Tag Archives: Tech Impact

Nonprofit Radio for June 26, 2020: Improv For Culture And Creativity & Tech Policies

I love our sponsors!

WegnerCPAs. Guiding you. Beyond the numbers.

Cougar Mountain Software: Denali Fund is their complete accounting solution, made for nonprofits. Claim your free 60-day trial.

Turn Two Communications: PR and content for nonprofits. Your story is our mission.

Get Nonprofit Radio insider alerts!

Listen Live or Archive:

My Guests:

Krystal Ramseur & Graziella Jackson: Improv For Culture And Creativity
A performer and a board member from Washington Improv Theater teach us how improvisation can make your team more creative, confident, supportive and successful. They’re Krystal Ramseur and Graziella Jackson.

 

 

 

 

 

Karen Graham & Dan Getman: Tech Policies
Karen Graham and Dan Getman want to help your staff avoid scams, malware and inappropriate data handling. Might you have employees using personal phones or computers for work? You especially need to listen. Karen is with Tech Impact and Dan is at MANNA.

 

 

 

 

Top Trends. Sound Advice. Lively Conversation.

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.

Get Nonprofit Radio insider alerts!

Sponsored by:

Cougar Mountain Software logo
View Full Transcript
Transcript for 495_tony_martignetti_nonprofit_radio_20200626.mp3

Processed on: 2020-06-26T21:40:43.888Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2020…06…495_tony_martignetti_nonprofit_radio_20200626.mp3.390340932.json
Path to text: transcripts/2020/06/495_tony_martignetti_nonprofit_radio_20200626.txt

[00:00:12.24] spk_0:
welcome to tony-martignetti non profit radio

[00:02:01.54] spk_1:
big non profit ideas for the other 95%. I’m your aptly named host. Oh, I’m glad you’re with me. I’d be stricken with UV itis if I saw that you missed today’s show. Improv for Culture and Creativity. A performer and a board member from Washington Improv Theater Teach us how improvisation can make your team more creative, confident, supportive and successful. They’re Crystal Ramsar and got Cielo Jackson. That’s part of our 20 and TC coverage. Also. Tech policies Karen Graham and Dan Getman want to help your staff avoid scams, malware and inappropriate data handling. Might you have employees using personal phones or computers for work? You especially need to listen. Karen is with Tech Impact, and Dan is at manna. This is also part of our 20 and TC coverage on tony steak, too. Thank you were sponsored by wegner-C.P.As guiding you beyond the numbers. Wegner-C.P.As dot com by Cougar Mountain Software Denali Fund. Is there complete accounting solution made for nonprofits tony-dot-M.A.-slash-Pursuant Mountain for a free 60 day trial and by turn to communications, PR and content for nonprofits, your story is their mission. Turn hyphen two dot CEO here is improve. Brilliant. Yes. This is the lackluster host that you’re stuck with. Here is improv for culture and creativity. Welcome

[00:02:52.34] spk_3:
to tony-martignetti non profit radio coverage of 20 NTC 2020 non profit technology conference. You know, the conference had to be canceled, but, you know, we’re persevering. Virtually sponsored a 20 NTC by cougar math and software Denali Fund. Is there complete accounting solution made for non profits? Tony-dot-M.A.-slash-Pursuant Mountain for a free 60 day trial, I guess now are Crystal Ram sore. And Graciela Jackson Crystal is chief administrative officer at the National Council of Negro Women. Gretz Yella is partner and CEO at Echo and Co. Um, Also, Crystal is a teacher and performer and board member at Washington Improv Theater, which is most relevant to what we’re talking about today. And Graciela is a board member at UIT Washington and breath theater. Crystal Graciela, Welcome.

[00:02:56.54] spk_4:
Thank you. Glad to be here, but

[00:03:29.90] spk_3:
have you? I’m glad we could work this out. I’m glad you reach well and safe in our nation’s capital area. They were both in D C D c. Proper. Yeah. Yep. Your ah ntc topic is improv. Saves the non profit boosting culture and create team creativity. Um, that’s interesting, because I am on, uh, how does it do that? Oh, even though on, uh, even though I turned to my, uh, even though I’m on Eric’s airplane mode because zoom because we’re special way all the fatal started a few minutes early. That’s why

[00:03:36.28] spk_4:
it’s asking you to improvise. It’s very timely and relevant.

[00:03:46.04] spk_3:
Thank you. And I didn’t do a very good job Called out for what it was. I didn’t even, um so, Crystal, let’s start with you. What? Um why? How come, Ah, improvisation can help us out creatively. Effectively. Team building. What? What about it?

[00:03:57.70] spk_2:
Yeah, So I think one of the biggest things I love about improv is it really pushes you to stay present and stay in the moment. And because in what we’re working with right now and then creating together. So I think a lot of times in business or you’re in meetings and you’re having thoughts about ideas and people like, Well, we tried that idea last year, didn’t work, which was 10 years ago, didn’t work, or if we do that And the people are already thinking of reasons why we can’t do something but right. Improv focuses on No. We’re working with what we have right here in the present. And presently this is this is these are the parameters. Why couldn’t we try this? And the number one rule in improv is Yes. And so if we say yes, how do we then take that idea and continue to build something together? And I think when you just those principles right there make for better working community.

