Bad things can happen to all that data you store on donors, volunteers, employees, vendors and others. But, there are ways to minimize your risk and protect your nonprofit if a breach occurs. Marc Schein of Marsh & McLennan Agency shares his wisdom.
Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.
Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.
Transcript for 339_tony_martignetti_nonprofit_radio_20170512.mp3
Processed on: 2018-11-11T23:40:51.720Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2017…05…339_tony_martignetti_nonprofit_radio_20170512.mp3.365018991.json
Path to text: transcripts/2017/05/339_tony_martignetti_nonprofit_radio_20170512.txt
Oppcoll hello and welcome to tony martignetti non-profit radio big non-profit ideas for the other ninety five percent. I’m your aptly named host. Oh, i’m glad you’re with me. I’d go into burbage oration if you repeated the idea that you missed today’s show your cyber risk bad things can happen to all that data you store on donors, volunteers, employees, vendors and others, but there are ways to minimize your risk and protect your non-profit if a breach occurs, mark shine of marsh and mclennan agency shares his wisdom and beyond online. Teo i r l maria semple are prospect research contributor, and the prospect finder reminds you that ria life conversations remember those little things i can tell you so muchmore about your potential donors than online research. Plus, she has conferences you need to know about on tony’s take two i’m wagging my finger, responsive by pursuing full service fund-raising data driven and technology enabled, you’ll raise more money pursuant dot com and by we be spelling supercool spelling bee fundraisers. We b e spelling dot com here is mark shine with your cyber risk. I’m very glad to welcome mark shine to the studio he is a risk management consultant with martian mclennan agency and an authority on cyber insurance providing strategies to protect sensitive employee, customer and business information. He’s a c i c a c l c s and are i am to find out that very shortly on dh the company is at mm. A hyphen. Any dot com mark is at em. Shine that’s s c h e i n c i c c l c s mark, welcome to studio. Thank you for having me. My pleasure coming closer to mike so we can hear you even shatter. Okay, um, we won’t talk about cyber. Cyber exposure would share what is define it for us first everybody’s talking about the same thing. Sure. So when we look at a cyber attack, you know certain industries think that it has to do with a nation state coming and hacking and things of that nature which which it does it could be, which it does absolutely. Okay, but there’s other exposures that really come tto tto light as well. Three idea we look att information and the type of information that businesses or not-for-profits have. And it really falls into three silos. Person identifiable. Information. P i at nonpublic names, phone numbers, so security numbers, email addresses, physical addresses, things of that nature. Ok, then when we look at p c i, the payment card industry that’s really looking at the credit cards, how many credit cards do you have on file that kind of that kind of information? And then you take a look at p h i information, which is the health care information, and so we look at it from three different from three different segments on dh for not-for-profits when we take a look at it, typically the way that they’re asking their donors to donate is video website and when they go on to the website. Typically what we’ve seen from our clients is you have to put in your name your address, your email addresses, personal latto personal info, a tremendous amount on, and then they ask you for your credit card information in order to make the donation. So now when we look at not-for-profits several years ago, the cyber exposure didn’t necessarily exist. Now there’s certain first party legal responsibilities in the event of a data breach that these non-profits have to comply with. Ok, ok. And you mentioned a whole bunch of acronyms p c i and c i a, which i’m glad you’ve defined because i’m non-profit radio. We have george in jail and i would hate to put you in there on the outside. Sit on. It reminds me that i forgot to go back and look at your acronyms. So you’ve got a bunch of letters after your name? Yes. Ah, i see. I see what’s the c i c commercial. Certify insurance counselor. Sort of what you even get. Confuse yourself, eh? So many. So many seas after my name that yeah, there are. There are three. Ok? So certify insurance, counselor. And then you’re also a c l c s yes, commercial lines covered specialist commercial lines covered specials. Now you must be especially proud of those because those were in your twitter id. Yes. Okay, but then rim what’s his rimming work. You know, what’s rim. I’m not sure what the rim that you’re referring grimm are i am response. The responsible that rim counts. I sit on the rim. Counsel for the pondimin institute, which is the leading organisation for cyber stats in the country. Cyber stats open among latto department institute looks like pokemon but it’s not a problem on that end. Exactly. Okay on dream is responsible information management correct at the pokemon that the bonem mind the parliament, its ottoman parliament. Sorry. Alright. Thank you. Okay, um all right. So we’ve got your credentials are clear. You got a lot of letters, a lot of professional certifications. All right, um, now i i mean, when we think of cyber breaches, i mean, i think of yahoo and target on dh even the democratic national committee meets off these highly sophisticated organizations, i think, a toast in terms of i t i would think that they are are vulnerable than surely small, a midsize non-profits have vulnerabilities to be concerned about. Sure. So so what you’re saying? And again, we’re not going to comment on any specific client just because of the nature of the business and who we are. But we’ll talk about is the exposure’s they all do face on dh. I mean, if these big organizations are at risk with yahoo five hundred million user i ds and, you know, passwords and things, right? I mean, this is so again when you’re looking at a hacker forgetting who the company is, you take a look at the breaches that are going on there now targeting the vendors of some of these larger entities because they realised that the vendors don’t have the same protocols. They don’t have the same budgets to implement the cybersecurity best practices that some of the fortune one thousand companies that you know you previously mentioned half alright, so sometimes it za something that’s, a contractor’s exactly it’s the low hanging fruit that they’re looking for. All right, so there’s a real easy. They don’t want to work any harder than anybody else does. So if they’re able to get into a smaller entity who has access into another larger entities, well, that could be the treasure so that they were just looking for okay, so that raises a good point if we are outsourcing any database management in terms of the of the type of data that you were talking about those three different categories we need to be sure that the vendors were hiring have have either insurance well, insurance, which would you’re not going to talk about