the very least. Password changed. But there are lots of, uh, lots of instances where that wasn’t done immediately. And the data, you know, goes away and let’s face it. No, it it’s not just a friendly departure. That person is more likely to take action immediately than they are, you know, months down the road. So quick action is is really, uh, you know the right thing to do. Let’s, talk a little about insurance. There’s, there’s, cyber insurance. There is dahna and, you know, i haven’t really looked at the prices for those, but i’m sure that that very is based on the amount of information, the value of your database, all those kind of things, but i would say that most of the large insurance company i’m looking at the hartford and shove, for instance, they offer what’s called a data breach insurance, uh, which is exactly what we’re talking about here. It’s protection against losses, protection against lawsuits from, uh, problems occurring based on the loss liability, all those kind of things i would say it’s definitely something we’re looking into. And of course, you know, hindsight will always tell you that you should have done it. But, you know, pryce will make that determination for you, okay? We’re not holding you to the standards of oven insurance broker, so you don’t need to know the price, but but important for people to know that it exists and and as you suggested, you know, if you have a bad person, maybe they left on bad terms or maybe they’re still working for you, and they just have some bad intentions no policy is going to prevent them from getting what they want if they’re if they’re industrious enough like and an interesting statistic. Seventy five percent of a raw data fresh and i’m talking well, i guess it could be called hacking, but david left, this use of data happens internally of that seventy five percent, fifty percent of it is from physical, just physically copying the data onto a thumb drive. Or, you know, some other ceo or something like that. So it really, you know, most of what’s gonna happen is really gonna happen within the organization. That’s frightening and this heartening unfortunately true. You’re a former ceo, right? Chief information officer, chief technology officer on the corporate side. What? What more do you want to impart? I haven’t asked you about, uh, lock the doors. That’s that’s probably the biggest and most difficult thing that we had to contend with making sure that the facility is secure. Now those when i was doing that, cloud computing was really not a big issue. So locking the doors, you know, for a crowd environment doesn’t really does it really work? That said, we are still there’s still paper records that your store in provoc hammocks and almost any organization and locking doors were locking the file cabinets or some other way, securing access against the paper records. Still it’s still the right thing to do, and we’ll we’ll avoid some of the day the press that we’re talking about. Yes, excellent. We’ve been talking about digitised data, but there’s still lots of paper records and just simple locks on a file cabinet on blocks on doors, andan that server door that you know that those hallway closet servers that i see where it’s the maintenance you know, it’s it’s above the slop sink that’s crazy frank, that is one one other issue that i’ll talk about and that is what’s called social engineering and has nothing to do with data. Uh, it’s it’s really old fashioned and involved. Usually telephone, but it could be personal approaching face-to-face. Okay, you know, we talked about the three pieces of information that will lead to someone really knowing who you are, right? Uh, first name, date of birth and your zip code. You may not say all those things to the same person at the same time, but social engineering involves people making phone calls into an organization. Talking to different people and pulling different pieces of information from those different people and then assembling those outside so they’re pretty easy to, you know, called secretary and they, you know, i’m trying to get the thie owners birthday gift, you know what? They were on dh, you know, by the way, you know, at another person calls in to another person in the organization and says, you know what? Town today with them mean, now there you go, right there, three piece of information, yes. Wow. That’s okay, those air bad there’s a bad actors, but but but if somebody wants it, they can they can put it together over time. And andi, even if even a small organization, even if there aren’t that many people, if they can call they could do it over time, they can have a have ah, accomplice maybe helping. So one time it’s a man a couple weeks later, it’s a woman asked in different things, your office isn’t going to protect against that exactly. Then we’re not as people, we’re not wired to think, you know, in that kind of devious way to protect ourselves. Okay? All right. All the more. Reason for thinking about this thing about cyber insurance, i think, exactly, exactly all right next week, there’s no live show affiliates. I will have a show for you, but i don’t know which one. Yet more important than that. I hope you enjoy your thanksgiving time for family and friends over a long holiday weekend. Enjoy. If you missed any part of today’s show, find it on tony martignetti dot com. Where in the world else would you go responsive by pursuant online tools for small and midsize non-profits whatever type of work you do to improve our world pursuant dot com, our creative producer is claire miree off. Janice taylor is today’s line producer gavin doll is our am and fm outreach director. Welcome gavin doing an outstanding job. The show’s social media is by diner russell, while susan chavez is on maternity leave she’s having a little baby today. Congratulations, susan. Our music is by scott stein with me next week be with me next week for non-profit radio big non-profit ideas for the other ninety five percent go out and be great. What’s not to love about non-profit radio tony gets the best guests check this out from seth godin this’s the first revolution since tv nineteen fifty and henry ford nineteen twenty it’s the revolution of our lifetime here’s a smart, simple idea from craigslist founder craig newmark yeah insights, orn presentation or anything? People don’t really need the fancy stuff they need something which is simple and fast. When’s the best time to post on facebook facebook’s andrew noise nose at traffic is at an all time hyre on nine a m or eight pm so that’s when you should be posting your most meaningful post here’s aria finger ceo of do something dot or ge young people are not going to be involved in social change if it’s boring and they don’t see the impact of what they’re doing. So you got to make it fun and applicable to these young people look so otherwise a fifteen and sixteen year old they have better things to dio they have xbox, they have tv, they have their cell phones. Amador is the founder of idealised took two or three years for foundation staff to sort of dane toe add an email address card. It was like it was phone. This email thing is fired-up that’s why should i give it away? Charles best founded donors choose dot or ge somehow they’ve gotten in touch kind of off line as it were on dno, two exchanges of brownies and visits and physical gift mark echo is the founder and ceo of eco enterprises. You may be wearing his hoodies and shirts. Tony talked to him. Yeah, you know, i just i’m a big believer that’s not what you make in life. It sze, you know, tell you make people feel this is public radio host majora carter. Innovation is in the power of understanding that you don’t just do it. You put money on a situation expected to hell. You put money in a situation and invested and expected to grow and savvy advice for success from eric sacristan. What separates those who achieve from those who do not is in direct proportion to one’s ability to ask others for help. The smartest experts and leading thinkers air on tony martignetti non-profit radio big non-profit ideas for the other ninety five percent.