[00:04:58.88] spk_3:
Great yellow. There’s also a confidence building, right? You walk out on the improv stage. I’m taking the example of just two people. You know, their team exercising everything. But you walk out with just two people. One of you has an opening line, and you gotta build a sketch around it for the next 4 to 5 minutes around that fine. And the other part, neither. And the other person doesn’t know what that opening line even

[00:06:27.97] spk_4:
is. Yeah, I It’s interesting. I think there’s an incredible freedom that comes from what Crystal was saying. Presence. Because if you are able to, and I think what improv teaches you to do to just respond to what’s given to you in the moment and say, like, I don’t have to do this huge thing right now. I don’t have toe entertain this gigantic audience. All I have to do is take this thing that my partner contributed as a gift and build on it. You find yourself being able to create things with a lot more freedom with less, much less of the fear that comes from, like worrying about the benefit of your contribution or whether or not you have the perfect or the right answer. And I think one thing that I learned just in taking trainings on this and being a part of the board is you have to be as willing to abandon what you’ve contributed and contribute something new and just be constantly moving forward with creative ideas rather than getting stuck in the mindset of judging what you just created. So it’s kind of separating your creative brain from your critical brain and super important.

[00:06:29.38] spk_3:
That’s interesting that, yeah, you don’t have time to self censor. You’re you’re in front of an audience. You heard a line and you’re supposed to build on it.

[00:06:51.05] spk_4:
Yeah, and there’s something exciting about the active discovery like When you really invest in that thing that you’re building together, you’re probably going to find something that’s even more interesting and funny and entertaining and no crystal. You do this all the time and some of the exercises that you’ve lead, but it’s it’s sort of being willing to just keep going because you’re gonna build something bigger and more exciting and more powerful. If you just don’t stop yourself

[00:07:07.52] spk_3:
and crystal, you keep going. Regardless of what the audience reaction is, right, you don’t you don’t just walk off stage when lying. Number two, you know, didn’t get a huge laugh or wasn’t even supposed to get a laugh. And then you just walk off stage, Say off, you know, screw it.

[00:07:34.63] spk_2:
No. And you’re in this together with your scene partners. I think I love that like we’re out here. Wow, we made this choice to be aliens in the West. Didn’t you know what? That’s where we’re at? And we got to commit to this and we just commit harder to it right and see where it leads.

[00:08:04.28] spk_3:
Robe use that aliens and robots in a cornfield way have to build a robot family. The two of us. Yeah, just, you know, whatever. All right. So, uh, Crystal, were you gonna be doing exercises if you had had the opportunity to do the session? The usually so games or anything?

[00:08:07.00] spk_2:
Yep. Yeah. So we had a feeling good today, So we had a list of games. Really? Toe kind of show. Ah, little bit of intro into improv. Doing some? Yes. And, um What, Graciela has the list?

[00:08:21.55] spk_4:
Yeah. Yeah, I couldn’t pull it up. I think it started with it, I think,

[00:09:00.63] spk_3:
instead of instead of reading the list. Yeah. Never doing improbably, don’t just talk about what we’re gonna do, right? Sit around like a board, Actually, actually, do we actually dio not talk about? Wouldn’t it be funny if we did this? This would be fun to do that, and so we never do that. So how are we going, Teoh doing improv, the three of us that will, um, some kind of game that will bring home, of course, the lessons that we’re trying to learn in terms of culture, team building, confidence, creativity, efficiency. What are we gonna do? I’m putting you on the spot deliberately.

[00:09:35.34] spk_2:
I don’t want you want Can we plan the vacation? Yes. Like point of it was just telling us. So let’s do this. So I plan a vacation, and we’ll planet with the three of us will go. I can start and we go from me to Graciela to tony, and then we’ll just keep circling like that. So the way we’ll do it is we’re trying to plan a vacation for the three of us. The first line of the sentence when you respond to someone, has to be Yes. And and then you can pushing forward from there. Go. So, uh, wow. I’m so glad that were doing this vacation. I really think we need to go somewhere warm.

[00:09:47.04] spk_4:
Yes, and we need to go somewhere warm immediately.

[00:09:56.44] spk_3:
Yes, and we can. I mean, I’m already packed. Let’s, uh let’s go. I mean, I love the Caribbean of either. Have you been to the Caribbean?

[00:10:04.24] spk_2:
Yes. And I’ve decided I’m just gonna by all of us a new wardrobe while we’re there. So I don’t even aggressively not back. Didn’t even need to pack. Let’s go right now. And I say we have margaritas as soon as we get there.

[00:10:16.78] spk_4:
Yes. And after the margaritas will party a little bit, and then we’ll go snorkeling.

[00:10:23.59] spk_3:
Oh, yes. And, um, since I’m not bring any clothes now, I’m just gonna go snorkeling naked.

[00:10:29.64] spk_2:
Yes, and we’re gonna feel the water, and I bet will make friends with dolphins. Yes, and everybody

[00:10:37.67] spk_4:
will get excited about what we’re doing, and they’ll want to join as well.