and or on dh really should be end high. High levels of security. Correct. So we gotta make sure our subcontractors are vendors. Basically, you want to make sure that you’re doing your due diligence when it comes to your vendor selection. That’s a very important step on duitz something that businesses are now starting to pick up on something of march that we march my client agencies that we recommend when we’re talking to our clients and you hit the nail on the head. Ok, ok, it doesn’t happen often. So thank you for acknowledging the one of the rare instances. All right, right now, if we happen to be ah, ah, a target or a victim of ah, of a cyber exposure. I’m the first thing that occurs to me is a bad press. Yeah, what else? What? One of the risks are way suffer. I mean, not in terms of the data, but just in terms of costs and things like that. Sure. So so when you look at a data breach and you see what the average cost of a data breach was and, you know, the parliament institute, which were just reference the average cost of a data breach was about seven million dollars. In two thousand sixteen and when we look at it, what is the first party legal responsibilities that the business has or the non-profit has to do in the event of a data breach? First, they have to notify they put in a call to there hyre insurance broker they want put the carrier on notice, let him know that the possibility of a claim might be coming down the pike line. Let them work with the prefer providers that the cyber insurance provides toothy entity, then they’ll work with the data breach coach, which is the attorney who let them know what they’re for with their first party league responsibility’s ours builders that forward on then the notification because you not only have to notify the affected individuals in your non for-profit that were affected. But you also have to notify the estate attorney generals where those individuals reside as well. Okay, all right. We’re gonna unpack some of that. We got to go out for a break. Sharon, we come back, mark and i are going to keep talking about that and some of the other the hard costs of recovery. And then, of course, the ways of ensuring against a loss stay with us, you’re tuned to non-profit radio. Tony martignetti also hosts a podcast for the chronicle of philanthropy. Fund-raising fundamentals is a quick ten minute burst of fund-raising insights, published once a month. Tony’s guests are expert in crowdfunding, mobile giving event fund-raising direct mail and donor cultivation. Really, all the fund-raising issues that make you wonder, am i doing this right? Is there a better way there is? Find the fund-raising fundamentals archive it. Tony martignetti dot com that’s marketmesuite n e t t i remember there’s, a g before the end, thousands of listeners have subscribed on itunes. You can also learn maura, the chronicle website, philanthropy dot com fund-raising fundamentals the better way. Welcome back to big non-profit ideas for the other ninety five percent. We’re talking about cyber exposure, cyber breaches and what can happen if you and your constituents are our victim with marke shine, risk management consultant with marshall mclennan agency. Okay, mark, um, before the right before the break, we return about notification. Yes. All right, you gotta let the individual’s no. Yes. And the angels that were affected, that information could be compromised. Attorney general, you mentioned so when the state where the individuals reside, you have to also notify that a state attorney general all those states exactly could be notifying fifty. Well, forty general, forty seven different states have forty seven different state breach notification laws, which make it so complicated in the event of a major breach where you have donors, you know, across multiple different sametz one of the three states where they don’t care about their residents breach of data where those three states, when the close call in after we’ll play the game and we’ll let them call in and figure out if they could guess that. Oh, way. Don’t have way don’t have life callers. Okay, you got to reveal it. Shocking. What are the three? Sure, so, it’s. Some of the provinces province’s, yes way, have forty seven different states that have it it’s. I put you on the spot. Hey, gip. No, no it’s, not a problem. Okay, i get it. I’ll get back to way. We got about fifteen or eighteen more minutes. Ok? That’s right. Just seems to me like those states aren’t protecting. Their citizens are thin this narrow respect. Okay, um, attorneys general, individuals, of course. And you mentioned carrier if you have. Ah, if you have to have a cyber insurance carrier, they have obviously no. Also, exactly. Because the cyber insurance pays for these exposed the first party legal responsibilities the notification that we just went over then the forensic cost. You need to figure out how the breach happened. What did they take? When did it stop? Did you fix the issue now? Carries will pay for the forensic investigation. You also have to provide credit monitoring for the affected individuals. Roughly about twenty dollars per an up individual to provide credit money. Let me ask you about that part. The credit monitoring that i’ve seen the breaches that i’ve been notified about. It’s so it’s. Always been a year. A year of credit monitoring could be too it’s. Okay, i guess i haven’t been lucky. I’ve always been one, so now is that? Is that really valuable? Because i’ve read that this data is actually valuable three or four years later, after it’s been sold and those of us who are the victims have for gotten about the breach, so we’d like we can’t identify where it came from because it’s like two, three, four years later and the credit monitoring is long expired, then sure is that is that true? I mean, is the data more valuable to up to a bad guy? A few years after the breach? Typically the data when it’s out in the market, it’s its most valuable when it first comes out first, comes out when he first comes out. Precisely. You know you look at you. Look at a credit card. You know my credit card has been compromised before. Where there’s been fraudulent charges the next day, my credit card provider sends me a new credit card. Right? Ok. Ok. Credit card. I could see that. But what if it’s ah, date of birth. The address, you know, maybe maybe it’s password to for ah site. I mean, does that? It doesn’t have residual value, you know. Like, years later? Sure as well, you always want to make sure that you have it for when you’re when a company is goingto offer credit monitoring in the event of a data breach, you always want to make sure the year taking the full limits of whatever they’re giving, whether it’s a year or two can information be used. Five, six, seven, ten years down the road. Yeah, absolutely. But if the entity is going to be able to provide you with two years of credit monitoring it’s better than running around without after your information was just out there compromised. Okay? And i guess in terms of the credit card example and that it would cover you that way, but usually goes get a zoo. Said it was get canceled immediately. All right. Um all right. So we’re going to get to the insurance, you know, like the details of