Tag Archives: safeguard donor data

Nonprofit Radio for May 12, 2017: Your Cyber Risk & Beyond Online To IRL

I love our sponsors!

Do you want to find more prospects & raise more money? Pursuant is a full-service fundraising agency, leveraging data & technology.

It’s not your 7th grade spelling bee! We Bee Spelling produces charity fundraiser spelling bees with stand-up comedy, live music & dance. It’s all in the video!

Get Nonprofit Radio insider alerts!

Listen Live or Archive:

 

My Guests:

Marc Schein: Your Cyber Risk

Bad things can happen to all that data you store on donors, volunteers, employees, vendors and others. But, there are ways to minimize your risk and protect your nonprofit if a breach occurs. Marc Schein of Marsh & McLennan Agency shares his wisdom.

 

 

Maria Semple: Beyond Online To IRL

Maria Semple

Maria Semple, our prospect research contributor and The Prospect Finder, reminds you that real-life conversations (remember those?) can tell you so much more about your potential donors than online research. Book those meetings!

 


Top Trends. Sound Advice. Lively Conversation.

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.

Get Nonprofit Radio insider alerts!

Sponsored by:

Vertical_Color
View Full Transcript

Transcript for 339_tony_martignetti_nonprofit_radio_20170512.mp3

Processed on: 2018-11-11T23:40:51.720Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2017…05…339_tony_martignetti_nonprofit_radio_20170512.mp3.365018991.json
Path to text: transcripts/2017/05/339_tony_martignetti_nonprofit_radio_20170512.txt