[00:10:47.90] spk_3:
Oh, yes. And this party is just gonna get even bigger. Um, we Let’s invite more folks, not just the three of us.

[00:10:50.54] spk_2:
Yes. And let’s blast this to everyone that we’ve ever met and tell them Jump in the water with us. And let’s make this the new party. Yes. And let’s see if

[00:11:03.59] spk_4:
we can get a boat so we can take this party toe other islands.

[00:11:17.27] spk_3:
Oh, yes. And while we’re going between the islands, we could be fishing. There’s, like, weaken dive off the boat on our way to the other island. So the the boat is part of the is part of the

[00:11:20.44] spk_2:
fun. Perfect. There. We owe that. I love that activity.

[00:12:28.40] spk_1:
It’s time for a break. Wegner-C.P.As, I said a couple of weeks ago. This shit is hitting a fan fast. It’s still coming down at us. That’s Ah, that’s a mixed metaphor, really, because if it’s hitting the fan that’s not coming down, it’s being blown at us, Uh, coming fast, still raining down on us. It’s coming, blowing, it’s blowing on us. It’s hitting the fan and it’s still blowing on us. That’s better. Anyway, this shit is there. However, it got to us recovered in it. Wegner has a new free webinar on July 1st to explain the latest on paycheck protection program loan forgiveness. You know you need to apply for it. You don’t get it automatically now. What wegner explains to register goto wegner-C.P.As dot com Click Resource is now back to improv for culture and creativity with Crystal Ram sore, a gutsy Ella Jackson.

[00:12:43.74] spk_2:
What we do sometimes when we do it will start the activity bus, saying you first have to plan a vacation by doing no because, yeah, you say No, but and you do it that way or you say no, because and you try to plan a vacation and it’s so hard, right? Because every time you you threw out an idea like let’s get a boat, the person’s like No, because I’m scared of a boat. And so you realize you don’t do anything. You’re likely

[00:12:57.88] spk_3:
roller. The idea is becoming someone’s muller and harder to deal with. Uh, instead of broadening. Okay. Um right. So, crystal, what we learn from what we just did in a couple minutes

[00:13:09.84] spk_2:
when we learn, uh, what happens when we all, like, let ourselves be creative and have the wildest thought that we’ve ever had? Um, you know, if you just were in a meeting and we wanna figure out how we increase this sales numbers, what have Let’s just throw out the wildest thing we’ve ever thought And let’s play with it for a little bit and let’s not shut it down right away. Let’s play around with this idea and see what we can come up with together.

[00:13:39.24] spk_3:
Okay? That’s the other anything you want you want to add?

[00:14:17.63] spk_4:
Yeah, I think that it’s really, really important because I think we’re where organizations, especially non profit teams, get stuck most often because they’re in fast paced, scarce resource environments where you know every dollar you spend on idea is really important. I think that bringing this technique in and allowing yourself some space to say, Let’s just separate the created creation of ideas from the judging of ideas and the vetting ideas and try to get to a place where we are envisioning what’s possible because it’s counter to our culture and and has to be in some ways to be to do that. And so it just allows you toe get past. You know, the 1st 3 or four ideas which are always the ones that are more familiar, safer, probably more likely to be accepted and really set those aside and push yourselves to think in new ways about challenges It doesn’t. There’s no risk in spending the time coming up with ideas. And if you can use these tools to get everybody feeling comfortable on open and curious and creative, and you know you can design the collaboration really well and bring games into it, you end up with this whole inventory of possibilities that then you can take into a more critical process and evaluate and put things like metrics and objectives around them. But chances are people will feel more included in the process. They’ll forget that time is passing cause they’ll have fun. They’ll feel like the quality of their ideas is better, and they’ll feel like they accomplished something that then they can take and turn into something better.

[00:15:19.64] spk_3:
You go and you have some rules around this, right? Like, yeah, we’re not. We’re not judging. We’re not saying that idea sucks. No, it’s it’s, you know, sort of classic brainstorming. Yeah, it’s just the free flow of ideas.

[00:15:33.17] spk_4:
Yeah, the one that that Washington and profit teacher a Washington improv theater teaches us is definitely the concept of yes and that Krystle mentioned. There’s also the concept of Let go, and that’s about just removing your bias and your preconceived notions and the things you’re bringing into the room with. You just let go of all of those notice everything because probably the things that you’re ignoring also have possibility. And we’re so used to not letting go and then Onley noticing what’s important to us. And then I think the last one is used everything. It’s sort of whatever is brought into the room. See if you can apply it to something, even if it’s toe honing. You know your idea. Been proving your idea? I don’t know. Crystal, did I represent those well enough?

[00:16:18.21] spk_2:
Absolutely no, I think, especially when you talk about using everything. That’s the other part about that exercise that I like so much. It’s forcing you to listen to what the person before you just said. Really listen to what they say, because you have to build off of it. So instead of just you’re already thinking of your idea, you can’t think of it yet. You need to wait to hear what that other person says.

