Tag Archives: security

Nonprofit Radio for December 9, 2016: Leveraging Expert Or Tech Volunteers & 7 IT Security Pitfalls

Big Nonprofit Ideas for the Other 95%

I love our sponsors!

Do you want to find more prospects & raise more money? Pursuant is a full-service fundraising agency, leveraging data & technology.

It’s not your 7th grade spelling bee! We Bee Spelling produces charity fundraiser spelling bees with stand-up comedy, live music & dance. It’s all in the video!

Get Nonprofit Radio insider alerts!

Listen Live or Archive:

 

My Guests:

Steve Heye, Erin Dieterich, & Princessa Bourelly: Leveraging Expert Or Tech Volunteers

(L to R) Steve Heye, Erin Dieterich & Princessa Bourelly

We’ve got what you need to know about managing volunteers with special expertise. Where do you find them? What about screening and scoping? Our panel is Steve Heye and Erin Dieterich from NetSuite and Princessa Bourelly from Juma Ventures. (Recorded at the 2016 Nonprofit Technology Conference)

 

 

 

Leon Wilson & Dan Rivas: 7 IT Security Pitfalls

(L to R) Leon Wilson & Dan Rivas at 16NTC

Not sexy but very important. Leon Wilson from The Cleveland Foundation and Dan Rivas from Idealware walk you through bad habits that you need to change so you don’t put your precious data at risk. (Also from the 2016 NTC)

 

 


Top Trends. Sound Advice. Lively Conversation.

You’re on the air and on target as I delve into the big issues facing your nonprofit—and your career.

If you have big dreams but an average budget, tune in to Tony Martignetti Nonprofit Radio.

I interview the best in the business on every topic from board relations, fundraising, social media and compliance, to technology, accounting, volunteer management, finance, marketing and beyond. Always with you in mind.

Get Nonprofit Radio insider alerts!

Sponsored by:

Vertical_Color
View Full Transcript

Transcript for 318_tony_martignetti_nonprofit_radio_20161209.mp3

Processed on: 2018-11-11T23:37:45.001Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2016…12…318_tony_martignetti_nonprofit_radio_20161209.mp3.676684126.json
Path to text: transcripts/2016/12/318_tony_martignetti_nonprofit_radio_20161209.txt