Oppcoll hello and welcome to tony martignetti non-profit radio big non-profit ideas for the other ninety five percent. I’m your aptly named host. Oh, i’m glad you’re with me. I’d go into burbage oration if you repeated the idea that you missed today’s show your cyber risk bad things can happen to all that data you store on donors, volunteers, employees, vendors and others, but there are ways to minimize your risk and protect your non-profit if a breach occurs, mark shine of marsh and mclennan agency shares his wisdom and beyond online. Teo i r l maria semple are prospect research contributor, and the prospect finder reminds you that ria life conversations remember those little things i can tell you so muchmore about your potential donors than online research. Plus, she has conferences you need to know about on tony’s take two i’m wagging my finger, responsive by pursuing full service fund-raising data driven and technology enabled, you’ll raise more money pursuant dot com and by we be spelling supercool spelling bee fundraisers. We b e spelling dot com here is mark shine with your cyber risk. I’m very glad to welcome mark shine to the studio he is a risk management consultant with martian mclennan agency and an authority on cyber insurance providing strategies to protect sensitive employee, customer and business information. He’s a c i c a c l c s and are i am to find out that very shortly on dh the company is at mm. A hyphen. Any dot com mark is at em. Shine that’s s c h e i n c i c c l c s mark, welcome to studio. Thank you for having me. My pleasure coming closer to mike so we can hear you even shatter. Okay, um, we won’t talk about cyber. Cyber exposure would share what is define it for us first everybody’s talking about the same thing. Sure. So when we look at a cyber attack, you know certain industries think that it has to do with a nation state coming and hacking and things of that nature which which it does it could be, which it does absolutely. Okay, but there’s other exposures that really come tto tto light as well. Three idea we look att information and the type of information that businesses or not-for-profits have. And it really falls into three silos. Person identifiable. Information. P i at nonpublic names, phone numbers, so security numbers, email addresses, physical addresses, things of that nature. Ok, then when we look at p c i, the payment card industry that’s really looking at the credit cards, how many credit cards do you have on file that kind of that kind of information? And then you take a look at p h i information, which is the health care information, and so we look at it from three different from three different segments on dh for not-for-profits when we take a look at it, typically the way that they’re asking their donors to donate is video website and when they go on to the website. Typically what we’ve seen from our clients is you have to put in your name your address, your email addresses, personal latto personal info, a tremendous amount on, and then they ask you for your credit card information in order to make the donation. So now when we look at not-for-profits several years ago, the cyber exposure didn’t necessarily exist. Now there’s certain first party legal responsibilities in the event of a data breach that these non-profits have to comply with. Ok, ok. And you mentioned a whole bunch of acronyms p c i and c i a, which i’m glad you’ve defined because i’m non-profit radio. We have george in jail and i would hate to put you in there on the outside. Sit on. It reminds me that i forgot to go back and look at your acronyms. So you’ve got a bunch of letters after your name? Yes. Ah, i see. I see what’s the c i c commercial. Certify insurance counselor. Sort of what you even get. Confuse yourself, eh? So many. So many seas after my name that yeah, there are. There are three. Ok? So certify insurance, counselor. And then you’re also a c l c s yes, commercial lines covered specialist commercial lines covered specials. Now you must be especially proud of those because those were in your twitter id. Yes. Okay, but then rim what’s his rimming work. You know, what’s rim. I’m not sure what the rim that you’re referring grimm are i am response. The responsible that rim counts. I sit on the rim. Counsel for the pondimin institute, which is the leading organisation for cyber stats in the country. Cyber stats open among latto department institute looks like pokemon but it’s not a problem on that end. Exactly. Okay on dream is responsible information management correct at the pokemon that the bonem mind the parliament, its ottoman parliament. Sorry. Alright. Thank you. Okay, um all right. So we’ve got your credentials are clear. You got a lot of letters, a lot of professional certifications. All right, um, now i i mean, when we think of cyber breaches, i mean, i think of yahoo and target on dh even the democratic national committee meets off these highly sophisticated organizations, i think, a toast in terms of i t i would think that they are are vulnerable than surely small, a midsize non-profits have vulnerabilities to be concerned about. Sure. So so what you’re saying? And again, we’re not going to comment on any specific client just because of the nature of the business and who we are. But we’ll talk about is the exposure’s they all do face on dh. I mean, if these big organizations are at risk with yahoo five hundred million user i ds and, you know, passwords and things, right? I mean, this is so again when you’re looking at a hacker forgetting who the company is, you take a look at the breaches that are going on there now targeting the vendors of some of these larger entities because they realised that the vendors don’t have the same protocols. They don’t have the same budgets to implement the cybersecurity best practices that some of the fortune one thousand companies that you know you previously mentioned half alright, so sometimes it za something that’s, a contractor’s exactly it’s the low hanging fruit that they’re looking for. All right, so there’s a real easy. They don’t want to work any harder than anybody else does. So if they’re able to get into a smaller entity who has access into another larger entities, well, that could be the treasure so that they were just looking for okay, so that raises a good point if we are outsourcing any database management in terms of the of the type of data that you were talking about those three different categories we need to be sure that the vendors were hiring have have either insurance well, insurance, which would you’re not going to talk about and or on dh really should be end high. High levels of security. Correct. So we gotta make sure our subcontractors are vendors. Basically, you want to make sure that you’re doing your due diligence when it comes to your vendor selection. That’s a very important step on duitz something that businesses are now starting to pick up on something of march that we march my client agencies that we recommend when we’re talking to our clients and you hit the nail on the head. Ok, ok, it doesn’t happen often. So thank you for acknowledging the one of the rare instances. All right, right now, if we happen to be ah, ah, a target or a victim of ah, of a cyber exposure. I’m the first thing that occurs to me is a bad press. Yeah, what else? What? One of the risks are way suffer. I mean, not in terms of the data, but just in terms of costs and things like that. Sure. So so when you look at a data breach and you see what the average cost of a data breach was and, you know, the parliament institute, which were just reference the average cost of a data breach was about seven million dollars. In two thousand sixteen and when we look at it, what is the first party legal responsibilities that the business has or the non-profit has to do in the event of a data breach? First, they have to notify they put in a call to there hyre insurance broker they want put the carrier on notice, let him know that the possibility of a claim might be coming down the pike line. Let them work with the prefer providers that the cyber insurance provides toothy entity, then they’ll work with the data breach coach, which is the attorney who let them know what they’re for with their first party league responsibility’s ours builders that forward on then the notification because you not only have to notify the affected individuals in your non for-profit that were affected. But you also have to notify the estate attorney generals where those individuals reside as well. Okay, all right. We’re gonna unpack some of that. We got to go out for a break. Sharon, we come back, mark and i are going to keep talking about that and some of the other the hard costs of recovery. And then, of course, the ways of ensuring against a loss stay with us, you’re tuned to non-profit radio. Tony martignetti also hosts a podcast for the chronicle of philanthropy. Fund-raising fundamentals is a quick ten minute burst of fund-raising insights, published once a month. Tony’s guests are expert in crowdfunding, mobile giving event fund-raising direct mail and donor cultivation. Really, all the fund-raising issues that make you wonder, am i doing this right? Is there a better way there is? Find the fund-raising fundamentals archive it. Tony martignetti dot com that’s marketmesuite n e t t i remember there’s, a g before the end, thousands of listeners have subscribed on itunes. You can also learn maura, the chronicle website, philanthropy dot com fund-raising fundamentals the better way. Welcome back to big non-profit ideas for the other ninety five percent. We’re talking about cyber exposure, cyber breaches and what can happen if you and your constituents are our victim with marke shine, risk management consultant with marshall mclennan agency. Okay, mark, um, before the right before the break, we return about notification. Yes. All right, you gotta let the individual’s no. Yes. And the angels that were affected, that information could be compromised. Attorney general, you mentioned so when the state where the individuals reside, you have to also notify that a state attorney general all those states exactly could be notifying fifty. Well, forty general, forty seven different states have forty seven different state breach notification laws, which make it so complicated in the event of a major breach where you have donors, you know, across multiple different sametz one of the three states where they don’t care about their residents breach of data where those three states, when the close call in after we’ll play the game and we’ll let them call in and figure out if they could guess that. Oh, way. Don’t have way don’t have life callers. Okay, you got to reveal it. Shocking. What are the three? Sure, so, it’s. Some of the provinces province’s, yes way, have forty seven different states that have it it’s. I put you on the spot. Hey, gip. No, no it’s, not a problem. Okay, i get it. I’ll get back to way. We got about fifteen or eighteen more minutes. Ok? That’s right. Just seems to me like those states aren’t protecting. Their citizens are thin this narrow respect. Okay, um, attorneys general, individuals, of course. And you mentioned carrier if you have. Ah, if you have to have a cyber insurance carrier, they have obviously no. Also, exactly. Because the cyber insurance pays for these exposed the first party legal responsibilities the notification that we just went over then the forensic cost. You need to figure out how the breach happened. What did they take? When did it stop? Did you fix the issue now? Carries will pay for the forensic investigation. You also have to provide credit monitoring for the affected individuals. Roughly about twenty dollars per an up individual to provide credit money. Let me ask you about that part. The credit monitoring that i’ve seen the breaches that i’ve been notified about. It’s so it’s. Always been a year. A year of credit monitoring could be too it’s. Okay, i guess i haven’t been lucky. I’ve always been one, so now is that? Is that really valuable? Because i’ve read that this data is actually valuable three or four years later, after it’s been sold and those of us who are the victims have for gotten about the breach, so we’d like we can’t identify where it came from because it’s like two, three, four years later and the credit monitoring is long expired, then sure is that is that true? I mean, is the data more valuable to up to a bad guy? A few years after the breach? Typically the data when it’s out in the market, it’s its most valuable when it first comes out first, comes out when he first comes out. Precisely. You know you look at you. Look at a credit card. You know my credit card has been compromised before. Where there’s been fraudulent charges the next day, my credit card provider sends me a new credit card. Right? Ok. Ok. Credit card. I could see that. But what if it’s ah, date of birth. The address, you know, maybe maybe it’s password to for ah site. I mean, does that? It doesn’t have residual value, you know. Like, years later? Sure as well, you always want to make sure that you have it for when you’re when a company is goingto offer credit monitoring in the event of a data breach, you always want to make sure the year taking the full limits of whatever they’re giving, whether it’s a year or two can information be used. Five, six, seven, ten years down the road. Yeah, absolutely. But if the entity is going to be able to provide you with two years of credit monitoring it’s better than running around without after your information was just out there compromised. Okay? And i guess in terms of the credit card example and that it would cover you that way, but usually goes get a zoo. Said it was get canceled immediately. All right. Um all right. So we’re going to get to the insurance, you know, like the details of insurance. Um, so does that. Does that cover? Like what? That cover everything that the organization should do if they do suffer a breach each. These these notifications. Anything else? So? So they provide the notifications. They deal with the data breach, coach. They could do a forensic. Investigation. You know, some entities will be responsible for pc i fines or penalties or re issuing debit cards or credit cards. The’s a role different coverages that khun b now implemented within a privacy. A network security policy within insurance when we look at most other insurance policies, whether it’s, worker’s, comp, general liability, ah, professional and, you know, exposure, whatever it may be it’s all based off of an isil form and with the ghisolf whoa jargon job. Okay, s o form. Yes, what’s s oh. So i suppose the insurance services organization on dh what they are is they basically provide a vanilla form or vanilla suggestion and each carriers than able to change it a little bit and that’s what they have done to help develop property liability auto so on and so forth, when we look at cyber, there is no isil form, so one carrier can be all the way on one side of the room offering terms and conditions. Another carrier can be all the way on the other side and the prices and the terms khun b wildly different. And the coverage is okay, okay, we’re still going to get to that. More detail. I want to flush out a little something that you mentioned now. Twice. The data breach. Coach? Yes. What is his or her job? Who is that? Sure. So typically, what happens is each insurer will have ah, panel counsel or they’ll let you select your data breach, coach. And they will walk you through what your liabilities are, who to speak to who, not to speak to what you should be saying. What? Just not what? Your first party legal responsibilities are there going to be your end? All be all guide. Okay? On dh, they come from the carrier. Typically us okay? Or recommended by the carriers, like, typically comes from a panel counsel that the carriers have already selected. Ok, ok. Um all right. So why don’t we get into a little bit of detail about, um, different types of policies now, there’s there’s to protect yourself? Particular organization? No, that i know. There’s. Cyber insurance and there’s cyber liability. These two different categories of coverage. What? We’re all interchangeable. Okay, so same thing. Really? Okay. Privacy in network security is the technical term cyber insurance or cyber liabilities? The street name, if you will. Ok, i’m a street guy. We’re going to be okay, so what what what are we looking for? If where if we want to be out in the cyber insurance policy marketplace, what features should we be looking for? Well, you think it really depends on, you know, the entity and what their concerns are, because you want to make sure that this coverage specifically is highly customized for the specific business, so one of your not-for-profits that might have five hundred employees might have a dramatically different exposure than a company who has fifty employees out in north dakota, so we need to again figure out what their true exposures are. So we work with a client like we do on a daily basis, talk to them, figure out what their risk tolerance is, because cyber insurance, although it’s a technical challenge, the risks still is transferred to an insurance carrier or it’s held within to ah, an anti itself now are their policies that are for small organizations like suppose an organization has just eight or ten employees, maybe they have fifteen hundred donors, two thousand donors, they have some credit card info that they’re saving, which i guess we’re talking about whether they really need to save it. Or just transact with it, but they’ve got they’ve got that they’ve got some personal information because they like to send paper mail as well, and they’ve got is email addresses. Is there coverage for, ah, smaller organization like that? Absolutely they i mean, you could get privacy in network security first, a company smaller than that. Ok, eso eso absolutely size is not an issue when it come comes to obtaining this type of coverage. Okay, um, i don’t suppose it’s possible tow the premiums could are gonna vary wildly depending on what the what the risk precise exposure is like. So you can’t really ask, no point really, and asking what? Like what a premium thing would look like. All right, i don’t think, you know, i mean, you hit the nail on the head. It varies dramatically between the amount of records that you have, the type of information that you’re collecting the way that you’re storing the information, all of those play factors. And when trying to quantify what the premiums would be a first, i relied bilich policy, i have no one had twice, twice in one interview. It’s don’t get that’s a record, thank you now should i should’ve vendor of of these kinds of policies be able to help you determine whether you’re saving info that you don’t need to save and, you know, going to the point that you just mentioned if you are with the info that you are safe, so are you savings stuff you don’t need to do and what you are saving. Are you saving it in the right way under security under the right security? Is that is that part of this or that something