[00:16:53.94] spk_4:
Yeah, there’s, Ah, there’s, I think like when you think about what? How work is changing right now. In addition to needing to be open, more collaborative, more agile, getting things out the door faster with less resistance. A lot of that has to do with also being able to take a systems view of things. And if you’re not actually using these techniques and these approach to build an understanding of the scope of what you’re dealing with, so if you’re thinking about like social change or environmental change, the idea is you have tow, envision the system, and if you spend 30 minutes sort of saying this is important No, it’s not. This is important. No, it’s not versus Let’s spend the next hour identifying everything about this system that’s important. Then you can start to, you know, group those things and come up with plans around those things that’s incredibly helpful for strategic planning

[00:17:32.74] spk_3:
or just everything. Not everything that’s important. But everything that impacts. Yeah, that’s around this system. Outside influences, our own influences, our own biases, everything that impacts our work. Yeah, Neville, categorize what we have control over what we don’t What’s what’s significant? What’s thus significant?

[00:18:52.83] spk_4:
Yeah, way had this thing. This organization we’re working with is a large labour union, and they had were working with them on rethinking their Web presence, and they have more than 30,000 pieces of content across lots of websites. And our content strategist did an exercise Gina Marie condo, the Netflix show about just like taking everything out of your closet, putting it in a pile, going through it, cleaning it until you’re everything around you brings you joy. I’ve never seen it, but she created this exercise, which was more or less improv that didn’t get to Let’s talk about all of the content that you’re gonna be losing from this Web presence. Let’s spend time sort of improvising what it’s like to move out of a house. What do you do in what order? And she went through this really detailed activity where people built the experience of what it’s like to move a house, and then they designed that whole process in system. And then they basically compared that to what it’s like to cleanse 30,000 pieces of content. And people immediately understood the process because they are familiar with this challenge of needing to move your house if you’ve been through that before. And so they forgot that what they were doing was planning change management. All they did was Plant was like We’re planning something familiar to them and then borrowing from those concepts to accomplish this big, scary thing that nobody wanted to dio. So I think that’s the power of of this work and creativity and adapting the exercises to your space

[00:19:58.82] spk_3:
Crystal. Let’s talk some about, um, the team building. Like I was saying earlier, you know, you walk out on improv stage two of you. One of these got an opening line from, ah, word that an audience member throughout, and you’re you’re each counting on each other. Yes, and and follow all the other principles of bring everything in that you’ve got. And that’s not censoring yourself, etcetera. But you’re building on each other. It’s confidence building and team building s over the individual and for the team of two, or could be a bigger team. Talk some about that. How improv helps helps that way around team team cohesion.

[00:22:03.74] spk_2:
Yea, I think it also it helps. Trust is the other part of it as well that I think that builds. Um, one of the I worked with a group where we on organization and they’re one of the issues was they had a whole issue around hierarchy. They just hired a bunch of people and let go of a bunch of people. And a lot of people didn’t feel like their work really mattered or that their voice mattered. Um, and so they weren’t sharing their ideas and meetings, and they actually brought a group of improvisers to come and do a whole workshop and the all the exercises that we did, we’re focused on know everybody has a piece in what we’re doing, and it’s vital, and we need everyone to fully, um fully do their work, and then I need to fully accept what you’re giving me, right? So, yeah, if it were walking out on that stage is a blank stages. I always tell people there’s there’s nothing there. So if I say we’re aliens in Oklahoma and you’ve gotta agree that yes, we’re aliens. What does that mean? You know, we can build Bring that into this, um, you got agree where we are, and then part of it is the two of us that are on the stage. But then anyone else on the team, right? Whoever’s gonna edit that scene, whoever is gonna ah, wipe the scenes of them were out of their everybody. That is a part of this team, whether they’re on stage right now or not, are still a part of what’s happening and have a piece to play and how we do this. And I think that’s that same thing. When you talk about an organization, right, you have people that are clearly gonna be the ones to make that final decision. But so everyone has some role that they need to play. Um, in order for everyone to feel that value to and that. And a lot of the work that we do is building that trust that I know I could go out there and say something to you. And I know you’re gonna listen to me. You’re gonna pick it up, and we’re gonna build that together and not you’re gonna shoot my idea down and say we’re not aliens in Oklahoma were just two people stuck in North Carolina. You know what else

[00:22:19.64] spk_3:
can listen to do crystal? Maybe another exercise that they can practice? Oh, are you know, so that they can sort of see the benefits of reap the benefits of the improv principles. Uh, okay. You don’t have the benefit of actually doing the exercises. What else? Ah, what about some of the game folks can play to get some benefits? I get either Christmas or either one.

[00:23:38.94] spk_4:
Well, I can as crystal you’re thinking about some. I think they’re simple. Exercise weaken dio, I think Teoh address very common feelings. One is just feeling blocked or feeling blank when someone asks you a direct question. Because if you’re at all you know, if you don’t think that way, or if you don’t want to take center stage three of a fear of public speaking. The only way to overcome that is to practice, and you can practice in really small ways. So one thing we do with most organizations we go into and and run creative workshops are very simple word exercises where you have a group of people around the circle and you just say a word and you go around the circle on the person next to you says the first word that comes to mind. And it’s about listening and learning about yourself when you’re trying to anticipate what to say because you want to perform well versus really just being in the moment and offering a word. So if I were to say crystal, if Aiken borrow you for a minute and say, um, the word blue

[00:23:42.39] spk_2:
and I’m sorry and you want me to do

[00:23:44.09] spk_4:
Oh, yeah, yeah, yeah. Does. And I’m putting you on the spot. Um, yeah, I just like to say the word first word that comes to mind I felt so yeah.