Okay. Hello and welcome to tony martignetti non-profit radio big non-profit ideas for the other ninety five percent on the aptly named host we have a listener of the week, young non-profit professionals network of milwaukee hello, milwaukee! They tweeted learning about non-profit excellence listening to tony martignetti non-profit radio end quote excellence love that thank you so much for that. Plus they’re very loyal re tweeters. Thanks for that also, i’m glad you found us. Thanks so much for listening for loving non-profit radio. I’m glad we’re helping your important work. Young non-profit professionals network of milwaukee they’re at and why p n m e congratulations on being our listener of the week. Oh, i’m glad you’re with me. I’d suffer with bracket nathalia if i had to speak the words you missed today’s show leveraging expert or tech volunteers we’ve got what you need to know about managing volunteers with special expertise. Where do you find them? What about screening and scoping their work? Our panel is steve hi and aaron dietrich from net sweet and princessa bourelly from juma ventures that was recorded at the twenty sixteen non-profit technology conference. Are you signed up for twenty seventeen? You? Need to and seven security pitfalls not sexy but very important leon wilson from the cleveland foundation and dan revis from idealware walk you through bad habits that you need to change so you don’t put your precious data at risk. That’s also from the twenty sixteen and tc. Sign it for twenty seventeen on today’s. Tony, take two your trump challenge reduction director’s cut. We’re sponsored by pursuing full service fund-raising data driven and technology enabled, you’ll raise more money pursuant dot com, and by we be spelling supercool spelling bee fundraisers we be spelling dot com here is leveraging expert or tech volunteers from the twenty sixteen and tc. Welcome to tony martignetti non-profit radio coverage of sixteen auntie si non-profit technology conference in san jose, california. This is also part of ntcdinosaur stations my guests now are steve, hi, aaron dietrich and princessa bourelly let’s meet them. They’re seminar topic is leveraging expert or technical volunteers. Steve is solution consultant for net suite, and next to him is erin aaron dietrich, director of corporate citizenship, and princessa bourelly director of finance at juma ventures. Steve aaron princessa welcome, thank you. You’re very welcome welcome to non-profit radio. Just indulge me for a moment while i highlight our swag item for this interview, which is from black mesh. Everything is in black there’s. A very high gloss notebook with a calendar at the end. And we have a usb drive. Flash driver should tell you flash drive and, uh, upend your basic basic pen. And this goes into our are you our swag pile for the day, which is right here. Awesome. Third for the for the people, for our listeners. Just have audio. Okay. There’s a difference. Hyre let’s. Steve, you explain it off off. Mike let’s, have you explain now, there’s a difference between using experts who are technical and non-technical help us with an overview of this? Sure. So the way we first started, you know, talking about this was, you know, we all have volunteers. We all understand how to work with them when we all have ideas. Part of matthew’s. Um but there is a very fundamental difference between using somebody that just wants to come in for a single day and do a single task versus somebody that has ah, very skill. A very big skillsets and indoors and expert. So you know, with probono the key is they’re coming in and they do legal work for their living, or they do finance work for their living, and they come or technology for their living, and then they want to do that for you, but do it for free. So that kind of volunteer requires a very different relationship with them because you’re allowing them to do work that will have dramatic impact on your organization and is much more critical that you understand what they’re going to be doing, how you’re going to use them and build a relationship with them. All right, erin, is it essential that these technical volunteers be supervised by other people who are technically inclined or who are technicians? So i would say it’s very important that they’re supervised the level of technology knowledge that the person who supervises has will differ at different organizations. And i think the most important thing is just that whoever’s managing thie non-profit ah project and whoever’s, the lead volunteered that they’re on the same page about what the project’s going to be, so as long as they can speak the same language and that’s probably the right skill level. But if you have a volunteer who’s very, very skilled and is speaking a language that you just don’t understand, as they described a project that projects probably not going to go well until you find somebody on your side who can speak the same language and understand what you’re getting involved in, ok, so at least that level of understanding. Okay, now princessa you’re using technical volunteers at juma ventures, we are currently using the probono through net sweet this’s a multi year and the project is going really well, and it is i have been a great experience and opportunity for juma as well as the net sweet probono to come in and offer their experience in what capacity are using technical volunteers, so they are helping us now set up our dash schwartz within the net sweet system, tio take an excel spreadsheet and be able to pull that same information out of net sweet without having to pull all of these different areas together. So it’s going to be sort of easier for us to manage to maintain. So we use their technology expertise to actually do the set up, and i managed the dashboards as well, okay. And do you have some lessons learned to share? Not necessarily. Right now, way. Have another twenty minutes together. But there’s some lessons learned about using technical volunteers. The biggest lesson that i shared today would be for us to be prepared on the non-profit side. Okay, little better preparation. So all right, well, we’ll get there. We’ll get a chance. Talk about that. Andi okay, you have some advice on finding technical volunteers. Erin, you want to start with there, start start stuff. They’re sure one of the things that we shared today in our session was that it’s important to look at who as a non-profit you’re already connected, teo. So you look at who is already, you know, from the corporate side making donations who perhaps is already a partner and look at what their core competencies are as an organization, and see if there is an alignment between their core competencies and what you need help with. If there is, it might be very easy. Next step to go back to them and say, hey, we love working with you, here’s something that were really struggling with do you think that this is something? Your team would wantto look at probono and start the relationship that way. In addition to looking at your corporate kind of connections, there are a lot of really awesome sites out there that can help you find an individual technical volunteer. So we shared a list of resource is today, but among them is the taproot foundation. Catch afire community core volunteermatch linked in latto from empower there’s a bunch community corps for man, power and power and power. Okay, where you could get you could go on there and essentially say, you know, we’ve scoped out this it’s a challenge that organizations having. Perhaps we need a new website and you can go and find volunteers who are taking their personal time after their job to to do that project for you. Okay, i’ve had the catch a fire ceo on rachel chong. Yeah, it was great a couple years, but yes, very true. Okay, is a screening is going to be important eyes? Okay, wait. So we talked a little about finding now we’ve got a prospect pool of whether it’s from real time relationships and partnerships or somewhere we found online screening. We re interview them. Right? I mean, i would think same way you’re interviewing. Ah hyre yeah, so there’s a couple, it varies a little bit. First, the amount of screening, the amount of effort that you’re going to put into the screening process depends on what the type of project that they’re going to be working on. So based on the level of impact of the project was going tohave and the risk that’s involved in this project, you’re going to want a little varying level of screening. So if it’s if it’s a project where they are like princessa talked about, they’re going to be in your financial system. They’re going to be looking at, you know, helping you, you know, adjust you although or if it’s a legal probono where your they’re reviewing contracts or they’re doing that, you’re gonna want to ah, ah, lot more screening a hell of a lot. A proprietary information, proprietary and potentially damaging. Yeah. So you want to make sure it fits in the wrong hands, right? So what do some of those, you know, nondisclosure agreement might be in place or, you know, on actual application, ask him who they worked with before. Do some background checks if it’s needed, but if it’s a vendor that you already have a long term relationship, you’re a customer with them and, you know, maybe then the barriers drop a little bit because you’ve already had a long letter longer relationship with that company and because you’re paying them and they have, you know, are already a setup established program is a little bit different on the type of screening you would do, or if you’re just having somebody build a little widget on your website, that isn’t like mission critical, then you’re screening might be a little lower because it’s it’s not like mission critical it’s not going to blow up the whole world, your world, your mission world and there isn’t a finance proprietary data right involved, but still there still going into your yeah, you still have to ensure that they have a certain level of technical expertise because they are going into the back end of your system, your coding and yeah, so i mean, asking could mess things up, right? Asking for examples of work they’ve done before who they worked with or even asking for their resume or having a full out a sample application there’s a number of things you could do just to get some simple information about them. Okay? Yeah, right to screen him. Princessa any any advice lessons learned on screening volunteers? So going through net sweet, we didn’t have to do the screening. We just we applied we the hardest part is narrowing down from this, you know, these grand scheme of ideas that we need internally narrowing that down for the next week team to then matches teo prose that could come in and have the availability to sort of target our project. Okay, so you potentially could have used more volunteers? Is that what you mean? T to other work for you? The beauty of net suite is that they offer it multiple times per year. So even though we didn’t get to address all of the projects there is, there is a possibility that we could get to it. Okay, okay, you’re tuned to non-profit radio tony martignetti also hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a quick ten minute burst of fund-raising insights published once a month. Tony’s guests are expert in crowdfunding mobile giving event fund-raising direct mail and donor cultivation. Really, all the fund-raising issues that make you wonder, am i doing this right? Is there a better way there is? Find the fund-raising fundamentals archive it. Tony martignetti dot com that’s marketmesuite n e t t i remember there’s, a g before the end, thousands of listeners have subscribed on itunes. You can also learn maura, the chronicle website, philanthropy dot com fund-raising fundamentals, the better way. Dahna the errand and steve are both nodding. So i guess you have a shot at this. All right? So instead of talking around, this remains will say, well, let’s, just have aaron, why did you describe the net sweet volunteer technical volunteer program? How this works? Sure so and nets sweet. We donate our software platform to non-profits and social enterprises, and once they start using that platform, they are eligible to apply for probono support from our global employee workforce every quarter, so at the beginning of each quarter and application goes out to non-profits they say, here are the things i need help with. And then internally at the company, we send out an email to all of our employees and say, hey, hear the things that non-profits need help with on the platform. We need your technical skills if you want to get involved, let us know, and then our team actually does the matchmaking. So were the screeners in that instance, we look at all the employees, backgrounds, we look at where they work, what time zone they’re on, what their expertise is and we put together typically teams of two to four employees who we think have the right skills to get that project done. That’s been requested. Okay. How many? How many people on your team princessa there? Ford for max. You got the mac. Okay, now, doesn’t that sweet? Havea probono requirement part of employment is you’ll spend weeks or ten percent of your time or something. Is there anything like that? So, it’s not a requirement, but all of our employees are allowed to spend twenty hours a quarter on a project probono when they get matched up so they could, you know, work it out with their manager that they apply and take on a project every single quarter of the year. But it’s not a requirement. Okay. Okay. All right. Thank you. Uh, all right. So after screening let’s, see where should we wish we go on starting to manage? We’ve nothing scope. Hoping is that we are right now on twenty martignetti non-profit radio. I have george in jail now think if this was a discussion on on hiking in the in the adirondacks, scoping, you know, would probably be pretty simple thing, understand? But in this conversation, i don’t know what scoping is. So get yourself out of jail, what is scoping? So i think the key teo a big differentiator between using an expert or technical volunteer is they will need something that tells them exactly the challenge you’re having, what you’re hoping to solve and how you want, ok, scope of the project so it’s a scope of the project, meaning that you’re going to just both sit down with a document and agree on what are the what is the challenge? We’re trying to solve one of the goals of the project and then talk through that together to figure out what the actual outcome will be. So you know it usually it starts way too big, and then you scale down into something that’s actually accomplish because that’s, one of the channels we have with expert could also employees only have up to twenty hours per quarter, right? And that zoho almost all probono helped that you get will have some sort of ah, limitation to how much help you’ll get and how long the project can last. So the real key to using a technical volunteer is having a chunk of work. That’s, containable, it’s, describable attainable and it’s something that you can easily pass to someone and have them understand. Princessa was this hard? Teo, define the scope. It was hard to narrow down internal given. I mean, you said there were other things get done, and maybe this project was even bigger than it. It could reasonably be i think i shot for the moon, ok? And they had to bring me back down. All right, so i basically put out our, you know, our primary concerns. They chose a a project that they could actually accomplish within the twenty hours. And so the difficult part is on my end, making sure that i’m providing them with the proper information to make the project six successful. Okay. Yeah. You clearly have responsibilities. Yes, a swell as they do. Okay. Okay. All right. So scoping. Yes, of course. We what do we want to see if the out at the end of this whether you know again, this supplies beyond that’s that’s sweet program, but, uh, you gotta have a scope document. Yeah. Okay. All right. Yeah. It’s hopeful about both sides. Not just for the non-profit, but also for the, you know, the probono person because the probono in person and it knows what’s expected of them. And then is mohr able to know if their skills is the right skills and if they’re able to actually achieve it, or to start to understand if it’s even impossible within the amount of time that they’re given to do it? Okay, and that they have to do to donate. Okay, all right, what comes at right now? Snack it’s, savoury snacks are being served and the announcement is being made. That is not theirs, not god. Not on. I’m diffident, it’s. Just somebody who knows that the savoury snacks are being served. That’s awesome that’s extension of a sense of his omnipotence. Chocolate snacks, including big urns of chocolate milk. Here. Then i see which i don’t know about the rest, but i kind of like talking, but it was weird to see a milk in an urn and you don’t see that very clear that they were armed with a silver top. It looks like a three gallons, three or four gallon earned. It looks like to me. Yeah, and with a little with, you know spigot on it. Okay. Okay. After scoping working with our technical volunteers. Aaron, what comes? Next what i’m really getting into the meat and potatoes of getting the project done and, you know, something that’s important to think about there is project management because sometimes you’ll get a really excited set of volunteers. And if there’s not somebody who’s responsible for keeping the project on track, as with any project you’d work on probono or not, you know, khun, go kind of off the rails or can get delayed, or people can kind of wander away, and it doesn’t get accomplished on the time that you really had set aside for it. So focusing, having that timeline, having a project manager who’s going to lead everybody through the process is really critical. But now we are working with volunteers. So where do you draw the line between? You know, team, this is you’re too slow and okay, team i understand. We understand who will will extend the timeline. You are volunteers and we don’t want to lose you because we’re twenty five percent of the way into this now, right? How did we manage that? Well, it’s a collaboration. So i think that’s one of the most important things about using technical volunteers is that it’s not like you’re saying i want this project done, go do it and let me know when it’s done it’s that you are saying, i’m going to work with you and we’re going to get this project done together, so if it starts getting delayed because of your timeline or their timeline, you’re kind of in that together and you can re adjust expectations vs if you just kind of set it and forget it, then you have no idea what’s going on on the scenes, but if it’s a true collaboration, then you’re both coming to the table. You’re both taking on work in order to get this delivered and the project’s going to be something that really resonates with your organization and that you can continue using for a long time if you were part of the process versus if non-profit volunteered just came in. Did something said, here you go and then left. You might not know how to use that thing in the future, okay? I don’t know, princess is i don’t want to put you on the spot and say that sweet volunteers volunteermatch please there, there, there, there, over budget there, behind time. E, you want to you want to get more out of this so you don’t know anything you want to add to this part of the project management internally, we had to make sure that we were prepared for our meetings, okay? You know, you have periodic meetings face-to-face orwell, skype or whatever virtual virtual once a week, and prior to that meeting on the non-profit side, we had to be prepared in order to get the best benefit from the professionals on get their insight in their feedback. Ok, what do you want to say about preparation? You got to get the right people collaborating internally. So internally we have a great team, you know, working with the accounting team and then also communicating that information to the leadership team for their feedback, and they’re circling back to net sweet just to make sure that they know that things are working that were, you know, also to make sure that we’re on track and to make sure that we’re on pretty much on track to complete the project. Okay, okay, i should