insurance. Um, so does that. Does that cover? Like what? That cover everything that the organization should do if they do suffer a breach each. These these notifications. Anything else? So? So they provide the notifications. They deal with the data breach, coach. They could do a forensic. Investigation. You know, some entities will be responsible for pc i fines or penalties or re issuing debit cards or credit cards. The’s a role different coverages that khun b now implemented within a privacy. A network security policy within insurance when we look at most other insurance policies, whether it’s, worker’s, comp, general liability, ah, professional and, you know, exposure, whatever it may be it’s all based off of an isil form and with the ghisolf whoa jargon job. Okay, s o form. Yes, what’s s oh. So i suppose the insurance services organization on dh what they are is they basically provide a vanilla form or vanilla suggestion and each carriers than able to change it a little bit and that’s what they have done to help develop property liability auto so on and so forth, when we look at cyber, there is no isil form, so one carrier can be all the way on one side of the room offering terms and conditions. Another carrier can be all the way on the other side and the prices and the terms khun b wildly different. And the coverage is okay, okay, we’re still going to get to that. More detail. I want to flush out a little something that you mentioned now. Twice. The data breach. Coach? Yes. What is his or her job? Who is that? Sure. So typically, what happens is each insurer will have ah, panel counsel or they’ll let you select your data breach, coach. And they will walk you through what your liabilities are, who to speak to who, not to speak to what you should be saying. What? Just not what? Your first party legal responsibilities are there going to be your end? All be all guide. Okay? On dh, they come from the carrier. Typically us okay? Or recommended by the carriers, like, typically comes from a panel counsel that the carriers have already selected. Ok, ok. Um all right. So why don’t we get into a little bit of detail about, um, different types of policies now, there’s there’s to protect yourself? Particular organization? No, that i know. There’s. Cyber insurance and there’s cyber liability. These two different categories of coverage. What? We’re all interchangeable. Okay, so same thing. Really? Okay. Privacy in network security is the technical term cyber insurance or cyber liabilities? The street name, if you will. Ok, i’m a street guy. We’re going to be okay, so what what what are we looking for? If where if we want to be out in the cyber insurance policy marketplace, what features should we be looking for? Well, you think it really depends on, you know, the entity and what their concerns are, because you want to make sure that this coverage specifically is highly customized for the specific business, so one of your not-for-profits that might have five hundred employees might have a dramatically different exposure than a company who has fifty employees out in north dakota, so we need to again figure out what their true exposures are. So we work with a client like we do on a daily basis, talk to them, figure out what their risk tolerance is, because cyber insurance, although it’s a technical challenge, the risks still is transferred to an insurance carrier or it’s held within to ah, an anti itself now are their policies that are for small organizations like suppose an organization has just eight or ten employees, maybe they have fifteen hundred donors, two thousand donors, they have some credit card info that they’re saving, which i guess we’re talking about whether they really need to save it. Or just transact with it, but they’ve got they’ve got that they’ve got some personal information because they like to send paper mail as well, and they’ve got is email addresses. Is there coverage for, ah, smaller organization like that? Absolutely they i mean, you could get privacy in network security first, a company smaller than that. Ok, eso eso absolutely size is not an issue when it come comes to obtaining this type of coverage. Okay, um, i don’t suppose it’s possible tow the premiums could are gonna vary wildly depending on what the what the risk precise exposure is like. So you can’t really ask, no point really, and asking what? Like what a premium thing would look like. All right, i don’t think, you know, i mean, you hit the nail on the head. It varies dramatically between the amount of records that you have, the type of information that you’re collecting the way that you’re storing the information, all of those play factors. And when trying to quantify what the premiums would be a first, i relied bilich policy, i have no one had twice, twice in one interview. It’s don’t get that’s a record, thank you now should i should’ve vendor of of these kinds of policies be able to help you determine whether you’re saving info that you don’t need to save and, you know, going to the point that you just mentioned if you are with the info that you are safe, so are you savings stuff you don’t need to do and what you are saving. Are you saving it in the right way under security under the right security? Is that is that part of this or that something separate? No, no, it’s absolutely. We want to make sure that we understand the culture of the business, and we want to make sure that they take cyber security to the highest regard in two thousand seventeen. This is one of the crown jewels, the intangible information that a business has on their donors, their clients, etcetera s o typically, what we like to recommend is some type of vulnerability and penetration testing an ongoing test that will say where where you guys are from a security standpoint right now, what the culture looks like, which changed? Andi in-kind gives you a snapshot in time of where we currently stand. Oh, this sounds like a very sophisticated vulnerability and penetration testing. Correct? Excuse me. Who does the who runs a test like that? I mean that something has been sighted. Offers cybersecurity firms, firms. Okay, it doesn’t have to engage a firm. Exactly. Go on, attack your precisely your size or your social media ate your internal networks, your servers, that nature. Exactly. Okay. Um, all right, what else? What else should we be thinking about? Is we’re going out into the marketplace? E think it’s, even before you go out to the market place that’s really, what your listeners need to think about is the proactive steps that they could do in order to make themselves a better risk. So when they’re out in the marketplace, a carrier wants to give them more favorable terms. So doing things like creating an incident response plan that basically says who’s in charge of what information who’s going to be notifying who in the event of a data breach which information was classified? Where, who had access to what? All of those different types of questions you want to make sure that you have that document in hand? It’s kind of like a fire. Drill back when you’re in elementary school, you want to make sure when the fire happens, you knew exactly where to meet the teacher the you know, the corner of the road, it’s the same thing when a data