[00:23:56.64] spk_2:
Um, green,

[00:24:07.24] spk_4:
uh, read blood. Ah, Death church. Um, community.

[00:24:13.74] spk_2:
Ah, in breath. Fun. Uh, um rafts,

[00:24:55.98] spk_4:
um joy. Family well and so on and it’s It’s funny because even this exercise, the first time we do it with a group of people, let’s say more than five people. Everyone gets nervous and we’re not really doing anything. We’re just saying words that come to mind based on what somebody else said. So if you can just do that a couple times and talk about why is it you know, a little bit of self awareness? Why is it that we feel uncomfortable in the moment? What’s operating behind that is a that fear of contribution. It’s kind of the fight flight freeze impulse when you’re on the spot. So I think and there’s tons of these games available online to use as warm up activities or team building activities. I think we we may have or are gonna have some on our website, which is echo dot Co and, um, and it’s just really important to get in the habit of not just jumping into a meeting, but offering some of these activities to help get a sense of presence, a sense of what we call psychological safety, which is everybody feels like they are open to contribute at without embarrassment or without hanging criticism without judgment. Yeah, without judgment. That’s yeah.

[00:25:49.09] spk_3:
So there’s some resource. Is that eco E C h o dot co. Yeah. Yeah. Okay. Okay. Um, that’s crystal you. It’s Ah, bookend. You opened up. Why don’t you just take us out with some final thoughts? Whatever you have, you want clothes

[00:26:26.52] spk_2:
final? That’s OK, so I do. But I do want to share one of my other favorite exercises since we were just talking about it. And I love this one because I taught improv with Children teaching probably people who have taken classes or have actually done a teaching profit, a homeless shelter as well. But my favorite exercise is panel of experts, and it’s so fun because anybody can contribute. And you immediately when we talk about building that trust, building that team, it’s you can have really as many people. But you know, at least three, maybe like 3 to 6.

[00:26:31.35] spk_3:
Let’s plan. All right, we got we’ll go a little bit longer. Like a

[00:26:31.66] spk_6:
minute and 1/2

[00:26:33.33] spk_3:
or so What?

[00:27:30.49] spk_2:
So so panel of experts, each of us, the three of us were doing like a Ted talk here where we have this audience and we pick and you can pick just a Monday ING thing anything. And then we’re gonna be the experts of that thing so we can go around in the same order that we did. And we’re just gonna be It’s as if we’re like I said, giving a Ted talk about whatever it is that we’re talking about. So because I’m just been looking at radio screen, I’m gonna say, um, we’ll talk about that bookshelf behind Graziella. So thank everyone for being here today. Um, we have built the perfect bookshelf for any office. This bookshelf, which was developed by, um, Dr Alvin Smith, um, really made it so it can fit in any area that you needed to fit. It actually adapts to the office to a closet to a bathroom. Really? Wherever you need this book shelf, it morphs into what you needed to be. Graziella, could you talk a little bit about the development of that? Yeah. Yeah.

[00:27:46.99] spk_4:
So you know, when we were conceiving of this perfect bookshelf, I think what we first asked was, you know, what is it that a bookshelf means to us through the journey of our life? You know, you start off as a young person, you are in your space. You’re looking at a blank wall, and that wall doesn’t mean anything to you. But if you fill it with something that can hold your treasures, your books, it facilitates the space of imagination and really opens up who you are as a person. So it really is more than a bookshelf. It’s a place for you to showcase the aspects of who you want to become through life and also your identity. So that’s kind of where we started. We want it to be exciting. We wanted people to say, That’s not a bookshelf. That’s me. And so that’s kind of what we wanted to bring to the creation of this. Tony, do you want to talk a little bit about kind of how you’ve seen people respond to this bookshelf?

[00:29:59.44] spk_3:
Well, I’m afraid we’re out of time. We Oh, no, I know that’s a violation. Um, yeah, we we brought this. You know, we brought this again as you were saying, Graziella to to be much more than just the physical object. And we’ve We’ve We’ve watched people interact with it. We’ve of course, we’ve surveyed them formally. We’ve actually been observing the way people use the bookshelf the way they interact with it. There’s the There’s the basket feature on the second shelf. That’s that’s pretty much open. That’s open. Anything you want it to be. You can put your junk in there. You can organize it carefully. Or you could put your knitting needles and and balls in there. We’ve seen that, too, of course. The top. We’ve seen people interacting, being more for organizational, since that’s the That’s the part that shows, even if it is in a closet like crystals, saying this could work in a closet as well as a wall. But if it isn’t a closet, you know the top shelf is what people see them first. So they we’ve seen people organized the top better. The middle has been more, um, more personal on. That’s been exciting to see how people have reacted to the different components that we engineered on a very personal, very personal creativity kind of levels.

[00:30:01.10] spk_2:
Yes, sin tony, all of your pictures of your bookshelf.