have asked you earlier. What is juma ventures work? So junior ventures works too. They’re they’re fighting. The poverty, the poverty cycle by providing education and financial literacy to youth. And they employ the use at the ballpark. Ballpark venues around the area and what’s your area. Where are you? We are end. We’re here in san jose. We’re in san francisco. Where in nor new orleans. We have new york. Venue way are growing. Yes. Yeah. Your central. You’re west. Your east? Yes. Nothing north. The chicago. Detroit? Not yet. Okay, but probably definitely on the on the horizon. Okay. Okay. What’s, the budget there, annual budget. The annual budget is eight million. Yeah. Okay. Now, some people might think, why a million dollar budget? Why do they need probono? How come they couldn’t pay for the help that they need? So with non-profits we use most of that that money to sort of support the mission. And it is it is difficult to be able to provide income for this level of professional, you know, services? Yeah. You’re getting roughly eighty hours of technical help. Which several hundred dollars an hour. I imagine if you had to go out and purchase it. Yes. Okay. Okay. Fair enough. Uh, all right. Project management. That seems like a pretty broad topic is there more we could say about strategies for project manager? Upleaf i think the key there is just that collaboration and just trying to have regular scheduled meetings and you even having a regular format to that regular scheduled meeting like, we’re going to start the meeting and we’re going to look at the goal we meet the goal help along. Are we on the timeline? I know there’s not much else to say about the project management, except that it shouldn’t be a, um, attack or, you know, like we didn’t meet the deadline or, you know, managing it that way as much as trying to ensure the both sides are happy with the progress, but i’d say the other big key with that project management that isn’t talked about enough is making sure that the non-profit is in er the probono person is seeing their impact and seeing the progress that is being made and understanding how it is really helpful to the non-profit so the non-profit has sort of has a responsibility to keep sharing back to the volunteer of how appreciative they are from the help and the outcome that it’s going to do and what it’s going to allow that non-profit to do, they couldn’t do without that help. And just because the energy of a probono khun feed over time especially the project, is like three months or, you know that it’s time, you know, when they’re when they first start, they’re not they’re excited, they’re energetic, but then when they get into the weeds and then the problems start or they hit a hiccup part of that project management is keeping that person engaged and excited and reassured. Yeah, there’s value there’s a number of ways to do that of, you know, either to recognition or doing many celebrations of metoo hitting a milestone or doing, you know, small thank you says you go, i think that’s a big part of that project management. Okay, princessa you wantto share what what you’re doing around, sharing the value and encouraging the the probono volunteers? I don’t think i’ve done anything specific, but i think what goes a long way is the fact that they can see that their work is being utilized ized and actually brings value to the organization. How do they see that they don’t see that? During them during the project management phase, so they don’t see it until abila project is finished, right? But during the process, you know the fact that we’re not coming back with a lot of changes, a lot of iterations, you know, a lot of going over the time schedule in the time frame, i think it’s it’s sort of positive reinforcement tio let them know that things are going smoothly and according to plan and will be seen to her through fruition, your work is appreciated, yes, and i think the other thing that she’s maybe down playing a little bit is that she is able princessa did talk about how she was able to share that back-up with our leadership team, and i know that the probono volunteers are seeing the fact that there’s, an investment from the leadership team there’s an engagement through the team and their energy is staying up and excited about it so that just, you know, it plays into it, it doesn’t have to be in actually like a gift or anything like that. It’s just that continued conversation, okay? And i think as the volunteers get the exposure of understanding more and more of what you’re non-profit does they take away a real pride of what they’ve helped you achieve, even if what they were building is, you know, a small widget for your website, they are now kind of feeling a part of the team, and i love when i, you know, ask employees who have done probono projects hey, what kind of a project did you d’oh? What was the organization? And they automatically become the spokesperson for the organization they tell you about they light up there like, oh, and you’re now i donate to them or oh, i just went into the five k run for them and there’s so much more engaged now than they were before, and they kind of feel like they have a real responsibility for that organization because they took on actual technical work for them. That’s wonderful. All right, all right. Are we at project completion? Now? We have. We have a couple minutes left together. We’re okay. Are you anxious to get out of here? I don’t know. I mean, the project. I got to go somewhere way. Chocolate milk. You’re looking really good there in the middle. You can’t leave. Until steve, steve are princessa does okay, what? We’re project completion. Yeah, so i think the big project completion to me then is where we ended our presentation was talking about connecting it back to the mission, so then, you know, the outcome was a great great we created this financial dashboard, but i think taking a minute there and just saying, yeah, you just created a finding dashboard, but now what you’ve done is you’ve eliminated hours of work that i was doing every week in a manual spreadsheet that now i can really spend time analyzing that data and actually changed the way my organization works based on this data and just taking time to celebrate that, connecting it back to the overall goal and of inviting leadership, maybe to come in and talk to thank the volunteers. That could be a real way to wrap up and close the projects that leadership leadership touch again. Yeah, valuable aaron, anything. You know, i think revisiting the project maybe five, six months out is also really important for the volunteers just to hear from you about hey, you know, for six months now, we’ve been using these new dashboards. And here’s, what we’ve seen that’s happened at the organization, i had a probono project that some colleagues were working on a few years ago, where they helped build a social media strategy for a non-profit and a year later, the non-profit came back to them and said, hey, you know, because of that strategy that you helped us build, we want to grant to get a full time social media person on the other hand, it’s like gravel or the amazing, amazing stories, but had that non-profit not come back to the volunteers a year out and told them that they would have never known that we’ve just been happy about the project, but now they felt real prime glee that’s, magnificent. Princessa is your project finished? It is one week away from ove r being done there. Go deliver balls have been sent to us, the dashboards are set up, the reports are active, and it is now on me to actually play around with them and make sure that they’re functioning properly and any changes or anything like that, we would have to communicate back to the team, but we’re pretty close to signing off on that. Okay. This’s is exciting. Time was cool and, uh, what’s planned for the for the for the mark. The occasion of the completion dahna we hadn’t thought that far. That’s only you only got a week left. I got to get to ceo onboard is gonna be some something dramatic. Okay. Okay. Uh, all right. This is wonderful. Lots of great ideas are durney project management tools. Online tools that you you recommend that you like. If not, you could say no, but i think the project management for me, for this kind of a project, it depends on the severity or the scope of the project. But i think keeping it simple, askey, let’s say scope, not severity also. Very. Yeah. Yeah. E i think keeping the tool is simple. A za project. So you know, if it is something something as simple as a google doc just having a quick outline, they’re keeping your mini me meeting minutes. They’re keeping, you know, the record of what happened and what got done. You could do something more complicated now, but i don’t think it really needs to be anything more. Okay. All right. Should we wrap it up there? Hands alright, excellent, great ideas, lovett and that was leveraging expert or technical volunteers with steve hi solution consultant at net sweet also aaron dietrich, director of corporate citizenship at that sweet and princess bourelly director of finance for juma ventures steve princessa thank you so much. Thank you, thank you, tony martignetti non-profit radio coverage of sixteen ntcdinosaur non-profit technology conference thank you for being with us. Seven security pitfalls coming up first pursuant, they have a new content paper for you, it’s free and easy to get overcoming the major donor dilemma. How to identify and engage new major donors and also optimized your cultivation process. You’ll find this paper at pursuing dot com, and we’ll be spelling spelling bees for fund-raising are you kicking off millennial engagement in twenty seventeen? You can do it with stand up comedy, live music, dancing and raising money. Check out the video at we b e spelling dot com now, tony steak too you’re trump challenge re ducks director’s cut it’s still up it’s the reduction of the reduction check out to lula, the jack russell terrier. I’m telling you she has great insights into donald trump’s. Potential impact on non-profits and i have minor contributions. Check out the video. The director’s cut. The video is at tony martignetti dot com. And that is tony’s take two. We got to live listener love. I would do it quickly. And then, of course, the affiliate affections of podcast pleasantries. If you’re listening live love out to you you know who you are you know where you are. Thank you so much for being with me. Podcast pleasantries i still got to check you know i keep saying way we’ve been spiking twelve thousand on some shows. However many there are is way over ten thousand could be his money is twelve or thirteen thousand pleasantries to you, our podcast listeners and the affiliate affections to our am and fm station listeners nationwide, you thought of anything to say throughout the country, but i nationwide affections to you. Let your station know thatyou listen, i’d be grateful for that. Thanks so much for being with us. Here are leon wilson and dan revis from the twenty sixteen non-profit technology conference seven security pitfalls welcome to tony martignetti non-profit radio coverage of sixteen ntcdinosaur non-profit technology conference. We’re in san jose, california, at the conference convention center in san jose. My guest now are leon wilson and dan revis. Leon is chief technology and information officer at the cleveland foundation. And he’s sitting right next to me. And dan revis is managing writer for idealware. Gentlemen, welcome. Thank you. Welcome to non-profit radio. Pleasure to have you. Yeah, a pleasure being here. Your session is seven. Highly risky habits of small to midsize non-profits security pitfalls. That’s great. Leon let’s. Start with you. Why? Why are non-profits just not paying enough attention, teo. Security? Well, a lot of in the whole emphasis behind presentation was just my travels over the last four years of working with small and midsized non-profits and constantly seeing the same challenges that we’re dealing with. Some of it is just naive nous ignorance, complacency, poor slumming that it really doesn’t impact them until it does impact them. So we felt that this session was critically important to just remind them of some of the simple, basic and black lean tackling things. Okay, we’re trying to avoid crises here. Is that right there? That’s? Right? Dahna i mean, how bad can it be? Security, dan, don’t you have an actual example of or just making hypothetical, but how bad could it be? Well, yeah, i don’t have examples. We worked on a report recently where we talked teo security experts and sort of learned from them what are the things that non-profits they’re dealing with? And we found that, you know, non-profits are in an interesting space, as we all know, low budgets, very little time security often gets overlooked, gets neglected, it’s not particularly sexy, no it’s, sort of the vegetables, you know, the non-profit world. We were surprised by how many people came to our session because the reality is it’s the last thing you really want to do, but i think people have seen enough of the data breaches they’ve seen enough of the issues come out like weekly there’s, there’s, data breaches and that’s on the commercial side where they presumably have so much more money toe to throw with us. Absolutely on dh that’s where we see so much of trouble. Yeah, all right arika okay, i mean, it’s pretty simple stuff, i mean, the way you do, i don’t mean the topic metoo details of it, the way you’ve organized seven highly risky habits. Right. So all right, you know, you shouldn’t be sleeping with a bad partner. What? All right, why don’t you start us off? Well, leon, but you bring up anything point, they were all very common sense things that are happening. What we want to do is share with them if you’re going to do these things, but we wanted to educate you on how you can mitigate the risk. For example, one of the first things we talked about wass bring allowing people to use personal computers in the workplace. We know it’s going to happen because for a lot of non-profits it’s the way that they can save money because you don’t have to worry about purchasing a computer for someone. But keep in mind that you have toe put some provisions around that, like making sure that they have the most up to date somewhere running on that computer, making sure they have anti virus running on that computer, otherwise and who’s had who who else has access to the computer when they’re at their homes, their family members, friends, other type of disaster. Exactly. So we know it’s gonna happen. And that’s why we said that? We’re not telling you something that you don’t already know, but what we do want to do is provide you with some wisdoms and some thoughts as far as how can you mitigate, prevent or least contains some of the challenges that you’re going to be dealing with that so that’s a good example right there. Okay, so way need to have policies, i presume they’re absolutely around the use of the personal technology in the workplace. What are some of these policies? Well, i mean, just having a policy thinking ahead of time, what should we allow and what should we not? You know, that’s probably the first most important thing just to think it through. So you’re not doing that at hawk way or that people aren’t sort of making it up as they go along. But then from there, you know, some of the things we talked about our session things that you already know you need anti virus software, you need to make sure it was on your phone that your aps are not downloading something malicious. That’s pulling data from your phone, you know, there they’re things that you have probably all heard somewhere in. Your life. But, you know, in the work context, we sort of forget that, you know, we assume that there’s someone on the and who’s taking care of everything and we forget once we bring it home, you know, it’s up to us now, and so if you as leader of your organization, aren’t making sure your employees, they’re doing those things, they’re helping them do those things, there’s a lot of risk in that we did it, we did it really a straw man pole where we asked a lot of people had about forty or fifty people in our session, and we ask him how many of you have any virus software on your cell phone? I was expecting to see about release half only about maybe six people raise your hands, and i don’t even think most people know that that exists. There you go. So now wear allowing folks to share to sync up their email, sync up their email that context also get access to certain files off their mobile devices, because, again, it’s how we operated these at these days, and it works for a lot of us, but what happens when that smart? Phone gets stolen, lost or if you’re constantly upgrading, you’re a smart phone and you don’t properly clean out here clean out your smartphone well, if you don’t have password protection and also, if you’re not using anti virus software on their, imagine how others can get out that information. Where are we even gonna find auntie? But where do we start to look for anti virus software for our phone? It’s right out there? I mean, if you go out to the iphone store and just search for any virus software, if you go to the google play store and search for anti virus software, it is out there it’s just again. It’s not sexy, it’s, not something you’re downloading, usually downloading games and absent things that nature, you’re not down lee office productivity, our office, productivity, aps as well as in the especially for android phones because they’re not as police. The acts that are not a police there’s a lot of malicious acts that are out there, so you’re downloading what you might think. It’s a free game, the software but it is designed to then go after your contacts, your emails and other type of other types of information that could end work its way into your organization. Leon let’s, stay with you. How did we enforce these policies that both are saying are important on the in this? This this one on the personal technology side? How do we make sure that people are doing with their equipment what we’re asking them to do if they want to use it in the workplace? Great question. And that question came up a couple of times in our talk. Part of it is human police enemy some of it you can, you can you can afford through technology through right, so certain kind of tools, but sometimes it’s just about writing that policy in place, right creating a b y o d policy and and require all your staff members to comply with that were to sign off and understand a lot of his education, and then try to do sometimes basic auditing and checking with people’s equipment. Verify that they have this, that they have, that they’re compliant with those policies. So if you have the luxury of adapting technologies to enforce those rules and some of them are very commonplace with microsoft exchange and often sixty five you could do some of those things, but you you can’t it cost you nothing to write a policy, to put it in place forces, but enforcement. So there is actual verification. We actually going to look at their device and see that they’ve got on it what we are asking them to put. Well, imagine if you’re working for social services organization and you have health and human services information on there that information get lost, would you would you rather not go after and once a year check and verify that they are in compliance with that as opposed to falling prey to a hip, a compliance issue? Okay, okay, then let’s move on to number two are you know what a second? Why don’t mean necessarily in sequence, but what’s another one out of the seven? You know, another one that i think falls in line with it’s a bad habit that people just aren’t really necessarily very aware of is they’re. They’re not always very discerning about which cloud platforms they’re using so often people wanting his drop box. It’s easy. They probably have a personal account already and so, you know, you jump. On dropbox and you’re putting your data files from your organization on there, the reality is that consumer based called services just aren’t as secure as ones that air oriented, more towards business and enterprise type. I’m called service, so you know, people think they’re doing fine, they think they’re doing good, they trust drop box, but they don’t really understand there is a difference