separate? No, no, it’s absolutely. We want to make sure that we understand the culture of the business, and we want to make sure that they take cyber security to the highest regard in two thousand seventeen. This is one of the crown jewels, the intangible information that a business has on their donors, their clients, etcetera s o typically, what we like to recommend is some type of vulnerability and penetration testing an ongoing test that will say where where you guys are from a security standpoint right now, what the culture looks like, which changed? Andi in-kind gives you a snapshot in time of where we currently stand. Oh, this sounds like a very sophisticated vulnerability and penetration testing. Correct? Excuse me. Who does the who runs a test like that? I mean that something has been sighted. Offers cybersecurity firms, firms. Okay, it doesn’t have to engage a firm. Exactly. Go on, attack your precisely your size or your social media ate your internal networks, your servers, that nature. Exactly. Okay. Um, all right, what else? What else should we be thinking about? Is we’re going out into the marketplace? E think it’s, even before you go out to the market place that’s really, what your listeners need to think about is the proactive steps that they could do in order to make themselves a better risk. So when they’re out in the marketplace, a carrier wants to give them more favorable terms. So doing things like creating an incident response plan that basically says who’s in charge of what information who’s going to be notifying who in the event of a data breach which information was classified? Where, who had access to what? All of those different types of questions you want to make sure that you have that document in hand? It’s kind of like a fire. Drill back when you’re in elementary school, you want to make sure when the fire happens, you knew exactly where to meet the teacher the you know, the corner of the road, it’s the same thing when a data breach happened, you want to know exactly who is going to be dealing with the vendors and who had access to the information. The time to figure this out is before breach not after you in a crisis, their precise that’s the third time in the interview here, here, if they knew this guy’s coming back. Oh, my god. Okay, yeah, you’re in crisis and yeah, all right, what else? Things. These are things that you mentioned underwriter. So these are things you can do that will bring your policy, your premium down, you’ll look more favorable to an insurer. You will be a more favorable real scared. The more that you put involving your in growing efforts on cybersecurity, the more better off that a business is going to be going forward. Okay, don’t see intangible property going away any time soon. More people more aunties or collecting mohr information in two thousand seventeen than ever before. There’s a trend? That’s not going away. So we advise our clients to be proactive rather than reactive when that’s what we work with them on what else besides the incident response plan, could we could we be doing proactively? Sure what you want to engage with attorney to again draw the instant response plan? You will make sure you doing your vulnerability and penetration test. That’s what? I want to deal with your cyber insurance broker to make sure that things on the applications or actually being done and you’re not making a material misrepresentation when filling out an application. So if you spat that’s bad, absolute if you’re claiming claiming you have a plan or you’ve done vulnerability testing or something, and then then there’s a claim, and it turns out that you haven’t. Yeah, yeah, that could be trouble. Precisely. We don’t want to line an application. We make sure that our clients are truthful on. We work with them to find the best carrier for their certain circumstances. Okay? Okay. Anything else we can do proactively before we’re in crisis mode or, you know, we just maybe it’s part of our strategic plan. We’re planning for this. What if? There’s one thing that i can recommend to the management of the not-for-profits that listen to this organ, this radio station, you want to make sure that your training, your employees, the employees error factor can be the difference between a data breach in a non data breach if they know to what to look for in terms of a phishing attack on that can lead to some type of rain somewhere. These rural types of methods now that entities are individuals are using to try and breach a company, so we want to make sure that we train our employees thoroughly. What to look out for what to click on what not to click on that’s one of the biggest things that i would recommend when i go out and i do my talks, his employee training because employees era unfortunately causes a tremendous amount of breaches. Ok? Yeah, we’ve been thinking about the bad actors coming in, but you can keep them from coming in precise don’t click on the attachment there sametz expecting or doesn’t look familiar to you. Yeah, and on the same point of the employee training, what happens when the employees sent an e mail to jane doe and i’m supposed to go to john doe. And now all of that census information or the credit cards from your donors are now out there in the public. Well, now you have a data breach. So again, making sure the right protocols are in place. So an email doesn’t get sent. Teo, you know john dahna supposed to go to change original employee training. I can’t stress it. Enough is one of the biggest thing. I get your passion here. I feel it it’s it’s palpable in the studio. What else can we be training on them? This because this is valuable for people who even may not be. Then there may not be in the insurance marketplace or they may not be out looking. But but there are things that they can do to help protect themselves. Or what else can we include in employee training around this? Sure. You wanna make sure the policies and procedures in place classifications, policies things of that nature. Pacification of the information. What information was segmented? Was all of your information on your server? Was the secretary ableto access the same information? Is the ceo yes, levels? Right. So levels of employee access exactly. People classification. Okay, okay. You find that in database precise programs are apt aps typically, you know, somebody’s a super user. Only certain people can see social security numbers. Percent have access to things like that. And you want to make sure again the ceo is able to see certain information that perhaps the you know, the rank and file doesn’t necessarily need to see. Okay, so if there’s information out there that is highly sensitive and employees don’t need to see it there’s no actual there’s. No reason to give them access to it. Right? You have a business need exactly exactly, exactly so, it’s, just again. Doing your due diligence ahead of time rather than post. Ok. Anything else? Try employee training. This is gold. This is charlie’s gold for listeners. So what else can what else could be, including employee training again, i think we hit on a bunch of the major. But this way, you know, if you like one of your guests, i could put you in touch with a good friend of mine who does some of the training. And they could go into more detail. But my really okay experiences qualifying. Quantifying what a breach could come or cost and not for profit. And how come the bottom line of their piano? Right. Okay. Okay. Uh, now we still have some more time left. Eso let’s. Okay, like two or three minutes left to share. What happened? I asked you that you want to talk about i think the trends of the way that the breach has been happening. We’re seeing now certain thie carriers are now changing the policies because of the way that the attacks are happening. You know, what’s happened things like social engineering, social deception, that’s now you can now get incorporated into the cyber liability policies. What is this social engineering, social deception with so have you have you have you heard about the types of emails that are coming to the c suites? Were the rank and file from the c suite saying, can you make a payment to x y z company? We’re looking to acquire somebody, right? We call it voluntary parting of funds and this is now the need for a holistic point of view from a risk management standpoint when looking at a cyber exposure because this is a part where the crime policy and the cyber policy can interline to try and provide coverage so it may not just be crime may not should be cyber, but if yu of the overlap of the two, that might be the best form. So we want to make sure that we truly again understand the client specific needs. Because what we talked about today was all generalizations way need to understand their actual risk profile that you mentioned a crime policy. Now, this is something we haven’t talked about. This is something unrelated, right? Precisely. Coverage against crimes against the organization. Different types of crimes. Could be. You know, for this, the voluntary parting of funds, if somebody’s willing to transfer monies if sounds so innocuous. Voluntary parting of funds that sounds like i write my niece a check. That’s a voluntary parting of fund. I gave her fifty dollars for a birthday. It was young that’s. Why? Fifty dollars is enough. Don’t you think, uncle, you wanted to give you you needs to fifty dollars. Typically when these air going on this is ah, bad actor that it tricked and employees to release the funds like your example? Okay. Precise. Alright, thank you very much. We’re going to be there. Absolutely. Thanks for having me. Thank you for being in the studio. Mark shine. You’ll find him at m a c h e i n and then his credentials c i c c l c s thank you very much again, mark. Thanks don’t appreciate the very timely discussion we had because just today ah, sixteen health facilities in britain were breached. People couldn’t reach their own data. Medical facilities couldn’t reach patient data. Patients had to be diverted. So that’s, just today’s headline we got maria simple coming up with beyond online to hell first. Pursuant, they’ve got a new paper it’s free. Of course. Lots of free content from pursuant breakthrough fund-raising achieved the impossible with a new way of thinking. What is brick troop? What does break through thinking? And can you say it? And how do you get it? To help? Ah, use it to help you overcome your organization’s challenges like speaking and moving lips and tongue in move in precise ways that will actually form syllables which turn into words and sentences. How do you do that? Breakthrough thinking of course. How do you set a breakthrough outcome? How do you make sure that that outcome is going to reach far enough and achieve something that seems out of reach to you? But is not all right identifying actionable strategies to create a culture of breakthrough that’s, what’s all in this paper? Learn breakthrough fund-raising you can learn it, go to pursuing dot com click resource is than content papers. I hope you have more success reading it. Then i did talking about it. We’ll be spelling. Do you need to raise more money? One engage millennials, perhaps host of fund-raising spelling bee it’s a night out at a local place that’s devoted to raising money for your non-profit check out their video at we b e spelling dot com, and they get in touch with ceo alex greer. Very nice guy, stupid, stupendous guy, he’s an amazing guy. I love this guy, alex career ceo on duh you’ll find out more he’ll fill you in now. Time for tony’s take two. Are you properly registered in each state where you solicit donations? I’m wagging my finger at you if you are a northern louisiana charity, perhaps and you’re sending email to southern arkansas needs a register in both states if you’re in eastern oregon non-profit and you’re hosting an event in western idaho, you need to register in both wherever you are. If you mail solicitation pieces to retirees in florida, you need to register down there. Don’t get caught with your shorts down, please. That reminds me i wrote that. But then this reminds me of ah, this company truck that i saw once said ganz or electric, let us check your shorts. I love that. Ah that’s another that reminds me of another one. Um, it was roofing fiedler roofing it’s only done right if there’s a fiedler on the roof. I love those. I don’t know if ganz or electric and fiedler roofing. They’re out there somewhere. Okay. Charity registration back to that. I can help you. If you want help, i can help you do it. The video explaining what you got to do and what this is all about is that tony martignetti dot com. And that is tony’s. Take two. You probably very much looking forward to maria semple because i’ve i don’t know. It’s it’s, philo rough today. So let’s zoho maria semple to do a lot of talking and ill will just have sam bring my mike down. She’s the prospect finder she’s, a trainer and speaker on prospect research. Her latest book is magnify your business tips, tools and strategies for growing your business or your non-profit she’s our doi and of dirt cheap and free she’s at the prospect finder dot com and at maria simple. Welcome back, maria. Thanks for having me, it’s. Great to be here. And you’re in the studio today. Absolutely. That’s that’s, always special in the studio share is it’s not a great day to be in the studio with me, even though the first part was pre recorded. I don’t know how you can help me change the trajectory. There you go of my performance. Yeah, don’t don’t take your mic down because then it’s no fun. Okay, well, that’s ah, today that’s a debatable question. Typically, i would agree with you. All right, so we’re talking about going on beyond online and this is actually a topic that i think brought you and i together in early days, back when i used to write blawg posts actually write words i wrote something. On the value of going not only is researching online, but the value of actually talking to your potential donors, and i’m pretty sure you commented on it. Yeah, probably, yeah, there was one of the only things yes together. Yeah, yeah. So, you know, so many times when you think about prospect research and even on the shows that we’ve had, we’ve really focused a lot on the online stuff, you know, the technology and, you know, how can we get information? But, you know, we we haven’t spent a lot of time talking about, well, what are some of those offline strategies, those people, two people strategies that you can use to elicit cem, great information. And, you know, sometimes when i’m sitting there typing up profiles on individuals, there are things that i just, i guess, out of curiosity really want to know about that person, you know, i want to know more about what makes them tick and, you know, the strength of their marriage, strange from their kids, like those kind of questions, maybe no, but we have to get along with her parents just really what, what, what their interests are what are they? Really doing in the non-profits more conventional. Yeah, yeah. How are they spending? You know, even how, but but maybe even how are they spending there? Ah, they’re free time. Like how do they spend it? Are they volunteering? Are they? You know, vacationing? Are they advocating? You know, what are they doing so very often? I wish i could, you know, call up that person that i’m researching and say, hey, i got a couple of holes missing here in this profile and a love to ask you a few questions, and i have thought and going back to that blood posted i wrote years ago, you know, talking to the person and there’s other people who could talk to do we’re going to we’re going to talk about that, but talking to the person i’ve always thought is just a great source of information just ask open ended questions, right? And you find out about not only about their interests within the organization, but they’re family circumstances where they like to vacation, you know? I mean, who they who their friends are that might be affiliated with the organization that they might be willing to bring in and you know, you just you find out so much if you would just, uh yeah, talk to people. Absolutely, absolutely. So, you know, if if you know, if you’re doing the prospect research for the organization, i’m going to give you some some questions to think about. But also, you might think about ceding your your your development staff, your executive director and you’re bored with some of these questions that they might just curious, you know, in their conversations with people they might be ableto ask so that you can fill in maybe some some holes that you might have on the donor profile that you might be, you know, compiling on this person or just, you know, at some point filling in night now you and i have talked about boards being valuable for prospect research and occasionally or you think you advocate even regularly making part of boardmember or period board meetings or periodically list of prospects? Yes, a swell as institutional funders, funders and people thes air these these are the people in the organizations that are on our screen right now. Yeah. How can you help us with any of these? Right? Right. So it could be it could be through that process that you could elicit the information another way you could potentially do this is, you know, tony, you’ve, you’ve probably heard this phrase where if you want to get money, ask people for their opinion, has them for their opinion and they’ll give you money. So if you can figure out a way, tio, engage people either through a formal feasibility study or bring together some sort of small focus groups where you’re really getting people engaged and asking them questions and making sure that they understand there’s, there’s, there’s nothing behind this, we’re not you’re not being brought in the room to to solicit you in any way. We just really want your opinion, and i think that people start to feel more engaged and and committed to an organization once they understand that. Oh, you know that they want to know what i think about this organization and how to move it forward into the future. So, you know, i you know, kind of came up with my top ten questions that i thought i would love to ask, okay? Okay, we’ll get to those, um we’re going to get there. Um, so we mentioned the board as a good source. Focusedbuyer oops, sorry, focus group staff, you’re you’re you’re might be development staff, but not necessarily could be staff that’s interacting with people in a different in a different way besides fund-raising that’s, right? That’s, right? So maybe it is staff that’s involved with really just ah, organizing your volunteers so you might have a volunteer engagement person on staff that really just that focuses on your special events? Ah, you’re runs your walks, things like that s so they could be sort of armed with this set of questions as well, so they could just happy just be kind of on their radar and be always looking to collect this type of data because the type of data that we’re about to talk about a lot of times, you just can’t even find it on you. Yeah, and