[00:30:09.40] spk_3:
Alright, Alright. So what? We were out Not no, no censorship building on what others contribute. Taking everything in What? You’re an

[00:30:16.79] spk_2:
expert in it, right? So speaking with confidence about whatever the topic is so right, if we were just in a room, a topic, we could have picked anything. And we are experts on that topic. So you’re speaking with confidence and and still building this together. Mm.

[00:30:36.84] spk_3:
Okay. Okay. Um, let’s leave it there. Do we do about that? Except do we pull everything out that we can about that exercise? Because I don’t want to do it for fun

[00:30:43.96] spk_2:
thing. The only other thing

[00:30:46.57] spk_4:
I’ll say is just opportunities to replace competition with trust Trust in celebration. I think that’s kind of the name of the game. Really helps to just celebrate what people are bringing to the table and use that to inspire better thing.

[00:31:18.14] spk_3:
And that trust to each of you said no said I didn’t. I wasn’t on the wasn’t on the hot spot for this. But you know, each of you lead with lead the next person with a question, your confidence that the person is going to take it on and is not gonna object or or fumble or, you know, but But it carried further. Okay. Excellent. Thank you. very much crystal ramps or chief administrative officer. National Council of Negro Women got CEO Jackson partner and CEO of Echoing Co. And both deeply involved with with the Washington Improv Theater. Thanks so much for being with me. Thank you.

[00:31:38.02] spk_4:
Thank you, Thank you. Thanks for Stoke tony.

[00:31:38.61] spk_3:
Thank you for being with tony-martignetti non profit radio coverage of 20 NTC.

[00:33:10.18] spk_1:
We need to take a break. Cougar Mountain software, Their accounting product Denali is built for non profits from the ground up so that you get an application that supports the way you work that has the features you need and the exemplary support that understands you. They have a free 60 day trial on the listener landing page at tony-dot-M.A.-slash-Pursuant non. Now it’s time for Tony’s take two. Thank you. Um, thanks for being with the show and staying with it through Corona virus and recession and protests against racism. Um, I’m I wanted to keep producing the show. I mean, there’s no there’s no stopping the show. The show has got to go on, but, uh, all the more I think, you know, just because things have been so tumultuous since what, roughly march 23rd or call it mid march. Um, so much confusion change, uh, you know, new routines. The show has got to continue. It has got to be some things that we just can rely on. They’re just gonna be there. And non profit radio is one of them. And so I insist that, uh, not that not that I was thinking about postponing are going on hiatus. But it’s just three assure that Ah, some things remain unchanged. Remained constant. You can count on them, and non profit radio was one of them. And thank you for being consistent, loyal listening audience. Actually, it’s uptick ta little bit. It did like in April and may, you

[00:33:30.85] spk_3:
know, more people spending a lot more time at home, right? Doing everything at home

[00:34:10.00] spk_1:
from exercise to maybe more podcasts. So, um, thank you. So I’m I’m glad and gratified that, uh, audience hasn’t declined. You haven’t gone anywhere. The show still has value for you. That’s very gratifying for me. I thank you for sticking with the show. Still listening, and I’m just glad that you’re still getting good information from it. So thank you. That is Tony’s. Take two. Now it’s time for tech policies with Karen Graham and Dan Getman.

[00:34:42.03] spk_3:
Welcome to tony-martignetti non profit radio coverage of 20 and D. C. That’s the 2020 non profit Technology Conference were sponsored at 20 NTC by Cougar Mountain Software. With me now are Karen Graham and Dan Getman. Karen is director of education and outreach at Tech Impact, and Dan is senior manager of donor relations for manna. Karen Dan. Welcome back, Teoh. Tony-martignetti non profit radio. Well, for you, Karen. Dan. Welcome.

[00:34:48.37] spk_6:
Uh, thank you.

[00:35:32.51] spk_3:
Glad to know that you’re each well and safe Dan in Philadelphia. Karen in Minneapolis. Good to know. I’m glad we could work this out. Your conference topic is establishing tech policies to protect your non profit can. You and I have talked about tech policies in the past and and other things that are, uh, when you were with idea where we’re on the surface boring. And you were happy to call them that, but nonetheless important to your non profit. So would you mind doing the same? Explaining the the importance to what could sound like something very dull?

[00:36:08.17] spk_6:
Sure. Well, I mean, regardless of what kind of situation we’re in, we all know that there are good people that make bad choices. And so having some policy guidelines to help people to anything twice about those choices, um, should provide some guidance for them, as is helpful but also having some clear consequences, I guess, in place or responses when people do make bad choices. That’s also important to know how you’re going to respond If somebody makes a mistake now, especially, I think nonprofits are feeling this in the right. Now, as we’re recording, we’re in the midst of the Corona virus outbreak and ah, lot of dumb profits have gone to remote work. And so they are, I think, thanking their lucky stars or they’re good judgment if they already have developed really good policies for remote work and use of personal devices and things like that. And if they haven’t done that, they’re scrambling right now to try to figure it out.

[00:36:35.50] spk_3:
What are some of those bad choices that you’re talking about?