between using that and a more business orian commercial. What were some of the more? What are some of the commercial ones? Leon leon for-profit says that well, i mean what again, what we’re talking about rather than using the dropbox to personal version used to run blocks for business or dog bites for team rather than using dahna g dr usedto get a partial use g driver’s part of blue collapse whether than using microsoft one dr that you get for free if you haven’t outlook dot com account, use it as a part of one dr for business on the part of your opposite sixty five you have greater securities, the i t department or whoever is your tech support provider has greater control over containing who has access to that information. Plus you can retrieve that information more efficiently. Imagine it wanted you using your own personal dropbox account and it’s sink to, like five or six other different devices when you leave that organization. How do we get that information back from your personal rot box account? We don’t basic. There you go. So information’s out door now you’re basically are storing your data and everybody’s home when everybody’s personal device you’re probably not a magic. I don’t know how many people have tried to return. Retrieve a lot of information off a dropbox personal account’s been successful at it. Okay. Okay. So you thank you because you let your name three resource is there on top. Your head. Excellent. Ok. Alright. So safe for use of the cloud of cloud services. Okay, what else we got of our seven? Well, the one thing that we always harp on and people get a chuckle out of it. But we have deal with it is proper password management strong password using stronger passwords and insurance, and requiring that your staff members whether they’re using their personal devices or if they’re using company own devices to use strong passwords and not just using one, two, three, four, five, six or password as your password, but also changing that passed were periodically will do with that that’s still out there, we showed a church, we showed her chart and still one, two, three, four, five, six password no past are still the top passwords being used by most folks. So we again we think that we’re past that, but we’re really not and what we’re what we’re doing in our talk is really just reminding folks and educating them of things that they know, but they just need to be reminded of people. Please have a secure password do not use one, two, three, four, five or password, no path, no pan out used you’ll be, you’ll be, you’ll be better than probably two thirds of users if you just eliminate those three things that i don’t use them. What oppcoll yeah again, you’re right. These things were here, but we’re not doing it exactly when i do it, there should be numbers that should be symbols. It should be a word out of a definition of what a lot of people are talking about. It now is maybe using phrases so you can’t you can’t assume you can’t you can’t expect your staff member to come up with a cryptic pass where like a b capital, jay lorts see one, two, three oh, the ampersand sign and all that sort of stuff, but they could come up with a phrase always use the example of it. He used big mac fries but capitalized, obey in the a m and neck and then using empress stand for the a m a that is going to be far harder to increase, to break to crack, then some some more simple password, but you’ll remember it. Or maybe a phrase that’s just known to you or your family or your yeah, yeah it’s in your from your grandparent’s something, and then you choose the first couple of letters of each exactly, exactly, and using symbols and numbers and still those things, too, make it somewhat creek critics still, because really, what? What happens? You know you’re you’re lengthening the time it takes to crack your password, you know, if they if they know there’s a with just twenty six characters a through z, they can do that a lot more quickly than if there’s twenty six. Characters plus, you know, ten digits plus cerini of upper case and symbols. You just magnify the difficulty. Yeah, absolutely exponentially. Okay, okay, give us another one again. Would you throw something else out from our from our seven? Yeah. You know, one that is another pretty basic thing. People aren’t necessarily always backing up their data. They they don’t have a plan for back-up. Yeah. Disaster recovery, you know, not just a disaster. Where, say, a server breaks down or, you know, something gets erased, but like real disasters, what happens if you have a flood and you know, your servers get destroyed? That way, you know, a fire, those sorts of situation, actually, at last, year’s auntie si i interviewed. I remember you could you could search listeners if you want to find this one. Her name was dar geever ca. It was all about you, you know that. You know, you know that, you know, dark. It was all about your disaster disaster recovery plan. So that was just one year ago. But first of all, you gotta have a plan. You’re not the airtight may not be hurricane proof, but i have a plan, right, let’s. Get started well, that’s the key thing, and we were saying that a lot of non-profits have become more mature, smart backing up their data. But david, backing up your data is just one part of it. When you talk about disaster recovery, you’re talking about protecting the entire environment. So if your server crash it’s going to take a lot longer to bring that server back-up depending on how you been, how you been poor, proactive, into that recovery, then just restoring the working files, how long is it going to take for you to get the operating system back-up apply altum security patches and all that sort of stuff and depending on the type of non-profit you are, is that ok or not for you to be dahna day a week, two weeks, so when we talk about disaster recovery we’re talking about you got to go beyond just backing up the data, you’ve got to be concerned with the environment as a whole and what is your strength? What is your what if analysis for if this were to occur, when are we going to do? Like what you’re hearing a non-profit radio tony’s got more on youtube, you’ll find clips from stand up comedy tv spots and exclusive interviews catch guests like seth gordon. Craig newmark, the founder of craigslist marquis of eco enterprises, charles best from donors choose dot org’s aria finger do something that worked. And naomi levine from new york universities heimans center on philanthropy tony tweets to he finds the best content from the most knowledgeable, interesting people in and around non-profits to share on his stream. If you have valuable info, he wants to re tweet you during the show. You can join the conversation on twitter using hashtag non-profit radio twitter is an easy way to reach tony he’s at tony martignetti narasimhan t i g e n e t t i remember there’s a g before the end he hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a short monthly show devoted to getting over your fund-raising hartals just like non-profit radio, toni talks to leading thinkers, experts and cool people with great ideas. As one fan said, tony picks their brains and i don’t have to leave my office fund-raising fundamentals was recently dubbed the most helpful non-profit podcast you have ever heard. You can also join the conversation on facebook, where you can ask questions before or after the show. The guests were there, too. Get insider show alerts by email, tony tells you who’s on each week and always includes link so that you can contact guests directly. To sign up, visit the facebook page for tony martignetti dot com. Lively conversation, pop trends and sound advice. That’s. Tony martignetti non-profit radio. And i’m lawrence paige nani, author off the non-profit fund-raising solution. Dar even went into the possibility that some organizations may need off site places to go. Well, you gotta have some place rented or or have a share agreement for when you needed an emergency for physical location. It is it is conceivable me, obviously, going to the cloud has helped out tremendously as far as people who still itjust dorner information in a cloud using google laps ofthis office. Three, sixty five things that nature there, they have access to their working files, and they could still use things like microsoft office or google docks and things that nature. But if you’re trying to get to your donor zsystems and hopefully that’s in a cloud of swell, but there might be still some things that are on that physical server and what happens if that server was to crash or the building that you’re operating out of two is inaccessible or loses power? Yeah, okay, all right. They’re excellent. What else you guys got? Well, the one of things that we also talked about that we want to touch on was about software management. And this is about basically ensuring that when you’re doing software updates, patch updates and things that nature, that you do it in an intelligent matter-ness not every not every update is a good update. A lot of the hackers thes days are going through the adobes, the job of e ems and things of that nature. So you want to be mindful of that? And you want to make sure that if you’re allowing people to download software and do updates on their own, um what? What are your provisions around that they’re actually downloading malicious software. So we talked about again, more policies the potential the locking down the workstations and required an it person or tech support person, too. Basically white list that particular software patch up days before comes down. Because once you do that, then it help out with on the productivity. Okay. Okay. Anything else, dan, you want to add about the suffering management side? No, i think that covers it that way. Okay. Okay. Don’t want to go through these two fast. No that’s. Quite all right. Okay. So feel free to elaborate. Well, well, i will share that one thing that in the office, when we’re talking, we’re going to talk. That thing that came up a lot of security and especially we start talking about cyber security, and they say, well, leon and dan, if you’re telling us we have to be have stronger passwords if we have to be responsible about where we’re storing our data in mohr business, great cloud storage solutions as opposed to consumer grace clouds store solutions, what does that say for cybersecurity were what are your thoughts on cybersecurity? And what we were sharing with them is that we feel that a lot of the cloud stores a lot, a lot of the cloud vendors are doing a decent job as far as doing that. What we need to start looking at when we start talking about password management is looking to some of the clouds cloud password management solutions out there, because now we’re requiring our staff members to remember five or six or seven different passwords because they log into their computer one way they logged into google app susan another password because we were now no longer have single sign on any more, so they were asking questions regarding that and make it, and we were given recommendations on tools like last past and so forth, okay. Let’s not gloss over this. Yeah, yeah. Last last past a cz one of those clouds on password management solutions and there’s two or three others that are out there if you go out there and google them. But what they allow you to do is is almost like a software it’s. Almost like a password vault. You can upload a key and all your primary passwords. And then you have one master password with some kind of token key that allows you to then log in one time. And then those solutions was analog into your sixty five. Those solutions argument with in laws because they have they have they hold on to your credentials. So as we’re now moving into maur, this hybrid mode where we still have to log into a local network. But we have a lot of our systems out in a cloud. We have to now deal with howie managing our passwords across both in the cloud and on premise. Okay, about dash lane. Either of you familiar with it. Actually. Password management is that you think is in the same camp it’s in that same camp with last pass and so forth. I mean there’s two or three, they’re out there. Octus another one that’s out there that a lot of people are trying to use for a single sign on between their microsoft active directory network as well as in the cloud. So and some of them tie in with things like salesforce. Dot com embraces these kind of things. So the more major players out in the field, the major software vendors are making sure that their cloud management solutions are our being able to be accessible through these cloud password management system. Okay, dash lane, last pass octa okay, and he wasn’t any another one. You want to shout out as worthy? There was another and there’s another incarnation of non-profit radio. So you won passed hyre special one passes another one as well. Ok, very good. What else? But this is in our list of seven. Well, the other thing that we talked about it kind of going to school in size. We are talked about personal computers to introduce it, but i’m going to talk about that. But then, if you want to talk about, we’re talking about the mobile devices and so forth and the issues that come with that mobile, right? So we we talked about bring your own device when your pc or your laptop, you know similar concerns with mobile devices. You know, you need policies in place. I need to make sure that, you know, there’s a reality that people were using their phones or tablets for work. We’re taking our work everywhere now. And so how do you manage that? That’s a there’s a reality there that everyone’s probably living with on some degree. How do you minimize the risk and manage it so that your comfortable with how people using their mobile devices for work? Okay, how do you how do you know? Well, you know, i think some of the things that we’ve already talked about you making sure you have antivirus software on your phone is a really important thing, okay, you’ll be able to manage on some level the device that if someone say, leaves your organization that you can either you know, it’s complicated, potentially, but you potentially could delete some of the information in particular aps you’re not likely probably to be able to delete their whole phone and that’s probably good for everybody, but just having a little bit more control. On how people are using their mobile devices when it comes to work. And, you know, leon mentioned he’s sort of old school, and i think maybe very prudent in the sense that he has his personal device and he has a work device and he keeps those separate, i think, for for an organization, if you could do that, it really is the most prudent approach, because the reality is you can’t control. So what else is device they’re passing around with their family, you know, someone borrows it to look something up or use the phone, you know, that data contract veliz the reality. And so, you know, you have to think about that risk, and if your organization is sort of willing to take that risk, or if it needs to take some steps to kind of minimize the okay, we have time for one more dan you want introduce the last one? Yeah, the last one is the lack of network security, right? So you’re we often using wifi. You have a router. But did you make sure to set a unique password for that round? Or are you just using the factory setting and itjust admin, which is public. Anyone could look that up and get on your router at any time. You know things like that, making sure firewalls are in place. You’re making sure your network is secure altum throughout and i think leon comprise going more. Did you want to have anymore about network security? Yeah, that’s the one thing is it’s a multi layer it’s, a multi layered approach. So you have to have the external penetration protection with your firewall but that’s also where you need to also maybe have a firewall running at the pc level is well along with the a v and malware software. Additionally, what we were talking about, hiss. If you’re providing wifi access within your organization, you definitely want to have a separate wifi space for a guest, contractors, visitors and thea nature versus you definitely want to do that. And you definitely want because again, if you have people just coming in off the street in public and bringing in their laptops, you don’t know what’s running on their laptop you again. It goes back to a lot of the other issues we were talking about it’s, like, bring another personal workstation in there we’ll have to wifi. And exactly you want to have a separate it one where? Even if you give him a password to log again. That password maybe times out after two hours of three hours with boy, they have to re authenticate, separate from your stamp, where they’re always going to be able to go on and have constant access to what? You want to keep it separated. Okay, we’re gonna leave it there. Ok. Cool. So it’s cool, right? They are. Leon wilson, chief technology and information officer at the cleveland foundation, and dan rivas, managing writer for idealware. Gentlemen. Thank you very much. Thank you very much. I have to a highlighter intense wag item. We’re doing that each each interview and i neglected due in the beginning. We have this usb flash from texas, and we had that to the pile of here. You might have thought we just have a message said that’s. Not true. Thean ten swag pile. Very well organized. Cool. See? Very nice. Tony martignetti non-profit radio coverage of ntc sixteen twenty sixteen non-profit technology conference. Thank you so much for being with us. Thank you. Thanks. Next week, zombie loyalists. If you missed any part of today’s show, i beseech you, find it on tony martignetti dot com. We’re sponsored by pursuing online tools for small and midsize non-profits data driven and technology enabled, and by we be spelling supercool spelling bee fundraisers. We b e spelling dot com. Our creative producer is claire meyerhoff. Sam liebowitz is the line producer. Kevin dollars are am and fm outreach director shows social media is by susan chavez, and his great music is by scott stein of brooklyn. You with me next week for non-profit radio. Big non-profit ideas for the other ninety five percent. Go out and be great. Hey! Buy-in what’s not to love about non-profit radio tony gets the best guests check this out from seth godin this’s the first revolution since tv nineteen fifty and henry ford nineteen twenty it’s the revolution of our lifetime here’s a smart, simple idea from craigslist founder craig newmark yeah insights, orn presentation or anything? People don’t really need the fancy stuff they need something which is simple and fast. When’s the best time to post on facebook facebook’s andrew noise nose at traffic is at an all time hyre on nine a m or eight pm so that’s, when you should be posting your most meaningful post here’s aria finger ceo of do something dot or ge young people are not going to be involved in social change if it’s boring and they don’t see the impact of what they’re doing. So you got to make it fun and applicable to these young people look so otherwise a fifteen and sixteen year old they have better things to do if they have xbox, they have tv, they have their cell phones. Me dar is the founder of idealist took two or three years for foundation staff, sort of dane toe add an email address card, it was like it was phone. This email thing is right and that’s why should i give it away? Charles best founded donors choose dot or ge somehow they’ve gotten in touch kind of off line as it were and and no two exchanges of brownies and visits and physical gift. Mark echo is the founder and ceo of eco enterprises. You may be wearing his hoodies and shirts. Tony, talk to him. Yeah, you know, i just i’m a big believer that’s not what you make in life. It sze, you know, tell you make people feel this is public radio host majora carter. Innovation is in the power of understanding that you don’t just do it. You put money on a situation expected to hell. You put money in a situation and invested and expect it to grow and savvy advice for success from eric sabiston. What separates those who achieve from those who do not is in direct proportion to one’s ability to ask others for help. The smartest experts and leading thinkers air on tony martignetti non-profit radio big non-profit ideas for the other ninety five percent.