ah, and i think it goes to really good development work to be able to source that data and fill in some of those holes and missing piece puzzle pieces, so dismayed now this raises the question of social media, so when you’re researching prospects, do you go to their social media accounts to see what what might be public like if a lot of their facebook posts are public now, some people keep them private, but or only to their friends. But do you do you look at social media? Tio try to fill in hold while i tell you what i actually do? Because one of the things that i do, of course, is i google somebody’s name. So when i do that and on page one of google search results very often will be their social media accounts, they’re linked in their facebook instagram, right? So even even you think okay, well, it’s an instagram account it’s all photos. What am i going to gain from that? But you can really gain a lot of information avectra their second home? Yeah, their boat, their plane? Yeah, i mean, our just, you know, maybe maybe there really into birding, for example. So they’ve got, you know, a lot of pictures around that and you think ok, well, gee were an environmental organization. We didn’t realise they had this particular interest within our scope. Eso you, khun really? Maybe even learn a lot, you know? They say a picture’s worth a thousand words, right before you just filled with the old the old saying, zoho yes, yes, i’ve heard that you have heard that, you know, so you know for sure on dh, then then let’s not forget some of the some of these platforms that also allow for video, so my goodness, when they then not only have photos up there, but then they’re involving video as well. So if it’s if it’s public right? Um and, you know, that’s not somehow password protected or privacy protected, then it’s in the public domain, you’re not going in friending all these prospect? No, no, no, no, to try to sneak in, no, no, and become their friends absolutely know you’re going? No, no, absolutely not. But i will say one thing about the linked in if you’re doing the research there. Ah, there is a way to set your your privacy settings in such a way that you will like if i’m researching you, tony, or if i’m just looking at your linked in profile, i go in as anonymous an anonymous user, so you won’t know that i was looking at your profile really, however, give up the ability to see who’s been looking at mine. Oh, well, i wouldn’t care about that. How do we set that? So you go into the privacy settings, and, um, and one of the options is, you know how you want to appear to others. When you are looking at their profiles, they’re three settings there’s one that’s, fully transparent. So your your your picture will be there. Your name will be there, and your headline will be there. Right? That’s the setting that allows you to also then see who’s been looking at your profile. If you choose that setting, then there’s two private settings. One is semi private, so i could come across as just somebody who’s in the management consulting industry in the greater new york city area. Or i could be anonymous. Okay, so those air, the two private and semi private said they’re either naked, topless for that’s. Fully clue, fully clothed. Okay, um, all right. And that’s. Very interesting. I mean, i would i could care less. Who looks looks at mine. I get those e mails. I know it is an option. I can turn off, but i just haven’t. But, you know, whatever. Twelve fourteen people looked at your your your profile this because i don’t care and okay, but so now so if i turn around but you could turn it on and off you can’t you don’t want to you want to be if you want to be naked sometimes and fully exposed could do that if you want to put your clothes on top and bottom tops and bottoms like jammies like foot season, everything right on the twenty years and everything, you know and hoody you could do that to write. Okay, you go back for all right? This is all online. And what i promised was we’re going to go beyond online in real life. But this is all valuable. So we do whatever the hell i want the okay, um, he’s going rogue it’s my show now, it’s not rogue. It sze mainstream sametz dream it’s twenty martignetti non-profit radio. All right, now you have questions that are good for in real life. Real life questions. So let’s, talk about some of those for aa for a couple minutes before we take a break. So what kind of things should we be putting out into? Our among? Our people, because it is not just for us to be asking, but all the people that we just think about a few minutes ago, and also these would work really well in, like i said, a focus group or or a feasibility study type of the situation. So question number one, what do you feel are the most pressing challenges for our community? And i often can’t find that type of information, right? So you’re now you’re getting into the mind of that individual and you’re getting them to talk about what are the challenges that you see, not only with regard to the service types of services that we provide, but in our community? What are the challenges that you see? And then, you know, hopefully from their conversation will will happen around, you know, how does does this particular non-profit even address any of those challenges? And it may not be appropriate that in fact, that’s your next suggestion? What role do you see? Non-profits playing resolving the issues, right? That that are pressing for you, actually, that you feel, you know, i like this, you know? What do you feel? Because you’re asking the person what’s their opinion where their feelings about write something good, open ended questions. Yeah, yeah, yeah. You definitely want to make sure that they are open ended and not just yes or no questions, right? Because what you’re looking to do here is really just listen, um, and and i think that, you know, this is something that i think especially those of us in the northeast. We’re so used to talk, talk, talk, talk that we have that we have trouble just listening. I don’t know you may have that trouble. I don’t feel i have that trouble. Well, you know, you’re already transitioning to the south so well, slowly but that’s like degree of sarcasm. Okay. So, you know, how do you see us fitting into it? Yeah. How do you see are not fitting into this into addressing this particular in need. You know what? How can we help address this need in our community, in the community? Is it appropriate for us to be addressing this need within our community? All right. Do you feel like this should be? It should be a priority for us. Yeah, it is. Or it isn’t. And some of these i think are things that i mean? I hope that fundraisers, frontline fundraisers have in mind, and they are asking people, you know, a taste. These last couple that we talked about, you know, what are we doing right? How do we, how do you think we fit in? How do you feel about the work that we do have to fit into the community? You know, what else should we be hitting on that we’re not things like that, all right, we got to go take our car break. When we come back, we got live, listen, love, et cetera, et cetera, stay with us. Like what you’re hearing a non-profit radio tony’s got more on youtube, you’ll find clips from stand up comedy tv spots and exclusive interviews catch guests like seth gordon. Craig newmark, the founder of craigslist marquis of eco enterprises, charles best from donors choose dot org’s aria finger, do something that or neo-sage levine from new york universities heimans center on philantech tony tweets to he finds the best content from the most knowledgeable, interesting people in and around non-profits to share on his stream. If you have valuable info, he wants to re tweet you during the show. You can join the conversation on twitter using hashtag non-profit radio twitter is an easy way to reach tony he’s at tony martignetti narasimhan t i g e n e t t i remember there’s a g before the end he hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a short monthly show devoted to getting over your fund-raising hartals just like non-profit radio, toni talks to leading thinkers, experts and cool people with great ideas. As one fan said, tony picks their brains and i don’t have to leave my office fund-raising fundamentals was recently dubbed the most helpful non-profit podcast you have ever heard. You can also join the conversation on facebook, where you can ask questions before or after the show. The guests were there, too. Get insider show alerts by email, tony tells you who’s on each week and always includes link so that you can contact guess directly. To sign up, visit the facebook page for tony martignetti dot com. I’m chuck longfield of blackbaud. And you’re listening to tony martignetti non-profit radio. Big non-profit ideas for the other ninety five percent. We have got live listeners all over the country, it’s amazing, but we’re booming today from new bern, north carolina. Bradenton, florida, and tampa, florida. Basically, we’ve got all this is that this is a first for non-profit radio for sure, we’ve got all five boroughs of the city checked in bayside and rochdale in queens, bronx. Cancel your neighborhood, brooklyn can’t see your neighborhood. Manhattan and staten island got all five boroughs checked in live listener love throughout the city of new york throughout the five boroughs. Also blair’s town new jersey used to go to boy scout camp in blair’s town no, be bosco stood for north bergen boy scouts no be bosco bladders in blair’s town and that’s, where they filmed friday the thirteenth one of kevin bacon’s early movies flight friday, the thirteenth films at that boy scout camp in blast down new jersey live listener love to you blessed town also woodbridge new jerseys with us i’m nowhere altum pandu jersey is where my mother and father are they did not check in they’re checking out there so i don’t know but they’re not checked in we got all way all the way west coast. Can’t washington live? Listen, love out to the upper northwest? Um, i think that’s, everybody so far in the us of a how about germany, multiple cities in germany? Guten tag, spain. I can’t see your city, i’m sorry, but spain, buenos di days. I’ve got a newcomer. Ah, the area of the stars of by john the town is tub breeze and that’s, iran welcome, iran live with their love to you in iran, give us a high five from iran. On the heels of the live listen, love, of course, comes the podcast pleasantries, maria samples getting close to her, mike thinking that’s her time to talk again. But it’s? Not quite because we’ve got to do the podcast pleasantries, she’s trying to cut you off podcast listeners. She doesn’t want me to do it, but her restraints are are ill are feeble against my will to do podcast pleasantries to the over twenty, twelve thousand listeners, whenever you are whatever device i am so glad you’re with us pleasantries to you and the affiliate affections to our am and fm listeners throughout the country. So glad that you are with us as well affections to you on those analog devices glad you’re with us. Ok, marie simple. Now it’s back your turn. You can sit up straight again. Maria sample. You’ll find her at the prospect finder dot com and she’s at maria simple. Um, yeah. So more questions we got. We got some more questions that we’d like to be asking. Yeah, absolutely, absolutely. So these next two questions are very inter related, and they may be difficult for you to ask directly to someone it might work. Better in mohr of aa group situation, and i think it would work really well if you had, i’m going to say, ah, third party may be a consultant or other volunteers, perhaps asking this question, so the questions are, what are we doing right? And what can we improve? Because i think you’re going to learn a lot about how your organization is serving the community. And maybe there is some gaps that that that these potential donors feel thatyou’re not filling but should be filling eso it sounds particularly student to a focus group, right? Or a feasibility study, a consultant asking feasibility study questions of individuals or couples one on one yeah, yeah, absolutely, absolutely. And this next question really has to do more with your communications and how you’re communicating with people and, you know, you know, are we transparent and communicating effectively regarding our programs and achievements? S o you know, i think that fund-raising and communications marketing, pr, whatever you want to call it are they cannot live in silos, they absolutely are interrelated when one one part of that is not going well, it’s going to impact thie other side and vice versa. So i think it is important to have an understanding of, you know, are you over communicating under communicating, you know, sometimes donors feel like, you know, g the only time we ever hear from this organization is when they’re asking for money that’s always about right, right? So, you know, are you adequately communicate? And also, how would you like to be communicated with right? Do you prefer email, paper, mail, phone twitter, you know, how would you like us to be talking to you, right, exactly what channel? So yeah and thiss next question i really like because now we’re going to start to understand, will these people be willing to make a major number seven minutes if you like this one? Where was this number seven? Well, no, i mean, because now we’re getting into more of a major gift flow of questions arc to the right, right? We’re approaching danamon right there, and then we’re going on that we’re goingto leave xena, ok, exactly. Bonem so have you ever made a multi year commitment to a non profit organization? And would you ever consider doing so? So not necessarily to your non-profit to a nonprofit organization ok, you need to go through the next couple quickly. Okay, great. We have a few minutes left and we got to talk about conferences. Okay. Great. Read them off. All right. So how many non-profits do you typically support in a given year? Do you give more to an organization when you are involved in its leadership? Would you like to be a boardmember? Etcetera? Volunteermatch ok. And who else should we be talking to? Excellent. Right? Because you you who have your in your network and you bring to us, right? Who in your circle of influence should we be talking? Teo? All right. Excellent. In real life, go there. Don’t ignore the in real life. It’s it’s it’s part of you being a human being. It’s not all digital. Okay, let’s, go to conferences. If you want to meet in real life, we have a nap. Unconference association of professional researchers in advancement, right? Where’s that that’s, right? So they’re big annual conference it’s their thirtieth actually is happening in anaheim, california. This year on july twenty sixth through the twenty nine, you’re going to be there? I am not. No, i’m not. I’m not going to. Be attending it this year, but i do want to make sure that everybody is, you know, he’s aware that it’s there in case they want to get some extra education and this information as well as a lot of this other stuff i’m going to bring up now is all available on apple. His website, which is a p r a home dot org’s. So that’s apra home dot order s so that’s, the big, the big international conference. A bunch of statewide stuff just passed in in april, but a couple of other upcoming things that i did want to bring to your attention. So if you are members of the florida chapter of apra, they’ve gotta state conference coming up june eighth through the ninth, we’ve got anapa overdrive one day conference coming up in seattle, washington may twenty fifth, there’s a couple of webinars coming up a free one on june fifteenth. Ah, getting the most out of wealth screening and they’ve got one that they’re running in conjunction with a f p called you khun do it research at your finger tips and that’s going to be on august twenty third i don’t know about all these is available on apple home dot org’s. Yes, yes, it iss that’s. That’s exactly where i got it from. Okay, very good. We gotta leave it there. She’s a prospect. Find her again at maria simple and at the prospect finder. Dotcom. Thank you, sir, for being in the studio. I was so glad to be here too. Two force cracked like a fourteen year old is unbelievable. Next week, health care funding options and jean takagi is back. If you missed any part of today’s show, i beseech you, find it on tony martignetti dot com. We’re sponsored by pursuant online tools for small and midsize non-profits data driven and technology enabled and by we be spelling supercool spelling bee fundraisers we b e spelling dot com our creative producers claire meyerhoff. Sam liebowitz is the line producer. Betty mcardle is our am and fm outreach director shows social media is by susan chavez. And this cool music is by scott stein you with me next week for non-profit radio big non-profit ideas for the other ninety five percent. Hopefully i’ll be more articulate, go out and be great. What’s not to love about non-profit radio tony gets the best guests check this out from seth godin this’s the first revolution since tv nineteen fifty and henry ford nineteen twenty it’s the revolution of our lifetime here’s a smart, simple idea from craigslist founder craig newmark insights orn presentation or anything? People don’t really need the fancy stuff they need something which is simple and fast. When’s the best time to post on facebook facebook’s andrew noise nose at traffic is at an all time hyre on nine a, m or eight pm so that’s, when you should be posting your most meaningful post here’s aria finger ceo of do something dot or ge young people are not going to be involved in social change if it’s boring and they don’t see the impact of what they’re doing. So you got to make it fun and applicable to these young people look so otherwise a fifteen and sixteen year old they have better things to do if they have xbox, they have tv, they have their cell phone. Amador is the founder of idealised took two or three years for foundation staff sort of dane toe add an email. Address their card. It was like it was phone. This email thing is fired-up that’s why should i give it away? Charles best founded donors choose dot or ge somehow they’ve gotten in touch kind of off line as it were on dno, two exchanges of brownies and visits and physical gift mark echo is the founder and ceo of eco enterprises. You may be wearing his hoodies and shirts. Tony talked to him. Yeah, you know, i just i’m a big believer that’s not what you make in life. It sze, you know, tell you make people feel this is public radio host majora carter. Innovation is in the power of understanding that you don’t just do it. You put money on a situation expected to hell. You put money in a situation and invested and expect it to grow and savvy advice for success from eric sabiston. What separates those who achieve from those who do not is in direct proportion to one’s ability to ask others for help. The smartest experts and leading thinkers air on tony martignetti non-profit radio big non-profit ideas for the other ninety five percent.