breach happened, you want to know exactly who is going to be dealing with the vendors and who had access to the information. The time to figure this out is before breach not after you in a crisis, their precise that’s the third time in the interview here, here, if they knew this guy’s coming back. Oh, my god. Okay, yeah, you’re in crisis and yeah, all right, what else? Things. These are things that you mentioned underwriter. So these are things you can do that will bring your policy, your premium down, you’ll look more favorable to an insurer. You will be a more favorable real scared. The more that you put involving your in growing efforts on cybersecurity, the more better off that a business is going to be going forward. Okay, don’t see intangible property going away any time soon. More people more aunties or collecting mohr information in two thousand seventeen than ever before. There’s a trend? That’s not going away. So we advise our clients to be proactive rather than reactive when that’s what we work with them on what else besides the incident response plan, could we could we be doing proactively? Sure what you want to engage with attorney to again draw the instant response plan? You will make sure you doing your vulnerability and penetration test. That’s what? I want to deal with your cyber insurance broker to make sure that things on the applications or actually being done and you’re not making a material misrepresentation when filling out an application. So if you spat that’s bad, absolute if you’re claiming claiming you have a plan or you’ve done vulnerability testing or something, and then then there’s a claim, and it turns out that you haven’t. Yeah, yeah, that could be trouble. Precisely. We don’t want to line an application. We make sure that our clients are truthful on. We work with them to find the best carrier for their certain circumstances. Okay? Okay. Anything else we can do proactively before we’re in crisis mode or, you know, we just maybe it’s part of our strategic plan. We’re planning for this. What if? There’s one thing that i can recommend to the management of the not-for-profits that listen to this organ, this radio station, you want to make sure that your training, your employees, the employees error factor can be the difference between a data breach in a non data breach if they know to what to look for in terms of a phishing attack on that can lead to some type of rain somewhere. These rural types of methods now that entities are individuals are using to try and breach a company, so we want to make sure that we train our employees thoroughly. What to look out for what to click on what not to click on that’s one of the biggest things that i would recommend when i go out and i do my talks, his employee training because employees era unfortunately causes a tremendous amount of breaches. Ok? Yeah, we’ve been thinking about the bad actors coming in, but you can keep them from coming in precise don’t click on the attachment there sametz expecting or doesn’t look familiar to you. Yeah, and on the same point of the employee training, what happens when the employees sent an e mail to jane doe and i’m supposed to go to john doe. And now all of that census information or the credit cards from your donors are now out there in the public. Well, now you have a data breach. So again, making sure the right protocols are in place. So an email doesn’t get sent. Teo, you know john dahna supposed to go to change original employee training. I can’t stress it. Enough is one of the biggest thing. I get your passion here. I feel it it’s it’s palpable in the studio. What else can we be training on them? This because this is valuable for people who even may not be. Then there may not be in the insurance marketplace or they may not be out looking. But but there are things that they can do to help protect themselves. Or what else can we include in employee training around this? Sure. You wanna make sure the policies and procedures in place classifications, policies things of that nature. Pacification of the information. What information was segmented? Was all of your information on your server? Was the secretary ableto access the same information? Is the ceo yes, levels? Right. So levels of employee access exactly. People classification. Okay, okay. You find that in database precise programs are apt aps typically, you know, somebody’s a super user. Only certain people can see social security numbers. Percent have access to things like that. And you want to make sure again the ceo is able to see certain information that perhaps the you know, the rank and file doesn’t necessarily need to see. Okay, so if there’s information out there that is highly sensitive and employees don’t need to see it there’s no actual there’s. No reason to give them access to it. Right? You have a business need exactly exactly, exactly so, it’s, just again. Doing your due diligence ahead of time rather than post. Ok. Anything else? Try employee training. This is gold. This is charlie’s gold for listeners. So what else can what else could be, including employee training again, i think we hit on a bunch of the major. But this way, you know, if you like one of your guests, i could put you in touch with a good friend of mine who does some of the training. And they could go into more detail. But my really okay experiences qualifying. Quantifying what a breach could come or cost and not for profit. And how come the bottom line of their piano? Right. Okay. Okay. Uh, now we still have some more time left. Eso let’s. Okay, like two or three minutes left to share. What happened? I asked you that you want to talk about i think the trends of the way that the breach has been happening. We’re seeing now certain thie carriers are now changing the policies because of the way that the attacks are happening. You know, what’s happened things like social engineering, social deception, that’s now you can now get incorporated into the cyber liability policies. What is this social engineering, social deception with so have you have you have you heard about the types of emails that are coming to the c suites? Were the rank and file from the c suite saying, can you make a payment to x y z company? We’re looking to acquire somebody, right? We call it voluntary parting of funds and this is now the need for a holistic point of view from a risk management standpoint when looking at a cyber exposure because this is a part where the crime policy and the cyber policy can interline to try and provide coverage so it may not just be crime may not should be cyber, but if yu of the overlap of the two, that might be the best form. So we want to make sure that we truly again understand the client specific needs. Because what we talked about today was all generalizations way need to understand their actual risk profile that you mentioned a crime policy. Now, this is something we haven’t talked about. This is something unrelated, right? Precisely. Coverage against crimes against the organization. Different types of crimes. Could be. You know, for this, the voluntary parting of funds, if somebody’s willing to transfer monies if sounds so innocuous. Voluntary parting of funds that sounds like i write my niece a check. That’s a voluntary parting