Nonprofit Radio for November 30, 2012: The Bequesting Brain & Donor Database Dungeon

Big Nonprofit Ideas for the Other 95%

Listen live or archive:

Tony’s Guests:

Russell James
Russell James: The Bequesting Brain

Professor Russell James at Texas Tech University does neuro imaging research to see subjects’ brains light up when they elect to put a charitable gift in their will. This former Planned Giving fundraiser and director of the Graduate Certificate in Charitable Financial Planning has research-based advice for your cultivation and recognition of bequest gifts.

 

Scott Koegler
Scott Koegler: Donor Database Dungeon

Scott Koegler, the editor of Nonprofit Technology News and our tech contributor, wants you to keep your donor database secure, so nothing can escape. We’ll talk about inappropriate use, SQL, inference and overloads.

 
 

 


Top Trends. Sound Advice. Lively Conversation.

You’re on the air and on target as I delve into the big issues facing your nonprofit—and your career.

If you have big dreams but an average budget, tune in to Tony Martignetti Nonprofit Radio.

I interview the best in the business on every topic from board relations, fundraising, social media and compliance, to technology, accounting, volunteer management, finance, marketing and beyond. Always with you in mind.

When and where: Talking Alternative Radio, Fridays, 1-2PM Eastern

Sign-up for show alerts!

Here is a link to the audio: 119: The Bequesting Brain and Donor Database Dungeon. You can also subscribe on iTunes to get the podcast automatically.
View Full Transcript

Transcript for 119_tony_martignetti_nonprofit_radio_20121130.mp3

Processed on: 2018-11-11T22:55:24.322Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2012…11…119_tony_martignetti_nonprofit_radio_20121130.mp3.248888218.json
Path to text: transcripts/2012/11/119_tony_martignetti_nonprofit_radio_20121130.txt