Nonprofit Radio for November 20, 2015: Get Creative & Safeguard Your Donor Data

Big Nonprofit Ideas for the Other 95%

I love our sponsor!

Do you want to find more prospects & raise more money? Pursuant is a full-service fundraising agency, leveraging data & technology.

Sign-up for show alerts!

Listen Live or Archive:

My Guests:

Lissa Piercy: Get Creative

Lissa Piercy

Thought about poets and other artists as part of your board meetings, trainings and conferences? How about open mics? Lissa Piercy reveals why you need to consider these and how to get them done. She’s executive director at Strength of Doves.

 

 

Scott Koegler: Safeguard Your Donor Data

Scott Koegler has tips on how to preserve and protect your donors’ sensitive information. How much do you need to save? He’s editor of Nonprofit Technology News. (Originally aired on December 6, 2013.)

 

 

 


Top Trends. Sound Advice. Lively Conversation.

You’re on the air and on target as I delve into the big issues facing your nonprofit—and your career.

If you have big dreams but an average budget, tune in to Tony Martignetti Nonprofit Radio.

I interview the best in the business on every topic from board relations, fundraising, social media and compliance, to technology, accounting, volunteer management, finance, marketing and beyond. Always with you in mind.

Sign-up for show alerts!

Sponsored by:


View Full Transcript

Transcript for 267_tony_martignetti_nonprofit_radio_20151120.mp3

Processed on: 2018-11-11T23:25:56.877Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2015…11…267_tony_martignetti_nonprofit_radio_20151120.mp3.41143129.json
Path to text: transcripts/2015/11/267_tony_martignetti_nonprofit_radio_20151120.txt