of fund. I gave her fifty dollars for a birthday. It was young that’s. Why? Fifty dollars is enough. Don’t you think, uncle, you wanted to give you you needs to fifty dollars. Typically when these air going on this is ah, bad actor that it tricked and employees to release the funds like your example? Okay. Precise. Alright, thank you very much. We’re going to be there. Absolutely. Thanks for having me. Thank you for being in the studio. Mark shine. You’ll find him at m a c h e i n and then his credentials c i c c l c s thank you very much again, mark. Thanks don’t appreciate the very timely discussion we had because just today ah, sixteen health facilities in britain were breached. People couldn’t reach their own data. Medical facilities couldn’t reach patient data. Patients had to be diverted. So that’s, just today’s headline we got maria simple coming up with beyond online to hell first. Pursuant, they’ve got a new paper it’s free. Of course. Lots of free content from pursuant breakthrough fund-raising achieved the impossible with a new way of thinking. What is brick troop? What does break through thinking? And can you say it? And how do you get it? To help? Ah, use it to help you overcome your organization’s challenges like speaking and moving lips and tongue in move in precise ways that will actually form syllables which turn into words and sentences. How do you do that? Breakthrough thinking of course. How do you set a breakthrough outcome? How do you make sure that that outcome is going to reach far enough and achieve something that seems out of reach to you? But is not all right identifying actionable strategies to create a culture of breakthrough that’s, what’s all in this paper? Learn breakthrough fund-raising you can learn it, go to pursuing dot com click resource is than content papers. I hope you have more success reading it. Then i did talking about it. We’ll be spelling. Do you need to raise more money? One engage millennials, perhaps host of fund-raising spelling bee it’s a night out at a local place that’s devoted to raising money for your non-profit check out their video at we b e spelling dot com, and they get in touch with ceo alex greer. Very nice guy, stupid, stupendous guy, he’s an amazing guy. I love this guy, alex career ceo on duh you’ll find out more he’ll fill you in now. Time for tony’s take two. Are you properly registered in each state where you solicit donations? I’m wagging my finger at you if you are a northern louisiana charity, perhaps and you’re sending email to southern arkansas needs a register in both states if you’re in eastern oregon non-profit and you’re hosting an event in western idaho, you need to register in both wherever you are. If you mail solicitation pieces to retirees in florida, you need to register down there. Don’t get caught with your shorts down, please. That reminds me i wrote that. But then this reminds me of ah, this company truck that i saw once said ganz or electric, let us check your shorts. I love that. Ah that’s another that reminds me of another one. Um, it was roofing fiedler roofing it’s only done right if there’s a fiedler on the roof. I love those. I don’t know if ganz or electric and fiedler roofing. They’re out there somewhere. Okay. Charity registration back to that. I can help you. If you want help, i can help you do it. The video explaining what you got to do and what this is all about is that tony martignetti dot com. And that is tony’s. Take two. You probably very much looking forward to maria semple because i’ve i don’t know. It’s it’s, philo rough today. So let’s zoho maria semple to do a lot of talking and ill will just have sam bring my mike down. She’s the prospect finder she’s, a trainer and speaker on prospect research. Her latest book is magnify your business tips, tools and strategies for growing your business or your non-profit she’s our doi and of dirt cheap and free she’s at the prospect finder dot com and at maria simple. Welcome back, maria. Thanks for having me, it’s. Great to be here. And you’re in the studio today. Absolutely. That’s that’s, always special in the studio share is it’s not a great day to be in the studio with me, even though the first part was pre recorded. I don’t know how you can help me change the trajectory. There you go of my performance. Yeah, don’t don’t take your mic down because then it’s no fun. Okay, well, that’s ah, today that’s a debatable question. Typically, i would agree with you. All right, so we’re talking about going on beyond online and this is actually a topic that i think brought you and i together in early days, back when i used to write blawg posts actually write words i wrote something. On the value of going not only is researching online, but the value of actually talking to your potential donors, and i’m pretty sure you commented on it. Yeah, probably, yeah, there was one of the only things yes together. Yeah, yeah. So, you know, so many times when you think about prospect research and even on the shows that we’ve had, we’ve really focused a lot on the online stuff, you know, the technology and, you know, how can we get information? But, you know, we we haven’t spent a lot of time talking about, well, what are some of those offline strategies, those people, two people strategies that you can use to elicit cem, great information. And, you know, sometimes when i’m sitting there typing up profiles on individuals, there are things that i just, i guess, out of curiosity really want to know about that person, you know, i want to know more about what makes them tick and, you know, the strength of their marriage, strange from their kids, like those kind of questions, maybe no, but we have to get along with her parents just really what, what, what their interests are what are they? Really doing in the non-profits more conventional. Yeah, yeah. How are they spending? You know, even how, but but maybe even how are they spending there? Ah, they’re free time. Like how do they spend it? Are they volunteering? Are they? You know, vacationing? Are they advocating? You know, what are they doing so very often? I wish i could, you know, call up that person that i’m researching and say, hey, i got a couple of holes missing here in this profile and a love to ask you a few questions, and i have thought and going back to that blood posted i wrote years ago, you know, talking to the person and there’s other people who could talk to do we’re going to we’re going to talk about that, but talking to the person i’ve always thought is just a great source of information just ask open ended questions, right? And you find out about not only about their interests within the organization, but they’re family circumstances where they like to vacation, you know? I mean, who they who their friends are that might be affiliated with the organization that they might be willing to bring in and you know, you just you find out so much if you would just, uh yeah, talk to people. Absolutely, absolutely. So, you know, if if you know, if you’re doing the prospect research for the organization, i’m going to give you some some questions to think about. But also, you might think about ceding your your your development staff, your executive director and you’re bored with some of these