Hello and welcome to tony martignetti non-profit radio big non-profit ideas for the other ninety five percent. I’m your aptly named host. Oh, i very much hope that you were with me last week. It would cause me great distress. I couldn’t stand knowing that you had missed thirty four things to know about people. Andrea nierenberg, president of nuremberg consulting group, returned. She had so much simple and valuable easy relationship building advice from october fifth that i invited her back and the last show, which was, of course, two weeks ago, she had thirty four things to know and howto learn them how to preserve them and what to do with them, and her list of thirty for is now on the facebook page and are linked in group also get engaged to amy sample ward are regular social media scientist, social media contributor continued her siri’s on real engagement and building trust through the social networks. October was setting the tone this month. It’s your call to action. Amy is membership director for and ten the non-profit technology network and blog’s for the stanford social innovation review. I want to welcome new listeners. I need a big spike of listeners in october and i hope that you’re still with me in november hoped very much welcome. Welcome to the show this week, it’s, the big, questing brain professor russell james at texas tech university does neuroimaging research to see subjects brains light up when they elect to put a charitable gift in their will. This former plan giving fundraiser and director of the graduate certificate in charitable financial planning has research based advice for your cultivation and recognition of bequest, gift and donordigital baste dungeon scott koegler, the editor of non-profit technology news. Our regular tech contributor wants you to keep your donordigital base secure so nothing escapes. We’ll talk about inappropriate use sql sounds like jargon jail already inference and overloads between the guests on tony’s take to my block this week is charity registration matters. Why compliance with state charity solicitation registration laws is important? If you’re listening and you’re on twitter, you can use the hashtag non-profit radio to join the conversation with us there where monitoring that hashtag in the studio and i want to welcome my guest is russell james he’s, an attorney and phd he’s, an associate professor and the director. Of graduate studies in charitable financial planning at texas tech university, where he also supervises the graduate certificate and charitable financial planning. He has spoken at the f p international conference, the big twelve gift planters association and giving korea we have listeners from korea pretty regularly, actually, he’s presented his research at universities in the u s, spain, germany, the netherlands, ireland, scotland and england, but i noticed not whales, i guess the welsh don’t care for russell james for some reason, the welsh have not invited him, but the irish, scottish and english have he’s, a consultant to the south korean government, around their effort to adopt plant e-giving legislation, he’s been a plan e-giving fundraiser and a college president. Russell james, welcome to the show. Thanks so much, tony. Glad to be here. It’s a pleasure to have you. You’ve had a lot of jobs but a lawyer. Fundraiser, college president now, college professor, you’re you’re having trouble holding jobs? Yeah, that that is an issue. But hopefully i can. Okay, what’s next, the construction trades. Maybe. I don’t know. No, i’ve got ten years. I’m gonna stop. Okay. Well, that’s it you’re set. Okay. Um, our big questing brain. This is really very, very interesting to me. You do? Ah, neuroimaging research. Why did you decide to pursue this? Well, i’ve spent a lot of time in the area of fund-raising a particular plant giving, and there have been a handful of studies done on shared will get e-giving decision making in the scanner, but nothing had been done yet. Looking at decisions for request, a charitable giving. And so that was something new and something i was interested in. And after getting ten years gave me the opportunity to take about a year and a half or two years to learn how to do this neuroimaging so that we could proceed with finding out how the brain works. When you ask people questions about making charitable bequests, this is not a line of research that a non tenured professor would have the luxury of pursuing. Well, it it takes a long time. And since my original background is not in neuroimaging, it takes a fair amount of time to get up to speed with the process. And it helps having a little bit of job security before you start chasing rabbits like this. That’s one. Of the few jobs you have not held is neuroimaging scientist. Thank you. Um, and what was your methodology for this? So the approach was tio have people when they’re in the scanner, they can observe a computer screen, and we could ask them a variety of questions. And what we wanted to do here is we wanted to have questions that were identical but on lee different and whether we were talking about giving money or volunteering or leaving a bequest gift. And since we can’t actually enforce a bequest gift in the scanner, what we did is we ask them if you signed the will in the next three months, what’s the likelihood you might leave request gift to a particular organization. And we used about about twenty eight large charitable organizations on we also ask them about if they were asked in the next three months, what was the likelihood they might give, give money to the same organizations? Or that they might volunteer time to those organizations in the idea being here, we want to see what brain areas are engaged when people are thinking about the probability or thinking about this idea of, well, let’s. See if i was asked if i was finishing a will. How likely is it that i might do this? Okay, and you compare that with a current gift and volunteering, okay? And because you see those as as different methods of support. And so you thought there might be some different segments of the brain that are that are involved exactly. And also because we understand a lot more about current giving and volunteering because people engage in that behavior very frequently, we can observe it a lot. But the quest e-giving is something that people engaged in very rarely oh, and oftentimes not observed. And so we sort of want to compare with the thing that we know about better. Did the volunteer part did that involve boardmember ship buy-in a chance it did not. It was just a generic question of hey, if you were asked the next three months, right, your likelihood that you might volunteer time too. You know, the american cancer society, for example, okay? Because i think it was boardmember ship. I think their brains would have exploded inside your scanner. You have what we want to avoid. You’d have a mess, and plus you you have a dead subject. So it’s no, in these invalid research. Okay. Concerned with their safety. So that’s a that’s cool this other inside a scanner. And does this look like now? I’m just a little curious about the technology. Does this look like an emery that people slide into? And then the screen is above them? Or what does it look like? That’s? Exactly. Right? So they’re inside an m r i it’s a fairly large boardman sheen, but it still they’re sort of locked in there. And before they do this particular experiment, they get used to using the screen, have a couple of buttons that they can use on each hand to respond to questions on. So they sort of get used to and really, you know, they focus on the screen because there’s nothing else to look at. I mean, it’s fairly dark out there. And you have this projected image of the computer screen on that’s the process which seems very weird, but you actually get used to it pretty quickly. Is you’re going through these preliminary process? How did you get volunteers for to be subjects for research like this? Well, for this first for this first group, we just asked folks who were around the university campus so employees graduate students, that sort of thing in the future we’re looking at once we find the results to make sure that those results are also replicable when we are doing with other populations. Ok, i see grad students. I mean, they’re hungry. That right? So for twenty five bucks, they’ll do anything. You know what? They are paid. Yes. Ok. Eso what did you what did you find? I’m interested in what you found across the three different types of, of, of gift of a way of ways of supporting now also, russell, we just have two minutes before our first break. So just, like, sort of tease what? What you found what we found was two different areas that were much more strongly activated for bequest decisions. Van forgiving, volunteering decisions. Those two areas are the call once called the peculiar and once called the lingual gyrus. Now the brick union is something that’s engaged frequently. When people are taking an outside perspective on themselves, sometimes called it’s been called the mind’s eye. And the lingual gyrus is actually a visual or visual ization area. So when you’re dreaming, for example, you will engage the lingual gyrus, and if you have damage to that area, it can eliminate your ability to dream. So we saw these two areas and independently we’ve got some activity that involves people looking back on themselves from an outside perspective and also engaging in visual ization. But what was really exciting is what we found in other studies that simultaneous osili activated both of the same areas that i think is a lot more applicable to this situation where we’re looking at now so i can tell you about those way have time, or we’re going to take a break first. You said the lingual gyrus is the dream center. Is that right? It’s engaged in that engaged okay area. My lingual gyrus was was hyperactive last night, but you’re probably not into interpreting dreams out suppose you dont go that far do don’t go that far. All right, well, we’re going to end with you, then we’re done. No, russell, james will of course stay with us for this break. And i hope that you do too. Talking alternative radio twenty four hours a day. Are you stuck in your business or career trying to take your business to the next level, and it keeps hitting a wall? This is sam liebowitz, the conscious consultant. I will help you get to the root cause of your abundance issues and help move you forward in your life. Call me now and let’s. Create the future you dream of. Two, one, two, seven, two, one, eight, one, eight, three, that’s to one to seven to one, eight one eight three. The conscious consultant helping conscious people. Be better business people. Dahna are you concerned about the future of your business for career? Would you like it all to just be better? Well, the way to do that is to better communication, and the best way to do that is training from the team at improving communications. This is larry sharp, host of the ivory tower radio program and director at improving communications. Does your office needs better leadership, customer service sales, or maybe better writing, are speaking skills. Could they be better at dealing with confrontation conflicts, touchy subjects all are covered here at improving communications. If you’re in the new york city area, stop by one of our public classes, or get your human resource is in touch with us. The website is improving communications, dot com, that’s, improving communications, dot com, improve your professional environment, be more effective, be happier, and make more money improving communications. That’s. The answer. Hey, all you crazy listeners looking to boost your business? Why not advertise on talking alternative with very reasonable rates? Interested simply email at info at talking alternative dot com welcome back were with professor russell james from texas tech, and we’re talking about the requesting brain. We will not be analyzing my dreams. Sorry, but those were disappointed in that, but we will continue. Of course, this is conversation. So this is russell. This is what people sort of their self image and and what you call, sir there, their life story right in the reason we say, that is we looked at some other studies that engaged both of the same areas simultaneously. And one of them, for example, was where they i had older adults in the scanner in their sixties and seventies, and they were shown photographs from across their life from the the different ages of their life. And when they saw those photographs in the ones that they remembered what they were doing, they remembered exactly what was happening in these two areas were much more strongly engaged. And so the idea is that these are areas there is associated with what we would call visualized autobiography and there’s, a variety of other studies that also suggests that your reasonableness of this conclusion so the idea being that when people are thinking about making a charitable request decision they’re actually thinking about this concept of how does this fit in to my life story? It’s almost like they’re riding the final chapter of their autobiography and asking about whether or not this cause or this organization fits with that life story. And so it turns out those are very different questions than we might ask with, say, a current gift issues that are in other context, really important, like what’s the next big project, or how financially financially good is this organization, those things sort of fade into the background on this actually fits with some other research that was just finished last year in a phd dissertation by claire roundly and united kingdom, where she interviewed folks about why they had left money to the organizations that they had identified in their in their state plan. And it turns out that really it was all about their life story, it was about their connection with the cause, or with the organization because of something that had happened to them or to a family member that makes that that connection come together. So this it’s a little bit with an example, one of my friends who’s been planned e-giving after he graduated from law school and had this background training when he would go out and talk to people, he would see that they had all of these tremendous tax advantages that they could take advantage of. Maybe they’ve got qualified money that they want to make a gift and, you know, there’s, a state gift and there’s ways to do that, and he would start by talking about that. And he said i had to learn to stop doing that, that what i needed to do was to start by asking, how were they connected with the organization? What was their life story and how it was it was connected in on so that seems to fit with some of the things that we’re seeing in the scanner here, okay? And that’s pretty widely recognized, i think that it’s it’s, the love of the, the charitable work, whatever it might be feeding people, sheltering, education, spiritual, whatever it is, it’s, it’s, the love of the work that that moves people to include the charity in there in there will absolutely. And i think, it’s the issue here of you know, when we think about this sort of related into some psychology from fifty years ago that talks about how two people deal with it, reminders of their own mortality and a couple of things they do one they tend to avoid those reminders, but the other thing they tend to do is to seek what’s been called symbolic immortality, that’s that something about me that’s goingto live beyond me. So it must be, you know, my name or my values or my my family, and we tend to focus on those things mohr when we’re reminded of our of our own mortality. And so this links in with this old psychological research from for many years ago that talks about people’s desire for symbolic immortality, and it’s actually a form of to use another technical term, a form of autobiographical heroism where we wantto see ourselves as being a significant our lives is being meaningful. And so this, uh, psychological theory fits with what we’re seeing in the scanner, in the sense that people are engaging in this kind of autobiographical thinking when they’re making this kind of you did a very good job there of keeping yourself out of jargon jail by defining that very hard to do, but okay on dh this has some implications for recognition of gift, which will get recognition of gift by will, which will get through this thiss idea of immortality i have to send live listener love got tons of listeners today, it’s incredible! I’m going to recognize first. Seoul korea live listener loves seoul, korea my guest, russell james has consulted with your government as they were trying teo create plan giving legislation. Also in asia, we got tokyo and asahi, japan, and a masked listener in china. I don’t know there’s some kind of furtive activity or it’s blocked by someone else but got a mask listener in china here in the u s spearfish, south dakota. I love that welcome spearfish. You’re not you’re you’re hunting there, but you’re but you’re only hunting fish on dno. No big arms, i guess. Alexandria, louisiana, new bern, north carolina live listener love to all of you in asia and here in the u, s and there’s more to come. Um, visualized autobiography now. So this is russell. This is the way we were perceiving ourselves. This is not this is not rational, right? But this is our our our own self image of ourselves. Well, self image, the difference in an inactive activation here was not taking place in the in the number crunching part of the brain thing wasn’t the purely rational prefrontal cortex this is mme or the you know, the the imagery on the scene oneself and sort of your your own life story or or autobiography, you know, finding some support for some of this earlier research in psychology about people being reminded of their own death kind of lends support to certain results that we see in certain strategies that we see if somebody is pursuing consciously or unconsciously symbolic immortality as part of their estate planning problem that’s, symbolic and what i’d like to be symbolically immortal. Well, i would like to be a very good well, you know, let me tell you about some plan giving opportunities. They’re over there at texas tech and the graduate certificate and channel financial planning to wear. When we look at charities that receive a larger share of their income from the quest sources. Often times, you’ll see charities such as universities that are expected to be around for a very long time, especially giving things like a, uh, an endowed fellowship for a scholarship that that we expect to live on beyond us. And it may be one of the reasons why these organizations or other organizations focused on saving lives, whether finding new cures for for new diseases or other kinds of lifesaving approaches can sometimes be particularly attractive, and if you compare that to other organizations that don’t necessarily focus on raising funds for something that’s going to be permanent, but rather raising funds for something they’re going to do right now and spend right now that’s very attractive for current gifts, but it may not be particularly psychologically attractive force st gifts, because we don’t really want something that’s. Just all of the money is going to be used for a big bang immediately after we die. We’d rather have something that is going to last a long time that maybe our grandkids could come and and say, oh, yes, that’s something that my grandfather set up and still here today. But organizations that might have a more current mission could certainly create a fund or an endowment. Or maybe, ah, part of their mission, that is. Something that’s going to be that is everlasting exactly, and what i would encourage because i know there’s always a tension in those organizations if you set up something that’s permanent, those air funds that you can only use the interest off of, for example, endowment that income off. So what i would suggest is setting up these kinds of permanent giving opportunities exclusively for the quest donors on say, you know you can set up a permanent endowment, you nose let’s say it’s, an animal charity, a permanent endowment that will support, you know, one or two are five animals of whatever the interest of the charity is forever, but that this gift is on ly through request e-giving so you don’t have to worry about cannibalizing your current giving, but yet you give those kind of permanent opportunities that are more psychologically attractive when it comes to charitable bequests. Decisionmaking. Okay, i want to remind listeners. Russell james is an attorney, phd and his associate professor at texas tech university, where he supervises thie graduate certificate in charitable financial planning, and you’ll find information about that at encourage generosity dot com is there also, then the concern russell by the way, do people ever call you james russell? People mess that up all the time. I notice i have not done it once. I’m being scrupulous about not calling you james. I don’t get that with, you know, my name’s, it’s, not generally, not a problem, very black, but i will not. I’m being very careful not to make that mistake with you. Do do smaller organizations now, you think have have a little a bit of a challenge over larger, well established institutions that have been around for decades and generations? Yes, certainly, i think that’s a much bigger challenge when it comes to raising the quest dollars as opposed to raising current dollars, especially if we’ve got this connection where we want something that’s going to last a long time, then we sort of have to overcome that barrier if i’m not even sure the organization itself is going to last a long time. There are some ways to overcome that, though. I mean, you could certainly set up permanent endowments that were, you know, managed by a large corporate trust or bank or something like that so that you could give that that feeling, that sense of permanence that would be there regardless of the sea organization but it’s definitely a barrier. The other thing, though, is that people don’t necessarily have to be attached to a particular organization. They may be attached to a cause and it’s just a matter of finding those people who have that life story connection where it is attached to a cause, if that’s the same cause of your organization on dh trying to make that connection with the life story. And so how would a smaller or newer charity go about doing that? How do you make that connection with the with the person’s life story, based on what you’ve learned? Well, there’s, a couple of different ways to do it. One is obviously if you just know your donors and you know, those those connections and those stories, the other is to remind people of those possibilities by telling stories that give them examples, you know, telling the story about a person who has supported a particular cause been involved with the particular cause and ideally, if you have an example, this may be only for a little bit older organizations. But if you have an example of someone who has left money in a bequest that you could talk about how that person is still having an impact today, even though they passed away a number of talking about the deceased request donor zach plea because that’s that’s, the thing that’s really attractive is if i see that example, not only is an example to me in my behaviour, but it’s a signal that says, hey, these people are still being remembered, they’re still being talked about, and they’re still making an impact and that’s the real message that i think we want to get across. That’s, that’s, symbolic immortality, exactly, and that’s different than what we typically see, which is here’s a story about current donors who have made a plan now that’s fine, but that’s not the same thing as showing that we recognize people who are deceased in there, sir. Still having an impact because that’s, where we get that real example of the symbolic immortality. Excellent, i think that’s really that’s very concrete, valuable advice um, there’s also, you have some advice around recognition based on a person’s longevity of giving, irrespective of of the size of the gift. Certainly so if you think about the goal here, the goal is to make it obvious to the person that putting your organization in their state plan fits with their autobiography. It fits with their life story. So one of the ways that we can remind them of how much they fit their life story fits in with the organization is to consider giving recognition to people, not just for how much they gave this year, but recognition to people for their longevity and giving, especially your older donors who, you know, maybe financially, they have a lot of assets, but not a lot of income, and so they’re not giving us much currently, but recognize them for, you know, reaching a five year club, ten year club, twenty year club, you might even consider recognizing them for their lifetime, giving that this is some amount that you’ve given throughout the line throughout your life and the purpose there, you know, certainly if you’re recognizing him for longevity, that has a nice side benefit on current giving that, you know, you want to keep the street going, of course, but it also is a way of saying, you know, it’s, just like, you know, you get one of these credit cards, and it says members sense, you know what if i’ve got that member since nineteen seventy eight will you know, i’m going to stick with this organization because it’s, just part of who i am, you know, part of my my my autobiography in a sense well, i think charity’s aaron a much stronger place to be. Able to do that if they just remind people, you know, look at how long we’ve been together that that kind of idea, where it makes it clear that the organization that the cause is part of their life story and that that makes it fit in very well when they’re deciding which beneficiaries to use in an estate plan, excellent listeners, i hope you’re taking notes or you’re gonna have to go back and listen to this podcast again. Here i thought, russell james, you know, i figured academic is going to be stuffy, nothing is and nothing is going to apply it’s all going to be a theory, a land, and but we’ll have him on anyway. You know? I’ll make fun of him and things like that, but no, i mean the value, the advice is really valuable. No, i knew this is this is really valuable advice for