Hello and welcome to tony martignetti non-profit radio big non-profit ideas for the other ninety five percent. I’m your aptly named host. Oh, i’m glad you’re with me. I’d be thrown into tableau paralysis. If it came to mind that you missed today’s show, get creative thought about poets and other artists as part of your board meetings, trainings and conferences. How about open mikes? Lissa piercy reveals why you need to consider these and how to get them done. She’s, executive director. At strength of doves and secure your donordigital scott koegler has tips on how to preserve and protect your donor’s sensitive information. How much do you need to save he’s, editor of non-profit technology news that originally aired on december six twenty thirteen between the guests on tony’s take two five minute planned giving marketing responsive by pursuing full service fund-raising data driven and technology enabled, you’ll raise more money pursuant dot com. Dr a trip or journey in a car also an internal, biologically determined urge to attain or satisfy a need. It is after ten p m on a friday night, and i’m standing alone in a laundry room in boulder, colorado, a student in a social entrepreneurship program my whole life is waiting for me back in boston, i am watching the live stream of a national poetry slam competition. I am watching the first poet i added to our roster win a national poetry slam competition. I am fist pumping the air, i am stumping my foot! I’m screaming to an empty room. I’m remembering yesterday when i questioned why i had taken on the task go starting a business in the first place. I am crying and smiling and balancing computer and cell phone and laundry and coffee and laughing because this is what a start up looks like when i opened my computer one hour before tomorrow on a friday night and cringe at the emails that all seem urgent that all scream no sleep when the coffee wears off and the grant application start to blur when the mission feels miles away from my office when my office is really just a coffee shop or a living room or a kitchen when i stare at spreadsheets that looked like foreign language, like potential failure or future like risk risk, a situation involving exposure to danger. Also, every time i have ever followed my gut, sometimes you’ve just got to throw out the plan and follow your gut, grit, courage and resolve strength of character. Also small, loose particles of stone or sand. And some days i feel like sand small enough to slip through the cracks of this foundation i am building. In those moments, i think of the poet who risks reputation on a national stage to proclaim her love of women. The poet who tells the story of her sexual assault so that a girl in a middle school classroom can finally feel safe confessing the violation of her body. The poet who rejects gender pronouns and reminds me that this world has never been binary. The poet who run straight into vulnerability and somehow comes out stronger for her honesty. These poets so purpose into fists i wanted to raise at a world that took my father away. These poets raised their hands. Up, don’t shoot taught me to proclaim don’t shoot in my name, these poets, the heart of these poets heart, hollow, muscular organ also the center or innermost part of something. And aren’t we all just trying to find the innermost part of something thing? It took poetry and entrepreneurship for me to find the innermost parts of me. Lissa piercy she is co founder and executive director at strength of doves, an agency which is itself a non-profit the represents socially conscious, activist spoken word artists, they connect poets to venues and organizations. They’re at strength of doves dot com and lissa is at lissa poet the sapir c welcome to the show, thank you so much for having me beautiful energy. Tell us what is the story behind that? Well, i was actually commissioned to write that poem by the center for social impact learning, which is part of a graduate program with middlebury it’s, located in monterey, california, and they asked me to write a poem for their launch of this social centre. So i put up a facebook status and asked my entrepreneurial friends to tell me the words they think of when they think of social entrepreneurship and i got a bunch of words and a lot of them are in that poem, so dr grit risk. And so then i put a poem together for the launch of their center, and the name of the poem is is called dr excellent. All right, so we’re talking about maur creativity inside your organization outside the organization, using poets and other artists to sort of open things up. Yeah, and let’s, let’s start with, like, internally intern where where might we bring in? Argast? S o i think that internally creativity and a non-profit you can start with your board meetings or even just kind of your regular staff meetings. So i like to say that you know, a lot of the time we think about innovation when it comes to our programming or our products. We don’t always think about innovation when we’re thinking about how we run a meeting on a monday morning or board meeting so it can start with kind of basic creativity like, for example, there’s, an organization called the millennium campus network. Their board meeting, one of their board members told me recently, was the best board meeting she’d ever been tio, they didn’t use poetry, but what they did was they created a hackathon in their board meeting, so they were really creative about how they put the board meeting together, which i thought was fascinating. So i talked to abigail, who had created that plan, and she said that for them, creativity started with the way they set up the room. So thinking about what’s on the walls of your room in your meeting and what? What are you doing to kind of create a setting that feels different than other board meetings? Do our other monday morning meetings? I think, for example, there’s, a site called button poetry, it’s, a youtube channel and there’s tons and tons of spoken word poems. They’re they’re typically about three minutes long. You could even just play a poem at the beginning of your meeting, and it opens up a part of the brain that gets you thinking in a different way, and i just think so often we look at meetings is something that we dread going to and sitting through. So you start by infusing something different at the top of your meeting, it can really shift and change. The whole energy of the meeting do you think it’s risky toe invite meeting participants, too, do their own performance? No, i think actually you’ll get surprising results if you do that. When i found i run open mic set conferences so, like the opportunity collaboration, i did some stuff with the school world forum, and what i’ve found is when you invite the community to be part of being creative, they bring inside you, that you didn’t know that they had, and often those things can actually be used to infuse organization with new life. So yeah, bring in, bring in creativity from people that already you’re sitting at those meetings with you for sure, and we’ll see another side of people. Yeah, absolutely. It may not be poetry. I don’t know. It might be a song. It might be a guitar that they play someone’s a drummer. Someone has a poem and someone else plays behind them. I mean, the the options are endless when you bring in creativity in new ways. You mentioned opportunity collaboration, which is very collaborative and that’s where we met just like a month or so ago. Six weeks ago. Roughly. Yeah, in mexico? Yeah, and i run there open mike every year. And i talked teo jury in aunt over the team that put it on every year. And they said that one of the reasons why they like having the open mic is that it brings collaboration in a new way on people rave about it because they get to see those different sides of people. Also, something that i’ve often said is, you know, if you meet me and we talked for five minutes, you might find out that i live in boston or that i run strength of doves you’re not going to know intimate details of my life if you see me perform in an open mic, you know how hard it was to start my business, you know, personal details about losses that i’ve been through, and we connect in a deeper way, and then collaboration is richer because we care about each other as people, not just a cz business partners in a collaborative, collaborative setting, listening to drive, we learned some very intimate details about your dad’s death. Okay, very energizing, right? Well, let’s, go out for a break when we come back listen, i’m going to continue, of course, talking about getting creative. We’ll have live listener, love, et cetera. Stay with us. You’re tuned to non-profit radio. Tony martignetti also hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a quick ten minute burst of fund-raising insights, published once a month. Tony’s guests are expert in crowdfunding, mobile giving event fund-raising direct mail and donor cultivation. Really, all the fund-raising issues that make you wonder, am i doing this right? Is there a better way there is? Find the fund-raising fundamentals archive it. Tony martignetti dot com that’s marketmesuite n e t t i remember there’s, a g before the end, thousands of listeners have subscribed on itunes. You can also learn maura, the chronicle website philanthropy dot com fund-raising fundamentals the better way. Welcome back to big non-profit ideas for the other ninety five percent live listener love got st louis, missouri, brooklyn, new york and new york, new york new york’s checking in excellent lovett i’ve listener love yes, let’s go abroad always have very loyal seoul, south korea of listeners. Remarkable. I don’t know if it’s the same person all the time where people it’s multiple multiple in seoul, anya haserot for mexico city, very close to where lissa and i first met because we were in x top a at the opportunity collaboration we were talking about mexico city. Welcome live listen her love to you. What can i do? Keitel look, it’ll there was my thank you anytime and also in japan, tokyo and osaka checking in konnichi wa live listener loved all of our live listeners, and of course, we never forget affiliate affections for our multiple many am fm stations throughout the country. Affections if you’re listening on the terrestrial stations and, oh that’s, ah, terrestrial affection! I gotta work on that there’s something there and station affection, terrestrial and also podcast pleasantries never forget the podcast listeners over ten thousand i’m painting houses, washing dishes, whatever. It is you’re doing as you listen. Pleasantries to the podcast audience. Okay, listen. Thank you for helping. Yeah, now i have tried it with any time. Spanish mexico city that’s. Why? I like opportunity collaboration because i get to be i get to speak spanish more than i do on my regular day to day life. Do you do to poetry in spanish? I have a couple of lines in spanish in my poems. Everyone smile in my international women’s day poem. I talk about the venezuelan constitution, so i say constitutent dahna venezuela, but i typically i like there’s a line about using spanish because i’m not of dissent. That is latin at all, so i’m careful about how okay? You know what, that’s a much larger conversation about appropriation. And don’t betray yourself appropriately. You would feel yes, exactly. Um all right. So, let’s, keep talking about eso these internal. This idea of board meetings? Yes. Now i have had a lot of guests recommend. In fact, one michael davidson was just last last week recommending having people who are benefiting from your services come and deliver a presentation at every board meeting. So they are sharing. Fashion their tears about how your organization save their lives, improve their life, you know, maybe there’s some creativity there, you could ask someone like that toe do a performance instead of just read some paragraphs. Yeah, so one thing that i think is really important to note is, especially with organizations that are working organisations working with youth tons toe already think about maybe creativity, poetry, open mikes. It doesn’t only need to be youth there’s a lot of opportunity to do some writing workshops in any demographic i really believe, and if you’re producing content like that, you can have someone come in. It also, though, gives the opportunity to let’s say, you’re an organization a non-profit that’s working outside of the united states, but your board is primarily in the united states. If you do a writing project with the people that you’re working with on the ground and you bring back some of those writing samples and they’re available on the table during the board meeting during the coffee break, that’s the kind of thing that people in your board can look at even if you don’t have time to be reading their material or having a guest come into the actual board meeting. Okay? I mean, even in that case, you could have maybe someone who’s trained reading those store absolutely a voice artists or something like that fresh rather than just the one dimensional reading painting with a broad what else? Any other ideas? You know, the internal internal creativity as well? One thing that comes to mind is, you know, every organization faces kind of pain points, things that they’re struggling with. There are a lot of conversations now around diversity. And how do you talk about diversity within organizations? There are other challenges the leadership changes that happen or, you know, anything that happens internally. I really think that that organization should think about looking to more creative ways of having conversations around those tough things. Later on in the show got ilsen nasco mrs who the really amazing poet with the dialogue arts project, is going to be reading a poem on air and their organization will come in and do a full training, and they use spoken word poetry at the top of the training to get everyone’s kind of juices flowing. And then they do trainings around diversity around. Pain points within organization, so for those organizations that are going through maybe a transitionary moment or need some kind of a different training instead of just checking the box with, oh, we talked about diversity think about looking for creative resources that are out there to bring into those training’s you’ll have a better experience and your staff won’t feel like you’re just checking the diversity box, which i think is really important. Am i out of touch if i keep saying poets instead of spoken word artist? No, no, i have i missed twenty fifty by mr change of century, i think. First, i think the biggest distinction that often happens is a slam poet versus a spoken word poet. Slam poetry is a form of spoken word. It’s a competitive style of spoken word at least that’s the way i distinguish. But yeah, spoken reports are definitely poets the way that i think about it and this definition is different depending on who you talk to is spoken word or performance. Poetry is performed from, like the tip of your pinkie toe to the tip of your finger out the top of your head and you can also be a written poet that is publishing books as well. You’re also thinking about how am i presenting this poem beyond the page and that’s? Kind of what a spoken word are a performance poet is doing in my definition of it. Okay, so so if i say a spoken word artist. Yeah. That’s that’s what? I mean, that could be the same as poet or official versus slam performer. Yes, exactly. Slam is competitive. Yeah. How did americans turned poetry into a competition sport? Well, it’s gotten a lot more people paying attention to it. That’s for sure. So hey, that’s, it started. It originated in chicago. A guy named mark smith who is a construction worker, and then here in new york. There’s the moth that’s like storytelling. There’s also the nia recon is another location that does poetry slams you’re american. Say it one more time in new york weekend. Okay, mahogany brown is a poet. She’s actually on our roster. And she’s, an amazing poet who hosts their poetry, slams their team when you compete against their team. You come prepared, let me tell you. Okay. New york has some great poets. Okay, now, what’s. Your background you have. Ah, what is this? Oh, so social around? Yeah. How did you get into poetry? I started doing open mikes in college after i lost my dad and i went through two and a half years where i lost seven people in my life. And this is a lot of grief and poetry was the only thing that could really motivate me to get out of bed and go to things. I was running the open mic group on my college campus and then actually turned down the opportunity to apply for a fulltime social work job to figure out how more of these amazing social change poets could be earning a living from their poetry. And now we have strength of doves where we put poets in performance opportunities and workshop opportunities toe to really bring this to kind of communities that haven’t necessarily thought about spoken word. Poetry is a tool because it really is a tool. And the other thing i’ll say is the reason i think spoken word in particular, i think all forms of art are important and open up our brains in new ways spoken word is extremely accessible, so a really strong spoken word artist, in my opinion, is using poetry and using language in a way that someone who’s maybe never thought that they liked poetry