[00:36:54.98] spk_6:
01 of the things that comes to mind immediately is ah, a kind of choice that will lead to a security vulnerability. Um, you know, just say, sharing data that is his private that contains personally identifiable information with people that really don’t need to have that information, um, downloading it onto a home computer, things like that, Like those kinds of choices can really make an organization vulnerable to that data getting into the wrong hands, Um, or to like, passwords and system access getting into the wrong hands. And I mean, I’m sure we’ve all seen the consequences of that. Um, I have some data on that. They’re the average cost of a data breach, according to a 2019 survey was almost $4 million for a data breach and on profit. They’re just as vulnerable to that, if not more so. Ah, compared to therefore profit piers.

[00:38:00.59] spk_3:
Yeah. Yeah. Oh, yeah. Certainly we think about organizations in the health care’s our healthcare arena. But even outside health care, there are dates of birth, their credit card numbers. Um, other personally, you might have social security number for some reason. Um, it’s all that personally identifiable information. Oh,

[00:38:00.98] spk_6:
and all of that can compromise people’s privacy. And it also can make an organization really vulnerable to ransomware attacks where the hacker threatens to release that information to the public, or, um or misuse it in some way that can really destroy the organization’s reputation. You’re and be harmful to the people that they serve. So that’s something that that actually non profit are especially vulnerable to because of the kinds of information that they handle. And also because, unfortunately, many nonprofits have not invested in security to the level that they should.

[00:38:38.42] spk_3:
Yeah, all right, Dan, let’s bring you in your in your office. We hear a little background noise. That’s okay,

[00:38:44.71] spk_7:
all right,

[00:38:45.12] spk_3:
It’s not They’re not, I presume they’re not strangers walking through Karen’s home in Minneapolis. So it must be your office. That’s OK.

[00:38:54.15] spk_7:
That would be me. Yeah,

[00:39:05.63] spk_3:
that’s OK. Way have lives. It’s alright. It’s alright. Just, uh, letting people know Karen is secure. There’s nobody walking through her. Her family room, Dan. So manna has been working on ah, comprehensive tech policy or is finished. What? What’s your what’s manage role in in this?

[00:41:25.42] spk_7:
Sure. So, um, we put together ah, bunch of different policies last fall. Um, and I hesitate to say the word finished because they’re always evolving. We need to adapt what we do in the policies that reflect what we dio. Um as things change around us. Uh, for instance, um, we a lot of the policies that we instituted last fall were directed, uh or directly affected, I should say, are like the computers that we have here for years. We all used PCs and much the standard way that anybody else would, Um, And with the advent of cloud based systems like Azure and some other things that we work with tech impact to implement here, um, we were able to get on Ah, more secure, uh, server were able Teoh update a lot of the levels of encryption that we use all things going along with what Karen was talking about in response to not wanting to be vulnerable to attacks to ransom where, um, we deal with individuals who have really serious health concerns there, the client base to whom we deliver meals on a regular basis to and so we work with all kinds of personal information. We also have certainly as a non profit donors who have credit card information and other things that get stored within our systems. And so between medical records and all the things kept their in and credit card information for our donors, You know, we have a couple different avenues that, ah, potential threat, you know, might see if inviting. And so, um, as an organization that works with insurance companies, large insurance companies, we need to be as HIPPA compliant as any medical office would be. Doctor’s office, hospital system. Um and so we’ve gone through some work with, um, hip, a consultant. We’ve worked directly with Tech Impact, who also does our day to day tech support here to really, really develop well thought out policies as well as all the software sort of implementations that went along with it. So again, I hesitate to say that we’re finished because we’re always looking at ways to improve how tightened up weaken be, but, um, in terms of where we’re at today Ah, the large bulk of that was completed last fall.

[00:42:05.21] spk_3:
There’s something interesting you the director of our senior manager party. I just demoted you. Senior manager of donor relations. Not not I t, uh, that sound like the tech policy position at manner. But here you are.

[00:43:23.56] spk_7:
So it’s interesting. Yeah. Um, I think many non profit, uh, will probably understand. We use the phrase were a lot of hats, You know, that many nonprofits are smaller staffed. You know, we don’t have, uh, the budgetary capabilities Have an in house I t department. Um, and so for years, our office admin served in that role Still doesn’t in many cases, if your if your outlook isn’t working, if your internet’s down, that’s what you go to. But, um, as we were growing these contract relationships and learning that there were different levels of security that we could, you know, reach for, um we needed somebody in house who had both a cursory understanding of the tech side of things and also enough understanding and ability to work with our nutrition team Teoh, to sort of understand the HIPPA ramifications of it all. Um, and it just so happened that that role probably would have fallen to the office admin Who does does a lot of the other day to day stuff. However, uh, he went out on medical leave, and so I was sort of tasked with this being the next in line in terms of my, uh, computer savvy, I guess

[00:43:24.72] spk_4:
we can

[00:43:24.97] spk_7:
call it her.