forgetting bequests. And russell. I never thought you were stuffy. I’m just getting well, i can be if you want me to. Because i also presented academic conference. Yeah, no, i know i left that out of your bio now. No, no, we don’t we don’t want that. Don’t turn. Don’t start turning that on. Keep keep the charming side. All right, so also that this this idea that the organization is going to live beyond me, i know you touched on this a little bit, and i just want to i just wantto see if you have any more advice around how we can get people to recognise that this organization will will live beyond you when when they’re sort of a new organization, we just have about a minute left. Well, one thing to consider is this if we look at the strongest competition and our field for those charitable request dollars, the absolute strongest competition comes from private family foundations, and they’re psychologically very attractive because they have your name on it. They follow your rules, and they could live forever. But keep in mind these very attractive organizations are also new organizations. They’re ones that people create essentially for themselves. So it is possible to set up a scenario where you could emphasize that this fund, for example, is a permanent fund. And, you know, if you feel so compelled, you could even indicate that it’s administered by a, you know, by some other financial institutions or entity. Yet if you if you need to do that, but understand that is the gap. It is easier for a long time organizations, but there’s, some strategies that you can do, which will try teo bridge that gap a bit absolutely excellent. James russell no russell james on attorney, phd, professor at texas tech university and supervises the program and graduate certificate in charitable financial planning at texas tech, and you’ll find that at encouraged generosity. Dot com russell, thank you so much for being a guest. Thanks for having been my pleasure. Thank you, and right now we take a break when we return. It’s, tony’s, take two and then scott koegler, our regular tech contributors with me, with me for donordigital baste dungeon, and i hope you will be too co-branding dick, dick, tooting the good ending, you’re listening to the talking alternate network, waiting to get me thinking. Nothing. Cubine hi, i’m donna and i’m done were certified mediators, and i am a family and couples licensed therapists and author of please don’t buy me ice cream are show new beginnings is about helping you and your family recover financially and emotionally and start the beginning of your life. We’ll answer your questions on divorce, family court, co parenting, personal development, new relationships, blending families and more dahna and i will bring you to a place of empowerment and belief that even though marriages may end, families are forever join us every monday, starting september tenth at ten a m on talking alternative dot com are you suffering from aches and pains? Has traditional medicine let you down? Are you tired of taking toxic medications? Then come to the double diamond wellness center and learn how our natural methods can help you to hell? Call us now at to one to seven to one eight one eight three that’s to one to seven to one eight one eight three or find us on the web at www dot double diamond wellness dot com way look forward to serving you! You’re listening to the talking alternative network. Duitz if you have big ideas and an average budget, tune into the way above average. Tony martin. Any non-profit radio ideo. I’m jonah helper from next-gen charity. Welcome back, it’s, time for tony’s take two at roughly thirty two minutes into the hour. My block this week is charity registration matters. Part of my consulting work is doing charity registration, four charities that don’t want to do it themselves. This is registering in every state where you are soliciting donations so it could be a texas charity, and they may be sending email to wisconsin and paper us mail to pennsylvania and that texas charity needs to be registered in wisconsin and pennsylvania. I do that work, and i also wrote a book for charities that want to do it themselves and my block this week is just reminding charities that it’s important teo be in compliance for three reasons you could be embarrassed. There have been charities that are become public and in the headlines. Um for their failure to comply and have a couple examples on the block. Your board members are at risk because their fiduciary steer charity and if you’re not following laws, there’s potential for personal liability, actually among your board members and the irs inquires the year your annual form nine ninety has a couple of questions that i ask about your compliance with thes state laws and that’s a lot. My blogged the post is called charity registration matters. My block is that tony martignetti dot com and that is tony’s take two for friday, november thirtieth, the forty ninth show of the year. Oh, what a pleasure to welcome back scott koegler he’s, the editor of non-profit technology news, which you’ll find it n p tech news dot com he’s, our regular tech contributor. You can follow him on twitter at scott koegler konigstein and i saw today. Scott, you have a beautiful about paige at about dot com you’re in a desert scene there. Looks like you climbed a desert mountain or something. Is that is that photo shopped? That was actually in phoenix a couple years ago. Okay, it was i did. I did perform some photo shop on it, but nothing that you could notice. Hopefully. Really? Well, it looks very noticeable to me. Were you actually in that setting? Where? The photo that the photo purports tohave one that was sitting on that rock you were? I extracted the cactus songs, though, so that they wouldn’t show. Okay. Oh, i see. All right, they were stuck in your leg? Is that why? Okay, we’re talking this month about donordigital baste dungeon there’s a lot of sensitive data in people’s databases isn’t there there is and it’s one of those things that i think i think everybody kind of knows about it, but i think also that it’s it’s also something that is typically beyond the the the understanding of most folks who are engaged in managing a non-profit i mean, it’s pretty technical stuff, you know? Well, you’re going to break it down because you’re a former officers ceo, right? You’re a former chief information off, you’re going to break this down information off, okay, so we’re goingto this maybe typically outside people’s can, but we’re going to get it within their ken great, but what’s in their first of all what we need to be concerned about what kinds of data first? Well, typically it it could be any data. But the most sensitive, of course, is the information about your donors on a sensitive for a whole bunch of reasons one is you really don’t want that information being spread around, too, although we’re all friendly within the non-profit community let’s, face it. Everybody’s competing for the same funds. So you really don’t want that whole list of donors and their history, uh, kind of spread around to somebody else who may be able to make them, you know, make a better appeals, right? Right. So just just just not letting you get out of the bag the names, right? But then you might have ah, dates of birth. You most likely have addresses. Credit card. What? Right? I mean, well, sure, but right now i’m talking about just the competitive nature, but okay, okay. I’m getting getting someone’s eso security number, which i think typically is not part of a donor database, but definitely credit card information. A cz you said, probably date of birth. Certainly addresses. And those kind of things are pretty sensitive. Um, well, i just moved to south carolina, and just before i moved here. Thank goodness they had a break in of the south carolina, um, business and resident database. And there were literally millions of so security numbers and names. I just sucked out of the database and people around the world, man. Now, imagine if that was new york that that would actually have value. Terrible, right? But in north and south korea in south carolina, no that’s, terrible money, there’s. Nobody listening. I don’t think live listener loved, but nobody in south carolina today, so but i will send live. Loved out tio reston, virginia, forest hills, new york where i used to live. I used to live in a hundred street sixty seven thing i used to write. Buy-in forest hills high school and brooklyn, new york all right, we got some local of local live. Listen, love no. Alright that’s. A terrible new yorker joke. I’m sorry, south carolina. I apologized. No it’s critical. So so that’s that’s pretty embarrassing to the government to the state of the government. What they found out wass that if they had installed a twenty five thousand dollars update to their database, they would have they would have prevented the whole thing which cost them something like forty million dollars. Zoho and isn’t the security doesn’t cost anything it’s relative cost and the damage to your reputation and, you know not to mention the damage to your to your constituents. Financial, no stability and abilities, right? Identity theft is a huge issue. Okay, you haven’t ordered that one of the okay on, we’re going to talk through it. You have an article on this subject at p tech news. Dot com let’s talk about something that i’m not sure you can prevent this one, though inappropriate use right by people who are authorized to access data, right? Did you know tony? And you probably didn’t know this because you’re smart guy, that’s, ziga risk the security is not from outside the the organization, but from inside. Well, i can’t say i knew it, but it sounds intuitive because if somebody’s going to do bad acts, you can’t prevent that all the policies and all the procedures, if somebody wants to get around them and they ran inside are already they’re going, they’re going to do it right, right, it’s pretty easy to do. You put a thumb drive in your computer and you copy it out and there you go. Yeah, typically nobody knows who or what happened. Yeah, there are, by the way, uh, software and systems operating systems like windows. Mac. Um, i got tools that can that can actually prevent that. But again, you have to know about it. You have to know. Think about it, then you have to actually install it. Monitor so it’s not a story simple, but the point is that yes, it’s really possible and happens all the time that somebody within the organization absconds with your data and something they shouldn’t. Yeah, that seems like the toughest one because, like i said, if somebody really wants to get it and they’re inside already, i think they will what’s the physical damage is next what’s your concern that well, you know, physical damages is basically if your computer dies or if your hard drive, uh, you know, fails and he didn’t have been appropriate back-up of your data and again that’s one of those things that just happens all the time and people don’t really think too much about it. Everybody thinks about back-up, you know, you get a computer and set up your back-up hopefully, but unless it’s a an automatic function, unless you’re monitoring it and unless you actually test e-giving bringing your back-up data back from the world story asked the retrieval, right? Yeah, you never know if it really works and you know, the day comes when you really need it, you try it. For the very first time ever. And guess what, probably a thirty percent chance that it’s not gonna work, okay? And that and the back-up shouldn’t only be local shouldn’t only be in your office or even in your in your town. Geever right, absolutely should be. You should have in addition to your local back-up you should have offset back-up, and that could be if it’s physical you can have courier service, pick up a a thumb drive or or a hard drive or wherever and physically carry it off site, and they’re also more and more online back-up services that you simply connect to over the internet cloud, right when you and i have talked a lot about the cloud we have right sabat besides that, a lot of databases now are actually stored in the cloud, so you may not actually have a copy of it anywhere physically within your facility. Okay, so wait be sure you know where it is and where the copies are that you are able to get it back when one and if you need it, something that struck me as interesting you. The article talked about sql so well, i’ll give you a break and i’ll bring it up so you can avoid jargon. Jail? Explain what we’ll explain what sql is. Do you know what? I hope you know what sql stands for? I looked it up. Well, actually, it’s irrelevant, you know, it’s. Very relevant. Weary language structured clear language. Yes. Don’t say it’s irrelevant when you don’t know it’s and it’s enormously relevant. Oh, no, i do know, but the okay. All right. Well, it’s, what? Really right? See, what it stands for is the only thing i know about it that’s all i know that’s. So i’m trying to show off. That’s. The only thing is all i know is what the initials with the abbreviation stands for. Okay, what does west culwell metoo tony martignetti okay. Donordigital base. Which hopefully, in sum of money, what you’re actually doing is your you’re performing a sql query. You’re asking the database to find specific information and that, like that query language. You know something and actually in english, it says find data, like, quote tony martignetti in database a, b c that’s. How actually looks like. But those queries can do a lot of things besides find they can actually delete data. They can change day there, they can move data. And so i could perform equity that says, find all records that include tony martignetti and delete them. Okay, that’s so and there’s all kinds of other things. But you but how would somebody who doesn’t have access to the database this is an outsider now, right? How would somebody who doesn’t have access to the database execute thes sql queries? Well, that’s, that’s what hackers do they find vulnerable spots in certain systems on they just do it. Sometimes they just do it because they’re mean and nasty. And sometimes they do it because they want to move your data from where you have it to where they want it. All right, so so it can’t happen, but it’s basically can it comes up with the under the domain of hacking? Okay, i see you don’t visit, right? It’s, not just inside. I think i think to be more damage done to a database if the if the command was to add tony martignetti, that was probably more create more. That would be much more destructive. What we have just like a minute before before break. Or so ok, you have another interesting one inference. This was logical but interesting what’s what’s inference about in front er, otherwise known as social engineering. If i want to find had the president of a company, i’ll call in to just pick up a phone, call the front desk and say what’s the name of the president company and they’ll give it to me and then i can ask for not in the same phone call, okay, right, separate call or other information and over twenty calls, i’ll get everything that i want. Okay, so each individual bit is innocuous, but you put them all together some nefarious actor is doing, and you can have some really private information, right? Right. And it’s pretty easy to come by surprisingly, yeah, ok, well, yeah, because each little pieces is innocent. Okay, we’re going to take a break, and when we come back, scott and i will keep talking about how to keep your your database dungeon secure. You’re listening to the talking alternative network. Duitz lorts oppcoll are you stuck in your business or career trying to take your business to the next level, and it keeps hitting a wall? This is sam liebowitz, the conscious consultant. I will help you get to the root cause of your abundance issues and help move you forward in your life. Call me now and let’s. Create the future you dream of. Two, one, two, seven, two, one, eight, one, eight, three, that’s to one to seven to one, eight one eight three. The conscious consultant helping conscious people, better business people. Dahna have you ever considered consulting a road map when you feel you need help getting to your destination when the normal path seems blocked? A little help can come in handy when choosing an alternate route. Your natal chart is a map of your potentials. It addresses relationships, finance, business, health and, above all, creativity. Current planetary cycles can either support or challenge your objectives. I’m montgomery taylor. If you would like to explore the help of a private astrological reading, please contact me at monte at monty taylor dot. Com let’s monte m o nt y at monty taylor dot com. Talking alternative radio twenty four hours a day. Welcome back to big non-profit ideas for the other ninety five percent. All right, scott koegler we’ve laid out these problems and there’s even more in your article. Att n p tech news. Dot com what are some ways toe? Get around and prevent to really prevent these these problems? It really is tough, tony, because there are so many ways that things could go wrong. So the biggest, biggest thing to do is to make sure that you’re paying attention. Uh, number one, i know where your data is and know that it’s backed up half the fact that you have, uh, valid back-up so you can restore check? Uh, check your employees and your your people that are working and have access to the data. You really may not be able to actually prevent it, but no, i just talked to them about how sensitive this is. Be sure that anybody who has access to get to the data has not disclosure. Uh, language in whatever document signed with them, it won’t protect you won’t actually keep them from doing it. But for a lot of people, it may be enough of a, uh just a warning for them toe not go there. It just makes it a little bit tougher. Okay, what about having different access levels? Certainly. And fortunately, most of the applications that are for sale today for non-profits i already have those kind of things. So you have? Ah, user who is able to look up information and possibly key and donations, but they probably don’t have the ability to look into personal histories. They have the ability to delete records, those kind of things. So for the most part, what kind of function is is built into software that amount profits will will buy in order to run their operations. Okay, um, when? When you do buy software, aren’t there sort of default administrative ieds that hackers might be ableto exploit? Uh, yes. Absolutely. Good points a little about that. Would you please? Sure every application comes with the typically it’s the admin or administrator password with password? Password? Uh, absolute first thing you want to change that, uh, you may want to. If you’re actually in charge of setting it up, you may want to remove that that user after you’ve already set up a different one and also check the list. Of existing user accounts because sometimes there may be some in there that air again set up by default. Good remove any that you you don’t know what they are, you can do that also just kind of during your and during the course of using the system, check the usual to see who’s in there. You may have somebody who was registered inappropriately, either by accident or on purpose. They may have found some way to get into the system and register a high level access the count. There really shouldn’t be there. And the best thing to do is just either restrictor access or just delete them. If they are actually somebody that you want in there, go call you up and say, hey, what happened? And if they’re not good, okay, former employees to write, you might have old account old ieds for former employees, certainly, and that should be covered under the hr policies. And i know a lot of small organizations don’t actually have hr policies that goes along with the non disclosure agreement. The sooner someone is charlyne ated, actually, before they walk out the door before you terminate them, you should remove access. To any of the information that you hold right? Okay, so before you actually have the meeting where they’re ended, where they’re terminated, you wantto cut off their access so that they don’t go back to their office and do something mean, sure, because one of their going to do the most right after the meeting, not before yeah, okay, okay, now, i mean, it sounds underhanded, but its protection, i mean, it’s just basic risk management, okay, what about is this much of a deterrence? If if users know that all they’re i don’t know, maybe a keystroke, logging or all their activity with the databases being logged, is that a deterrent? Um, you know, it’s a return for somebody who thinks that they will be held accountable for somebody who who believed that they could get away with it, they don’t care. So it really comes right down to how trustworthy, ru employees and, you know, what kind of people do you have volunteering? And, um, yeah, it’s tough, and i’m not sure that those kind of things are are effective, but it’s, you know, it’s one of those things that also probably couldn’t hurt, right? Yeah, okay. I mean, it will keep the honest people from crossing the line, right? Like putting a lock on the glass door. Okay, okay, um, the thing i was thinking about is maybe this sort of suggests that doing background checks on employees is valuable. I know their their charities that object to doing that, but this is sort of suggesting that knowing the background of a potential employees could be could be helpful. Absolutely. And i think it depends on what’s at risk if you’re a small charity that, you know, has limited resources and limited funds. And, um and you know what, you’re actually what they’re actually what they have, that risk may not be all that much, and i don’t mean to say that you know, that there’s little at risk, but you made you may not really care about doing background checks, but if you’re a respected organization, i think anyone who is coming to volunteer there appreciates that kind of thing. Scott, we have to leave it. We have to leave it there. You can go. Thank you very much. You can follow him on twitter he’s at scott koegler. And that happens to be his name to another coincidence and he’s, the editor of non-profit technology news scott, thanks so much. Thanks my pleasure. Next week i’ll have one of my interviews from bb con, which was the blackbaud conference i was at about two months ago or so, and also maria simple will be back she’s, the prospect finder, our prospect research contributor. And she’ll be back with maria’s top ten the sights she uses most in her work she’s, our doi and of dirt cheap and free. So you know that you’re not gonna have to spend a lot of money to follow her advice today. There’s a new fund-raising fundamentals, which is my chronicle of philanthropy podcast its new out today the topic is year end fund-raising tips you’ll find it on the chronicle of philanthropy website. You’ll find it on itunes and again. It’s called fund-raising fundamentals. You can listen non-profit radio live our archive. Our archive is on itunes at non-profit radio dot net. From there you can subscribe and listen on the device of your choice at your leisure, wishing you good luck the way performers do around the world were still in czech republic and slovakia zoho mv us. Islam vous break a neck, so i wish you for the week. Islam vous. Our creative producer is claire meyerhoff. Sam liebowitz is our line producer, shows social media is by regina walton of organic social media, and the remote producer of tony martignetti non-profit radio is john federico of the new rules. Last minute live listener love out to mexico city, mexico. Thanks for joining us from there, and i hope that all of you will be with me next week at talking alternative dot com. You’ll listen on next friday, one to two p, m eastern. You didn’t think to get ending. You’re listening to the talking alternate network. Get him. Take it cubine hi, i’m donna and i’m done were certified mediators, and i am a family and couples licensed therapists and author of please don’t buy me ice cream. Our show new beginnings is about helping you and your family recover financially and emotionally and start the beginning of your life will answer your questions on divorce, family court, co parenting, personal development, new relationships, blending families and more dahna and i will bring you to a place of empowerment and belief that even though marriages may end, families are forever join us every monday, starting september tenth at ten a m on talking alternative dot com are you suffering from aches and pains? Has traditional medicine let you down? Are you tired of taking toxic medications? Then come to the double diamond wellness center and learn how our natural methods can help you to hell? Call us now at to one to seven to one eight one eight three that’s to one to seven to one eight one eight three or find us on the web at www dot double diamond wellness dot com we look forward to serving you. You’re listening to talking alternative network at www dot talking alternative dot com, now broadcasting twenty four hours a day. This is tony martignetti aptly named host of tony martignetti non-profit radio. Big non-profit ideas for the other ninety five percent technology fund-raising compliance, social media, small and medium non-profits have needs in all these areas. My guests are expert in all these areas and mohr. Tony martignetti non-profit radio friday’s one to two eastern on talking alternative broadcasting are you fed up with talking points, rhetoric everywhere you turn left or right? Spin ideology no reality, in fact, its ideology over intellect no more it’s time for action. Join me, larry. Shock a neo-sage tuesday nights nine to eleven easter for the ivory tower radio in the ivory tower will discuss what’s important to you society, politics, business and family. It’s provocative talk for the realist and the skeptic who want to know what’s. Really going on? What does it mean? What can be done about it? So gain special access to the ivory tower. Listen to me, larry sharp, your neo-sage tuesday nights nine to eleven new york time go to ivory tower radio dot com for details. That’s ivory tower radio dot com everytime was a great place to visit for both entertainment and education listening tuesday. Nights nine to eleven. It will make you smarter. Talking dot com. Hyre