questions that they might just curious, you know, in their conversations with people they might be ableto ask so that you can fill in maybe some some holes that you might have on the donor profile that you might be, you know, compiling on this person or just, you know, at some point filling in night now you and i have talked about boards being valuable for prospect research and occasionally or you think you advocate even regularly making part of boardmember or period board meetings or periodically list of prospects? Yes, a swell as institutional funders, funders and people thes air these these are the people in the organizations that are on our screen right now. Yeah. How can you help us with any of these? Right? Right. So it could be it could be through that process that you could elicit the information another way you could potentially do this is, you know, tony, you’ve, you’ve probably heard this phrase where if you want to get money, ask people for their opinion, has them for their opinion and they’ll give you money. So if you can figure out a way, tio, engage people either through a formal feasibility study or bring together some sort of small focus groups where you’re really getting people engaged and asking them questions and making sure that they understand there’s, there’s, there’s nothing behind this, we’re not you’re not being brought in the room to to solicit you in any way. We just really want your opinion, and i think that people start to feel more engaged and and committed to an organization once they understand that. Oh, you know that they want to know what i think about this organization and how to move it forward into the future. So, you know, i you know, kind of came up with my top ten questions that i thought i would love to ask, okay? Okay, we’ll get to those, um we’re going to get there. Um, so we mentioned the board as a good source. Focusedbuyer oops, sorry, focus group staff, you’re you’re you’re might be development staff, but not necessarily could be staff that’s interacting with people in a different in a different way besides fund-raising that’s, right? That’s, right? So maybe it is staff that’s involved with really just ah, organizing your volunteers so you might have a volunteer engagement person on staff that really just that focuses on your special events? Ah, you’re runs your walks, things like that s so they could be sort of armed with this set of questions as well, so they could just happy just be kind of on their radar and be always looking to collect this type of data because the type of data that we’re about to talk about a lot of times, you just can’t even find it on you. Yeah, and ah, and i think it goes to really good development work to be able to source that data and fill in some of those holes and missing piece puzzle pieces, so dismayed now this raises the question of social media, so when you’re researching prospects, do you go to their social media accounts to see what what might be public like if a lot of their facebook posts are public now, some people keep them private, but or only to their friends. But do you do you look at social media? Tio try to fill in hold while i tell you what i actually do? Because one of the things that i do, of course, is i google somebody’s name. So when i do that and on page one of google search results very often will be their social media accounts, they’re linked in their facebook instagram, right? So even even you think okay, well, it’s an instagram account it’s all photos. What am i going to gain from that? But you can really gain a lot of information avectra their second home? Yeah, their boat, their plane? Yeah, i mean, our just, you know, maybe maybe there really into birding, for example. So they’ve got, you know, a lot of pictures around that and you think ok, well, gee were an environmental organization. We didn’t realise they had this particular interest within our scope. Eso you, khun really? Maybe even learn a lot, you know? They say a picture’s worth a thousand words, right before you just filled with the old the old saying, zoho yes, yes, i’ve heard that you have heard that, you know, so you know for sure on dh, then then let’s not forget some of the some of these platforms that also allow for video, so my goodness, when they then not only have photos up there, but then they’re involving video as well. So if it’s if it’s public right? Um and, you know, that’s not somehow password protected or privacy protected, then it’s in the public domain, you’re not going in friending all these prospect? No, no, no, no, to try to sneak in, no, no, and become their friends absolutely know you’re going? No, no, absolutely not. But i will say one thing about the linked in if you’re doing the research there. Ah, there is a way to set your your privacy settings in such a way that you will like if i’m researching you, tony, or if i’m just looking at your linked in profile, i go in as anonymous an anonymous user, so you won’t know that i was looking at your profile really, however, give up the ability to see who’s been looking at mine. Oh, well, i wouldn’t care about that. How do we set that? So you go into the privacy settings, and, um, and one of the options is, you know how you want to appear to others. When you are looking at their profiles, they’re three settings there’s one that’s, fully transparent. So your your your picture will be there. Your name will be there, and your headline will be there. Right? That’s the setting that allows you to also then see who’s been looking at your profile. If you choose that setting, then there’s two private settings. One is semi private, so i could come across as just somebody who’s in the management consulting industry in the greater new york city area. Or i could be anonymous. Okay, so those air, the two private and semi private said they’re either naked, topless for that’s. Fully clue, fully clothed. Okay, um, all right. And that’s. Very interesting. I mean, i would i could care less. Who looks looks at mine. I get those e mails. I know it is an option. I can turn off, but i just haven’t. But, you know, whatever. Twelve fourteen people looked at your your your profile this because i don’t care and okay, but so now so if i turn around but you could turn it on and off you can’t you don’t want to you want to be if you want to be naked sometimes and fully exposed could do that if you want to put your clothes on top and bottom tops and bottoms like jammies like foot season, everything right on the twenty years and everything, you know and hoody you could do that to write. Okay, you go back for all right? This is all online. And what i promised was we’re going to go beyond online in real life. But this is all valuable. So we do whatever the hell i want the okay, um, he’s going rogue it’s my show now, it’s not rogue. It sze mainstream sametz dream it’s twenty martignetti non-profit radio. All right, now you have questions that are good for in real life. Real life questions. So let’s, talk about some of those for aa for a couple minutes before we take a break. So what kind of things should we be putting out into? Our among? Our people, because it is not just for us to be asking, but all the people that we just think about a few minutes ago, and also these would work