or never thought of themselves as a creative person before can now access a really creative art form and begin to open up the idea from themselves that, hey, maybe i could write, or maybe i can open up this creative things, but what do we say to the people whose eyes glaze over? Oh, poetry it so it’s beyond may i don’t get it? Yeah, you know, it just doesn’t reach me. Listen, tio, watch two videos on button poetry or go search dialogue, arts project poets, strength of doves, poets i really have never seen it happen where someone said, i don’t like poetry on. When it’s exposed teo a couple of videos and said, i still don’t like poetry, it’s just not what you’re thinking of when you think of poetry. If you had a boring english class on poetry, poetry does not need to be born, i promise. Give me a subject that you like, email me a subject you like and i will send back a poem. That you will like about that subject. Okay. Do you want to show your email? Oh, yeah. It’s lyssa at strength of does dot com. Okay, listen, l i s s yes, challenge me. I guarantee i will be able to draw you in with someone else’s problems. Okay, cool. Let’s go outside. Our organizations have a like a mirror. So before we bring in carlos yeah. Conferences, galas, gallant fund-raising events. Why are fund-raising event so boring? I’m sorry if i’m offending anyone out there, but i just think we need to address this. So these gallows where you have a dinner, any of a bunch of speeches and so there’s a moment at a lot of these events where, you know, people are eating dinner and kind of talking to each other, and then you want to get everyone’s attention. So someone clicks on a glass, someone in charge of the organization says, welcome, everyone kind of turns their attention begrudgingly to the stage, and then they’re a bunch of speeches sometimes there’s really fascinating stuff in those speeches, but we’re not really our attention isn’t necessarily drawn immediately to the stage. The person sending welcome welcome zoho please hide me. I want to hear my gladstone brandraise oversignt neo-sage chimes. If you’re in a fancy paint bonem bungalow exactly. So it’s dead? I think everyone should try finding a spoken word poet and putting them on that stage. That’s, the way you get people’s attention don’t even say welcome like we just opened our secondly, just drive a trip or journey in a car really loud, really punchy everyone’s going to turn to you if you want to go a step further, you can hire a poet to write a commission to poem about your organization, and now in three minutes you’ve explained everything you’re doing. You’ve got everyone’s attention and you just invested all this money and all this time and creating this event. Don’t you want to vent the people going to talk about after the fact they’re going to be more likely to talk about it? If it’s different bringing a poet if you don’t for some reason believe, listen with all their energy and zeeland enthusiasm, think about what happened in beginning this segment we threw you in with lissa was completely different different format you said you turned into well. What is? That that’s, the only way latto college, did it with their market radcampaign recently. All right, we got carlos andres gomez, award winning poet member of the dialogue arts project, on twitter, he’s at carlos. A g live. Is there anything you want to introduce before before carlos carlos, let me say, just say, welcome, welcome to the show so much. Tony thinks my brother, carlos i’s, anything you want to say, i just want for everyone out there. That’s not, you know, always listening to spoken word. This is such an amazing opportunity. Godless is kind of a titan in the community and just does really amazing work, using poetry to have really important conversations. Carlos, please. Thank you so much. This poem is called tense. I’m holding my friend gino’s hands and asking the army recruiter for more information about the marines. Please, i say he fits with his cufflinks, pause it, his necklace through his shirt drags the back of his hand across the close shaven sand paper of his chin. Gino is staring him down through the island. Artie wears like a middle finger. We watched a stranger caught between the train movements of a machine and the churn butter in his body. Just like mine. Two months before, when i said, hell no toe a trip to the gay club, i just don’t want to leave and he went on it be like colonizing the space, i said which sounds a lot better than i’m uncomfortable i wouldn’t know how to stand what do i do if a song i like come on in zambia i walked the dirt roads of a slum my pinky finger intimately wraps around the smallest digit of the most infamous guy on the block. He was my friend. It is how friends walked the streets there. When i greet my iranian friend’s father, we embrace chief twice in thailand. My host casually patted my leg the first family dinner, i nearly jumped out the window, thinking he was reaching for something else. Everyone laughed, probably confused as to why this strange foreigner had been trained to be so foreign to the gentle touch of a man, a passer by give me and gino matching name i tongue the word around in my mouth. Feel the tender sting, make a home in my torso, stare at the word brotherhood splayed across the camouflage banner. The recruiter stares down the table, and though it holds the secret code to life’s, great questions, it’s corrected, stutter and suddenly overcompensating stands blend into the decorations behind. So much so that i can barely even tell he is still there. He pretended, if we are not, begin sorting and then re sorting the three lonely pamphlets dwarfed by the large rectangular table where they now six boys. Please. I’m just doing my job. His mouth bag in a voice so small and so human. It makes me feel like i have just blurted out a secret. This man has given his life to guard like freedom. Carlos andres gomez! Carlos, thank you so much. Thanks, carlos. Thank you so much. Let’s. Send tony. I don’t know why i have watery eyes. I just first listen, you know, i would need to think about it more, but but it moved me because i do so that’s. The kind of thing that dialogue arts project works. I would start with wood with poems to kind of open up a new space in everyone’s head and kind of i mean, the energy, even in this room, while we’re listening here in the studio just calms down. And there’s, you can start having conversations about your own experiences that can lead into deeper conversations for more shared understanding within your organization. Carlos, we have just like, a minute and a half or so. Do you want to share anything about that? About the poem? Yeah, sure. I mean, i was, i think, there’s there’s. So much to be there’s. Someone is so easy to have a very, i think superficial, topical conversation. If we if we wantto engage someone about gender or sexuality or any of these huge hot button issues or topics or anything related to identity and i think the biggest thing that dialogue arts project believes is that using personal narrative and using something artistic as a medium for that personal narrative that is the most that is the most, i think dynamic way to enter a conversation, because that that home, the true story, right about me walking down the main walk with the university of pennsylvania and i think me telling that story. It immediately invites other people that share stories in a way that that i think invites people into a vulnerable space, as opposed to having an intellectual discussion that doesn’t have any stakes involved and ultimately is not a meaningful conversation. Carlos on, listen, we have to leave it there. Excellent regardless, thank you so much. Thank you so much for sharing. Thank you, much less a piercy cofounder, executive director at strength of doves, its strength of doves, dot com and again on twitter, she’s at lissa poet thank you, thank you, thanks a lot. Coming up, secure your donordigital first pursuant, they reached out to me today to renew their sponsorship, like two months early, before i had even asked the email says their leadership is pleased with the partnership, and that gives me two thoughts. First, you need to check out their fund-raising tools because they are perfect for small and midsize non-profits pursuant, dot com is where they are. Second, if you want a partnership with non-profit radio let’s talk, i get results for sponsors now. It’s time for tony’s, take two my video this week is five minute marketing for planned e-giving it’s, a tiny piece of a ninety minute program that’s packed with easy and smart marketing strategies around planned e-giving if you want the teaser video it’s at tony martignetti dot com, if you want me to deliver the full program to train your office or conference audience, let’s talk that’s tony’s take two for friday, twentieth of november forty fourth show of the year. Scott koegler is the editor of non-profit technology news and used to be our technology contributor. He was there from the beginning for a long time. They’re at n p tech news dot com and he’s at scott koegler on twitter from the december six twenty thirteen show here is secure your donor. We’re talking about safeguarding your donordigital what are the, uh, what of the potential risks here if donordigital is compromised? Well, there’s a lot of actually tony and what’s, probably the biggest one is that not just the beta is stolen, but the information about your donors is compromised and that’s something that has made a whole lot of headlines recently well, over the last few years, actually, um about, you know, different different companies having having their data breached, having there credit card information, solan and now people losing, losing the privacy of the credit information identity theft by another word. So there are implications that are certainly public relations you don’t want to be, you know, it may not be a headline if you’re a smaller midsize shop, but you can have a public relations problem among your donors and volunteers without it being in the headlines. There’s legal implications and you couldn’t even have, like some financial problems mean, if people if it comes to the point of people suing you, are you having to pay for damages? Definitely, definitely. You know that i moved to south carolina recently, and last year i think it was earlier this year, actually, the the the state government website was breached. And supposedly all of the information that that anyone who has filed tax returns in the state oh, my goodness. Stolen. So, you know, i mean that’s bad enough. I haven’t actually heard of anyone who was, you know, was affected by having their identities stolen. But what happened was that the state, aside from the, you know, the political and and other kinds of just, you know, general discussion about how things were handled badly, they had to offer a free subscription service to an identity theft, monitoring service to literally everyone in the state. Oh, my and a couple people. And so on, top of on top of having to rebuild their infrastructure and, you know, tighten down their security. Um, you know, they have that financial burden, but, you know, just added something. So yeah, financial consequences definitely did this stuff the car during the five days when governor mark sanford was off with his girlfriend in in argentina, is that when that happened, it could have i don’t know, i you know, it could have been an argentinean internet connection. I’m good provoc story on he’s reputation has since been rehabilitated because he was he was elected. Tio what the house of representatives, i think for for south carolina? I think so. Although i have to i have to admit that i haven’t really followed much of the south carolinian political situation, even though i should have. Okay, well, you’re you’re new resident. Well, i am your break now did vote so i guess it’s good. What part of the problem with identity theft, though, is that people the bad people don’t use the data right away because they know that everybody who’s data was compromised is eyes on the lookout, but they’ll wait. I mean, they’ll wait three for five years and use the data then when your date of birth and social security number haven’t changed and maybe even your address hasn’t changed. And and by then people are not on the lookout for the for the theft because it’s been so many years since it occurred. Exactly exactly, and then it’s also hard to track down where that breach came from, because if it wass, for instance, of small provider, small company or a small non-profit they got they got breached? Uh, may not have been reported, right? Not everybody owns up to it, and actually not everybody actually knows that they’ve been breached. Right? Rights, it’s not in the hacker’s. Best interest to notify anyone that had that great yeah, yeah, now it gets it gets discovered by some audit. Or maybe the hackers will sloppy or something like that, but yeah, i’m sure there are lot of instances where organizations don’t even know that it’s happened. All right, all right. So if we’re going to protect our donor data, what do we need to be thinking about first? Well, the first thing is pretty obvious stuff is that, you know, if you don’t need the information, don’t keep it, don’t collect it, don’t get it one of the pieces of information, of course, that that non-profits do want whose credit card information, uh, and some sites you know, amazon in particular, and pretty much any e commerce site collect credit card information and then there’s a convenience to the chopper. The store that information? Yes. And, you know, it’s convenient and in a situation like amazon, people may go back there and by things you know, almost daily, and so in that case, it really is a convenience, so you don’t want to. I don’t want to keep entering my my credit card information every time i buy something for non-profit that that, um the frequency is probably significantly less than what amazon gets, and we would certainly hope it’s more frequent, but reality is they’re probably talking about a few times a year at the most. Yes, so in those cases, um allow the credit card information to the energy you sure that’s over a secure line and that’s here’s a jug and peace for https that’s uh uh that’s the secure website connections that links the website that someone’s feeling to the with a back end server store some reason, scott, i know that http is hypertext transfer protocol, right? And then i believe the asas a few yeses for secure. Okay, sorry, sorry. Nobody cares about nobody cares. Um, so and that part right there just means that someone monitoring are tapping into the line isn’t just catching the data while it’s streaming by them on dh collecting it that way, that’s the first line of security. But the second one news, you know, use the information, make the transaction, get the get the donation into the bank account, and then just don’t record the credit card information. And just by doing that, you’ll probably solve. I’m going to say at least fifty percent of the of the problems that a data breach can cause for constituents for donors. There’s other information that would fall into those to that category, i’m thinking, like date of birth, social security number, even even address? Yeah, address an email. I mean, you don’t want those to be compromised. Yeah, here’s an interesting piece of security information. Did you know if you have a person’s first name date of birth and their zip code, you can find out through there first name, date of birth and zip code that’s enough to identify? Yeah, yeah, that makes sense. We wouldn’t you? Yeah, when you say it, it makes sense, but somebody wouldn’t think that those if you’re not, if you’re not in a security role, you wouldn’t realize that those three things can be really damaging and you could find everything about those. So i mean, date of birth, i mean, probably non-profits don’t have to save date of birth, right? Date of birth, you know, probably they probably do need address information in order to send maybe a ten, ninety nine, you know, donation form at the end of the right, right? But certainly so security number is not necessary. I don’t think that’s required for ten, ninety nine. Well, non-profits aren’t sending ten, ninety nine’s. They’re just sending they’re just sending acknowledgement letters. Okay, so, yeah, ten. Ninety nine’s that’s for contractors. So so it wouldn’t you wouldn’t need it. It wouldn’t need you would not need it for donors. All right, but so there’s there’s information that we should save. But we should look scrupulously at what we are actually preserving is the point. Okay, what you need and don’t even ask for what you don’t need. And those things that you do need no dahna on a short term basis, like credit card information. Just believe it. Okay, okay. There’s still information that you need and there’s information that you want to keep. You want to keep the name, the donation history, maybe their activities. You may want to. Keep their their their address, and they want it. Particularly if you do send out snail mail kinds of information. You know, newsletters do still go by on paper. Uh, okay. And so there is information that you want and here’s, one of the ways that south carolina system was breached tonight, if they could have avoided the entire disaster with the effects of the disaster. Maybe not