Is Your Email Safe and Sound?

Information Security Wordle, courtesy of purpleslog on Flickr.

In early April, five companies I do business with informed me that my email address had been compromised by a company named Epsilon. Hilton, Marriott, 1-800-Flowers (thanks, mom) and two financial providers where I have amassed a combined balance approaching equivalence to my office area code, use the company for email marketing for their millions of addresses.

This Epsilon episode provokes me to ask you, “Is your email safe and sound?”

Whether you have hundreds, thousands or hundreds of thousands of addresses, they are a valuable asset. You need to keep them safe. I am not an email security expert, but Howard Globus, president of IT On Demand is. Here are Howard’s suggestions:

– Keep your computers and devices up to date – whether you use a Windows PC, an Apple computer, a Linux-flavored operating system or a smart phone, make sure that the software is up to date. New security holes are found, published and exploited every day, on ALL operating systems. Subscribe to your particular operating system’s alerts and apply updates regularly.

– Add a layer of protection between the public and private world – consider a firewall or security product to act as a buffer between your computer (or computers) and the Public Internet. A firewall, when properly monitored, kept up-to-date and sending regular alerts, will provide an early warning to potential security breaches.

– Your email password is not a luggage-lock. Your password for email (and on your computers and your firewall) should be more complex than “1234”. The most common password in use today is “123456”. Fourth on the list? “Password”. Without feeling too superior, ask yourself if you use a dictionary-based password, can your password be found in a dictionary? Or a dictionary word with a number? Jeremy12? Beach89? The more complex your password, the harder it is to crack. Consider using a password with a combination of alpha-numeric digits and an odd character thrown in. Need help coming up with a strong password? Take a look at this password generator. Remember to change your password periodically!

– Do not open attachments from unknown senders – Just like we were told when we were kids, talking to strangers may be bad. If you get an email from the USPS, UPS, Amazon or your bank with phrases like “There is a package we tried to deliver to you. Please see the attached document on how to claim your package”, pause. Services like PayPal, your credit card company or your bank will NEVER ask you to launch an attachment to put your information in. When in doubt, log on to the service through your web browser directly–not through the email attachment or link–and investigate the authenticity of the request sent.

– Don’t share your user account or password via email. Following up on the last tip, do not email your account or password in response to an email request. The vendors or institutions you are working with don’t need it – they know who you are – and they don’t want your password, as it may breach their internal security policy.

I’m guilty of at least one of these transgressions.  I will mend my ways.