really well in, like i said, a focus group or or a feasibility study type of the situation. So question number one, what do you feel are the most pressing challenges for our community? And i often can’t find that type of information, right? So you’re now you’re getting into the mind of that individual and you’re getting them to talk about what are the challenges that you see, not only with regard to the service types of services that we provide, but in our community? What are the challenges that you see? And then, you know, hopefully from their conversation will will happen around, you know, how does does this particular non-profit even address any of those challenges? And it may not be appropriate that in fact, that’s your next suggestion? What role do you see? Non-profits playing resolving the issues, right? That that are pressing for you, actually, that you feel, you know, i like this, you know? What do you feel? Because you’re asking the person what’s their opinion where their feelings about write something good, open ended questions. Yeah, yeah, yeah. You definitely want to make sure that they are open ended and not just yes or no questions, right? Because what you’re looking to do here is really just listen, um, and and i think that, you know, this is something that i think especially those of us in the northeast. We’re so used to talk, talk, talk, talk that we have that we have trouble just listening. I don’t know you may have that trouble. I don’t feel i have that trouble. Well, you know, you’re already transitioning to the south so well, slowly but that’s like degree of sarcasm. Okay. So, you know, how do you see us fitting into it? Yeah. How do you see are not fitting into this into addressing this particular in need. You know what? How can we help address this need in our community, in the community? Is it appropriate for us to be addressing this need within our community? All right. Do you feel like this should be? It should be a priority for us. Yeah, it is. Or it isn’t. And some of these i think are things that i mean? I hope that fundraisers, frontline fundraisers have in mind, and they are asking people, you know, a taste. These last couple that we talked about, you know, what are we doing right? How do we, how do you think we fit in? How do you feel about the work that we do have to fit into the community? You know, what else should we be hitting on that we’re not things like that, all right, we got to go take our car break. When we come back, we got live, listen, love, et cetera, et cetera, stay with us. Like what you’re hearing a non-profit radio tony’s got more on youtube, you’ll find clips from stand up comedy tv spots and exclusive interviews catch guests like seth gordon. Craig newmark, the founder of craigslist marquis of eco enterprises, charles best from donors choose dot org’s aria finger, do something that or neo-sage levine from new york universities heimans center on philantech tony tweets to he finds the best content from the most knowledgeable, interesting people in and around non-profits to share on his stream. If you have valuable info, he wants to re tweet you during the show. You can join the conversation on twitter using hashtag non-profit radio twitter is an easy way to reach tony he’s at tony martignetti narasimhan t i g e n e t t i remember there’s a g before the end he hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a short monthly show devoted to getting over your fund-raising hartals just like non-profit radio, toni talks to leading thinkers, experts and cool people with great ideas. As one fan said, tony picks their brains and i don’t have to leave my office fund-raising fundamentals was recently dubbed the most helpful non-profit podcast you have ever heard. You can also join the conversation on facebook, where you can ask questions before or after the show. The guests were there, too. Get insider show alerts by email, tony tells you who’s on each week and always includes link so that you can contact guess directly. To sign up, visit the facebook page for tony martignetti dot com. I’m chuck longfield of blackbaud. And you’re listening to tony martignetti non-profit radio. Big non-profit ideas for the other ninety five percent. We have got live listeners all over the country, it’s amazing, but we’re booming today from new bern, north carolina. Bradenton, florida, and tampa, florida. Basically, we’ve got all this is that this is a first for non-profit radio for sure, we’ve got all five boroughs of the city checked in bayside and rochdale in queens, bronx. Cancel your neighborhood, brooklyn can’t see your neighborhood. Manhattan and staten island got all five boroughs checked in live listener love throughout the city of new york throughout the five boroughs. Also blair’s town new jersey used to go to boy scout camp in blair’s town no, be bosco stood for north bergen boy scouts no be bosco bladders in blair’s town and that’s, where they filmed friday the thirteenth one of kevin bacon’s early movies flight friday, the thirteenth films at that boy scout camp in blast down new jersey live listener love to you blessed town also woodbridge new jerseys with us i’m nowhere altum pandu jersey is where my mother and father are they did not check in they’re checking out there so i don’t know but they’re not checked in we got all way all the way west coast. Can’t washington live? Listen, love out to the upper northwest? Um, i think that’s, everybody so far in the us of a how about germany, multiple cities in germany? Guten tag, spain. I can’t see your city, i’m sorry, but spain, buenos di days. I’ve got a newcomer. Ah, the area of the stars of by john the town is tub breeze and that’s, iran welcome, iran live with their love to you in iran, give us a high five from iran. On the heels of the live listen, love, of course, comes the podcast pleasantries, maria samples getting close to her, mike thinking that’s her time to talk again. But it’s? Not quite because we’ve got to do the podcast pleasantries, she’s trying to cut you off podcast listeners. She doesn’t want me to do it, but her restraints are are ill are feeble against my will to do podcast pleasantries to the over twenty, twelve thousand listeners, whenever you are whatever device i am so glad you’re with us pleasantries to you and the affiliate affections to our am and fm listeners throughout the country. So glad that you are with us as well affections to you on those analog devices glad you’re with us. Ok, marie simple. Now it’s back your turn. You can sit up straight again. Maria sample. You’ll find her at the prospect finder dot com and she’s at maria simple. Um, yeah. So more questions we got. We got some more questions that we’d like to be asking. Yeah, absolutely, absolutely. So these next two questions are very inter related, and they may be difficult for you to ask directly to someone it might work. Better in mohr of aa group situation, and i think it would work really well if you had, i’m going to say, ah, third party may be a consultant or other volunteers, perhaps asking this question, so the questions are, what are we doing right? And what can we improve? Because i think you’re going to learn a lot about how your organization is serving the community. And maybe there is