from a public relations standpoint, but from the effect on its citizens. By encrypting the data with health so well, where he talked about, you know, using a secure internet connection tps. And that applies and encryption to all of the information going across the internet wire. But once it reaches the program that stores the data, um, you know, that data is stored in a database, and the database is usually, um, pretty transparent. In other words, you can open the database. Look at the information and it’s you know, it’s in english. It’s in what’s, commonly called clear text. So it’s, you know, you can look at it with a human being can read it and understand it. Um and i know it’s easy and it’s the way that things are stored most of time. Um, what south carolina did not do. And actually, a couple of others didn’t dio notable ones are adobe and link them okay? Not small names and people that you would think would know better. They did not oppcoll the contents of the database. So what that means is if the data is not encrypted, hacker gets in, they download the database and they can use it’s all visible in clear text. Okay. Okay. All right. So so the data that we do store, we should consider encryption, right? Absolutely. Absolutely. Encryptions pretty easy. Most databases have it as a non option. You could just, you know, take a box and bingo. It’s all encrypted. So we have to also consider where this data is safe, right? It’s? Lots of different places and including portables. Right? Um, sure. Cellphones get lost, laptops gets stolen, all those kind of things happen. Uh, i don’t know that. There’s an additional answer there. I mean, certainly you can password protected cell phones and laptops, but typically people don’t do that. Yeah, well, we’re going to get to policies that that they should be doing so, but they’re also the data is on servers. In your and hopefully your server closet is secure. I’ve seen a lot of servers that including businesses, small businesses where, you know, it’s in a like a ah whole janitorial closet or something up on a shelf. Definitely not secure it all, but data can also be in the cloud exactly that it could be in the cloud. And it’s kind of a counterintuitive. I’ll just give you my personal take on this. I think on. I believe that data is stored in a all right. You know, properly created cloud environment. It was much more secure than something that’s residing in your server. Uh, at your office. Okay, what did i tell you? Why? You know, first of all, servers in officers are managed by by people in those offices, typically and except for, you know, very large, non-profits most of those people are not, um, it’s, not a full time job to manage the security of the server right there doing other things. They have a full time job for a part time job and a piece of a part of a tiny portion of that time you maybe to make a back-up with the server on the other hand, cloud based systems, it is business it’s only business. Not only are the, uh, typically bound by terms and conditions of the contract with that you have with them to protect your data if they’re breached, uh, rage stands to lose their entire business just from the bad p r so it’s in their best interests to keep their, you know, their customers, clients, data secure, you know, they those kinds of environments, too, support the https secure connections they do typically encrypt the data. I’m not saying you don’t need to check those things, but i do believe that it’s, no overall, safer environment, leave it in the hands of the professionals. Okay, we have we have to go away for a couple minutes when we come back. Scott. Now, keep talking about safeguarding your donordigital. We’ll get into some of the policies that you should have. Stay with us. Like what you’re hearing a non-profit radio tony’s got more on youtube, you’ll find clips from stand up comedy tv spots and exclusive interviews catch guests like seth gordon, craig newmark, the founder of craigslist marquis of eco enterprises, charles best from donors choose dot org’s aria finger do something that worked and they only levine from new york universities heimans center on philantech tony tweets to he finds the best content from the most knowledgeable, interesting people in and around non-profits to share on his stream. If you have valuable info, he wants to re tweet you during the show. You can join the conversation on twitter using hashtag non-profit radio twitter is an easy way to reach tony he’s at tony martignetti narasimhan t i g e n e t t i remember there’s a g before the end he hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a short monthly show devoted to getting over your fund-raising hartals just like non-profit radio, toni talks to leading thinkers, experts and cool people with great ideas. As one fan said, tony picks their brains and i don’t have to leave my office fund-raising fundamentals was recently dubbed the most helpful non-profit podcast you have ever heard, you can also join the conversation on facebook, where you can ask questions before or after the show. The guests are there, too. Get insider show alerts by email, tony tells you who’s on each week and always includes link so that you can contact guests directly. To sign up, visit the facebook page for tony martignetti dot com. I’m dana ostomel, ceo of deposit, a gift. And you’re listening to tony martignetti non-profit radio. Big non-profit ideas for the other ninety five percent. All right, scott, we know what data we’ve got and what we need to save and not save way we know where the data is stored, what kind of policies should we have in place? Yes, well, as you mentioned, it’s it’s a good thing to have a policy that says, you know, you need to secure your devices with a password so that every time you use that needs to be long, then, um, in my experience that that may work in corporate environments where the item shop has the ability to actually manage the devices that were used by their brother employees, but in an environment that says generally as loose as a non-profit becomes pretty difficult to force for one thing, you know, you’re your volunteers may already have bones that are being managed by their brother employers, so we got a conflict in that in that area, i’m still it’s a good thing to do. Um, certainly you want to be sure that the staff isn’t writing things down on pieces of paper, so if they are recording things, they are being recorded in a digital format in a secure form that so that whatever protections are being enforced in the room that digital connection are being used. They may not be one hundred percent, but it’s better than nothing for sure. We should also have policy around who has access to different pieces of data, absolutely. And that has to do with the, uh, the applications that you’re using to store your information some of the more simplistic applications, for instance, locally, you know, homemade databases, spreadsheets, things like that have very limited security options, right? Most of the most of the non-profit applications that are available commercially, i have what they call multi level rules so you can define a roll of manager out of the data entry work no, no hosting, volunteer and different kinds of rules like that in each one of those can have different levels of access to information. So somebody who’s carrying around a tablet that in the event registering people for the event, they only have access to the data entry function for that piece, it certainly would not have access two historical e-giving and other other information has already been recorded when i go teo cem, clients on i’m using their database there’s data that i can’t see? Social security number. For instance, i i can see that it’s preserved, but all i see in that field is a bunch of stars. Date of birth, i think is another one. Or maybe i see the year, but not the day in the month. Something like that. So there there are there are data, ways of preserving and i log on to that database so it knows who i am and what level of access i have. Exactly. When i was, that reminds me of when i was in the air force, i had i had top secret clearance. And then beyond top secret, there was something called psyop. Yes, i which wass was those top secret? T s psyop was the single integrated operating plan. And then, yes, i was for extra sensitive information. So you could have t s and then you could go beyond that, and then beyond that. And then there’s, you know, obviously there people who had hyre levels of security clearance beyond me. But i had top secret c i a p ece. Anyway, uh, so just just exactly as you told me that. Tony, you kill me, right? Right now. There. Are other reasons i need to kill you. Is that another doing? Just revealed. Okay. All right. So the software can help us. All right. So this is part of our policies is who who has access to what? On a need to know basis, right? That’s, basically, what do you need to know? To do your job? Sabat. Exactly. And there’s one two things i’ll bring up here one is that, you know most well, most a lot of instances of breach come from not getting rid of logging access. That is not necessary any longer. So someone leaves the organization. The very first thing that should be done is that loggins should be deactivated. Deleted whatever. Yes, at the very least. Password changed. But there are lots of, uh, lots of instances where that wasn’t done immediately. And the data, you know, goes away and let’s face it. No, it it’s not just a friendly departure. That person is more likely to take action immediately than they are, you know, months down the road. So quick action is is really, uh, you know the right thing to do. Let’s, talk a little about insurance. There’s, there’s, cyber insurance. There is dahna and, you know, i haven’t really looked at the prices for those, but i’m sure that that very is based on the amount of information, the value of your database, all those kind of things, but i would say that most of the large insurance company i’m looking at the hartford and shove, for instance, they offer what’s called a data breach insurance, uh, which is exactly what we’re talking about here. It’s protection against losses, protection against lawsuits from, uh, problems occurring based on the loss liability, all those kind of things i would say it’s definitely something we’re looking into. And of course, you know, hindsight will always tell you that you should have done it. But, you know, pryce will make that determination for you, okay? We’re not holding you to the standards of oven insurance broker, so you don’t need to know the price, but but important for people to know that it exists and and as you suggested, you know, if you have a bad person, maybe they left on bad terms or maybe they’re still working for you, and they just have some bad intentions no policy is going to prevent them from getting what they want if they’re if they’re industrious enough like and an interesting statistic. Seventy five percent of a raw data fresh and i’m talking well, i guess it could be called hacking, but david left, this use of data happens internally of that seventy five percent, fifty percent of it is from physical, just physically copying the data onto a thumb drive. Or, you know, some other ceo or something like that. So it really, you know, most of what’s gonna happen is really gonna happen within the organization. That’s frightening and this heartening unfortunately true. You’re a former ceo, right? Chief information officer, chief technology officer on the corporate side. What? What more do you want to impart? I haven’t asked you about, uh, lock the doors. That’s that’s probably the biggest and most difficult thing that we had to contend with making sure that the facility is secure. Now those when i was doing that, cloud computing was really not a big issue. So locking the doors, you know, for a crowd environment doesn’t really does it really work? That said, we are still there’s still paper records that your store in provoc hammocks and almost any organization and locking doors were locking the file cabinets or some other way, securing access against the paper records. Still it’s still the right thing to do, and we’ll we’ll avoid some of the day the press that we’re talking about. Yes, excellent. We’ve been talking about digitised data, but there’s still lots of paper records and just simple locks on a file cabinet on blocks on doors, andan that server door that you know that those hallway closet servers that i see where it’s the maintenance you know, it’s it’s above the slop sink that’s crazy frank, that is one one other issue that i’ll talk about and that is what’s called social engineering and has nothing to do with data. Uh, it’s it’s really old fashioned and involved. Usually telephone, but it could be personal approaching face-to-face. Okay, you know, we talked about the three pieces of information that will lead to someone really knowing who you are, right? Uh, first name, date of birth and your zip code. You may not say all those things to the same person at the same time, but social engineering involves people making phone calls into an organization. Talking to different people and pulling different pieces of information from those different people and then assembling those outside so they’re pretty easy to, you know, called secretary and they, you know, i’m trying to get the thie owners birthday gift, you know what? They were on dh, you know, by the way, you know, at another person calls in to another person in the organization and says, you know what? Town today with them mean, now there you go, right there, three piece of information, yes. Wow. That’s okay, those air bad there’s a bad actors, but but but if somebody wants it, they can they can put it together over time. And andi, even if even a small organization, even if there aren’t that many people, if they can call they could do it over time, they can have a have ah, accomplice maybe helping. So one time it’s a man a couple weeks later, it’s a woman asked in different things, your office isn’t going to protect against that exactly. Then we’re not as people, we’re not wired to think, you know, in that kind of devious way to protect ourselves. Okay? All right. All the more. Reason for thinking about this thing about cyber insurance, i think, exactly, exactly all right next week, there’s no live show affiliates. I will have a show for you, but i don’t know which one. Yet more important than that. I hope you enjoy your thanksgiving time for family and friends over a long holiday weekend. Enjoy. If you missed any part of today’s show, find it on tony martignetti dot com. Where in the world else would you go responsive by pursuant online tools for small and midsize non-profits whatever type of work you do to improve our world pursuant dot com, our creative producer is claire miree off. Janice taylor is today’s line producer gavin doll is our am and fm outreach director. Welcome gavin doing an outstanding job. The show’s social media is by diner russell, while susan chavez is on maternity leave she’s having a little baby today. Congratulations, susan. Our music is by scott stein with me next week be with me next week for non-profit radio big non-profit ideas for the other ninety five percent go out and be great. What’s not to love about non-profit radio tony gets the best guests check this out from seth godin this’s the first revolution since tv nineteen fifty and henry ford nineteen twenty it’s the revolution of our lifetime here’s a smart, simple idea from craigslist founder craig newmark yeah insights, orn presentation or anything? People don’t really need the fancy stuff they need something which is simple and fast. When’s the best time to post on facebook facebook’s andrew noise nose at traffic is at an all time hyre on nine a m or eight pm so that’s when you should be posting your most meaningful post here’s aria finger ceo of do something dot or ge young people are not going to be involved in social change if it’s boring and they don’t see the impact of what they’re doing. So you got to make it fun and applicable to these young people look so otherwise a fifteen and sixteen year old they have better things to dio they have xbox, they have tv, they have their cell phones. Amador is the founder of idealised took two or three years for foundation staff to sort of dane toe add an email address card. It was like it was phone. This email thing is fired-up that’s why should i give it away? Charles best founded donors choose dot or ge somehow they’ve gotten in touch kind of off line as it were on dno, two exchanges of brownies and visits and physical gift mark echo is the founder and ceo of eco enterprises. You may be wearing his hoodies and shirts. Tony talked to him. Yeah, you know, i just i’m a big believer that’s not what you make in life. It sze, you know, tell you make people feel this is public radio host majora carter. Innovation is in the power of understanding that you don’t just do it. You put money on a situation expected to hell. You put money in a situation and invested and expected to grow and savvy advice for success from eric sacristan. What separates those who achieve from those who do not is in direct proportion to one’s ability to ask others for help. The smartest experts and leading thinkers air on tony martignetti non-profit radio big non-profit ideas for the other ninety five percent.