some gaps that that that these potential donors feel thatyou’re not filling but should be filling eso it sounds particularly student to a focus group, right? Or a feasibility study, a consultant asking feasibility study questions of individuals or couples one on one yeah, yeah, absolutely, absolutely. And this next question really has to do more with your communications and how you’re communicating with people and, you know, you know, are we transparent and communicating effectively regarding our programs and achievements? S o you know, i think that fund-raising and communications marketing, pr, whatever you want to call it are they cannot live in silos, they absolutely are interrelated when one one part of that is not going well, it’s going to impact thie other side and vice versa. So i think it is important to have an understanding of, you know, are you over communicating under communicating, you know, sometimes donors feel like, you know, g the only time we ever hear from this organization is when they’re asking for money that’s always about right, right? So, you know, are you adequately communicate? And also, how would you like to be communicated with right? Do you prefer email, paper, mail, phone twitter, you know, how would you like us to be talking to you, right, exactly what channel? So yeah and thiss next question i really like because now we’re going to start to understand, will these people be willing to make a major number seven minutes if you like this one? Where was this number seven? Well, no, i mean, because now we’re getting into more of a major gift flow of questions arc to the right, right? We’re approaching danamon right there, and then we’re going on that we’re goingto leave xena, ok, exactly. Bonem so have you ever made a multi year commitment to a non profit organization? And would you ever consider doing so? So not necessarily to your non-profit to a nonprofit organization ok, you need to go through the next couple quickly. Okay, great. We have a few minutes left and we got to talk about conferences. Okay. Great. Read them off. All right. So how many non-profits do you typically support in a given year? Do you give more to an organization when you are involved in its leadership? Would you like to be a boardmember? Etcetera? Volunteermatch ok. And who else should we be talking to? Excellent. Right? Because you you who have your in your network and you bring to us, right? Who in your circle of influence should we be talking? Teo? All right. Excellent. In real life, go there. Don’t ignore the in real life. It’s it’s it’s part of you being a human being. It’s not all digital. Okay, let’s, go to conferences. If you want to meet in real life, we have a nap. Unconference association of professional researchers in advancement, right? Where’s that that’s, right? So they’re big annual conference it’s their thirtieth actually is happening in anaheim, california. This year on july twenty sixth through the twenty nine, you’re going to be there? I am not. No, i’m not. I’m not going to. Be attending it this year, but i do want to make sure that everybody is, you know, he’s aware that it’s there in case they want to get some extra education and this information as well as a lot of this other stuff i’m going to bring up now is all available on apple. His website, which is a p r a home dot org’s. So that’s apra home dot order s so that’s, the big, the big international conference. A bunch of statewide stuff just passed in in april, but a couple of other upcoming things that i did want to bring to your attention. So if you are members of the florida chapter of apra, they’ve gotta state conference coming up june eighth through the ninth, we’ve got anapa overdrive one day conference coming up in seattle, washington may twenty fifth, there’s a couple of webinars coming up a free one on june fifteenth. Ah, getting the most out of wealth screening and they’ve got one that they’re running in conjunction with a f p called you khun do it research at your finger tips and that’s going to be on august twenty third i don’t know about all these is available on apple home dot org’s. Yes, yes, it iss that’s. That’s exactly where i got it from. Okay, very good. We gotta leave it there. She’s a prospect. Find her again at maria simple and at the prospect finder. Dotcom. Thank you, sir, for being in the studio. I was so glad to be here too. Two force cracked like a fourteen year old is unbelievable. Next week, health care funding options and jean takagi is back. If you missed any part of today’s show, i beseech you, find it on tony martignetti dot com. We’re sponsored by pursuant online tools for small and midsize non-profits data driven and technology enabled and by we be spelling supercool spelling bee fundraisers we b e spelling dot com our creative producers claire meyerhoff. Sam liebowitz is the line producer. Betty mcardle is our am and fm outreach director shows social media is by susan chavez. And this cool music is by scott stein you with me next week for non-profit radio big non-profit ideas for the other ninety five percent. Hopefully i’ll be more articulate, go out and be great. What’s not to love about non-profit radio tony gets the best guests check this out from seth godin this’s the first revolution since tv nineteen fifty and henry ford nineteen twenty it’s the revolution of our lifetime here’s a smart, simple idea from craigslist founder craig newmark insights orn presentation or anything? People don’t really need the fancy stuff they need something which is simple and fast. When’s the best time to post on facebook facebook’s andrew noise nose at traffic is at an all time hyre on nine a, m or eight pm so that’s, when you should be posting your most meaningful post here’s aria finger ceo of do something dot or ge young people are not going to be involved in social change if it’s boring and they don’t see the impact of what they’re doing. So you got to make it fun and applicable to these young people look so otherwise a fifteen and sixteen year old they have better things to do if they have xbox, they have tv, they have their cell phone. Amador is the founder of idealised took two or three years for foundation staff sort of dane toe add an email. Address their card. It was like it was phone. This email thing is fired-up that’s why should i give it away? Charles best founded donors choose dot or ge somehow they’ve gotten in touch kind of off line as it were on dno, two exchanges of brownies and visits and physical gift mark echo is the founder and ceo of eco enterprises. You may be wearing his hoodies and shirts. Tony talked to him. Yeah, you know, i just i’m a big believer that’s not what you make in life. It sze, you know, tell you make people feel this is public radio host majora carter. Innovation is in the power of understanding that you don’t just do it. You put money on a situation expected to hell. You put money in a situation and invested and expect it to grow and savvy advice for success from eric sabiston. What separates those who achieve from those who do not is in direct proportion to one’s ability to ask others for help. The smartest experts and leading thinkers air on tony martignetti non-profit radio big non-profit ideas for the other ninety five percent.