[00:43:26.44] spk_2:
So

[00:43:27.10] spk_7:
yeah, sort of a non profit thing that you know, you have a skill set that you’re able to help with. It may not be the thing I’m trained in or went to school for by any means, but I understand it may be better than the next person. And so that’s how that kind of works out

[00:44:17.99] spk_1:
understand Time for our last break turn to communications relationships. The world runs on them. We all know this turn to is led by former journalists so that you get help building relationships with journalists. Those relationships will help you when you need to be heard so that people know you’re a thought leader in your field when there’s a time for you to be heard and to show your expertise. Turn to specializes in working with nonprofits. The red Turn hyphen two dot ceo We’ve got but loads more time for tech policies from 20 and TC. We

[00:44:33.13] spk_3:
could also consider good tech policy to be a part of donor relations. A part of stewardship. Actually, you’re part of what you’re doing. What I don’t mean you at manner. But part of what an organization is doing is protecting donor information from the can absolutely kinds of attacks that you and Karen both talking about So you could consider it on a new element of donor relations on goods

[00:44:49.79] spk_4:
store.

[00:44:50.21] spk_7:
And and part of it came back to, you know, in the donor relations side of things I oversee, uh, our database R c r m Here, um, and so again, understanding those systems, um, knowing that we treat and I’ve always treated all information confidentially, we don’t share lists with people. We don’t sell our donors information to anyone, Certainly whenever that with any client information. But from my sort of day to day rolls perspective, you know, we treat all that data, um, the same with the same level of integrity that we would with our client data on the other side

[00:45:24.94] spk_2:
of

[00:45:25.01] spk_7:
the building. And so, um, yeah, I think that’s kind of where that come from.

[00:45:29.65] spk_1:
Um,

[00:46:16.42] spk_6:
well, I’ve been kind of listening to what Dan saying, and even what I said when we opened up here, where we’re focusing on technology policies to reduce the organization’s risk or, you know, to kind of like looking at it from the perspective of where the bad things that could happen And how do we present those, and I just want o make the point that that’s not all that policies air for right there. Also, to give people guidance on positive things, they can dio um, So at my organization, just today we were talking about social media policy, and that’s something I’m sure that Dan probably deals with two. I’m doing donor management and fundraising and communication. Um, you know, you don’t want to just wag your finger at your staff and say you can’t do this. You can’t do that. Especially when it comes to social media. You want to give them some tools and some permission to be able to do things that are positive and are gonna benefit the organization. So that’s always an important thing. To remember with policy is to find that balance between the things that are restricting people from doing things that are really gonna be harmful and the things that are empowering them to do things that are gonna be helpful.

[00:46:45.78] spk_3:
Karen, what do you see? Some sometimes or most commonly I should say, as the impetus for, uh, revising oh, are creating when they don’t exist. It all a new a new set of tech policies.

[00:47:02.07] spk_6:
Probably two things, and one, unfortunately, is something bad happens. And then somebody says, Oh, we should have had a policy about this. You can imagine how those scenarios play out. But the other thing is sometimes, um, change in staff or a staff member who has listened to a podcast or, um, they have attended a conference or somehow been exposed to thes ideas and realized Oh, shoot. My organization doesn’t have the right policies in place. We should probably pay attention to this.

[00:47:32.98] spk_3:
Okay. And, uh, since you’re the consultant, why don’t you get us into this process now? How do we begin what we need to think about who? The stakeholders? I need to be involved before we can actually start typing policy or thinking about policy.

[00:48:49.83] spk_6:
Yeah, I can. I can share a few things with you. Um, first, the, um, there are six basic types of policies that most organizations should have, and so acceptable use is one. And what that means is it’s a guide to the overall use of your networks and technology equipment. That’s acceptable use policy. Um, 2nd 1 is security, and that’s really about protecting your data and your systems from from security breaches. Um, 3rd 1 is bring your own device policy, which has considerations for employees using personal devices to do their work, whether they’re in the workplace. Or, um, right now, a lot of people are using personal devices that they have at home toe access, corporate data, so to speak, or things that are owned by the non profit. So those were the 1st 3 and then the 4th 1 is an incident response and disaster recovery policy or in a plan, that’s what you need to do if something goes wrong. Um, 5th 1 is remote work kind of other considerations for employees who are working outside the office. Um, and then the final one is about social media and digital communication guidelines for what you can and should do and what’s restricted there.

[00:49:06.82] spk_3:
Okay, All right. So those there are sort of framework for our policy, those six types and and who should be involved in the process of creating these

[00:49:36.27] spk_6:
Well, I think that’s a great question to ask Dan because he had some experience with involving the right people in the organization. But my advice would be, um, you know, there’s a saying that a lot of advocacy organizations are organizing groups used nothing about us without us. And I think that applies here. Um, as well. It’s If a policy is going to affect someone, then that person should probably have a chance to give some input in the policy. Otherwise, you’re going to run into a lot of problems with people not following the policy, just working around it. And then it’s not doing anybody any good.

[00:49:56.47] spk_3:
Yeah, because then it’s a policy that was foisted on on users rather than them being part of the collaborative team that develops it,

[00:50:04.93] spk_6:
right? So certainly an executive director of board of directors in a non profit has some responsibility for reviewing policies and making sure that the right things are in place. But that’s not enough. It also has to involve the people that are covered by the policy.

[00:50:18.46] spk_3:
Yeah, the end users. How about you, Dan View? Did you follow Karen’s advice? Were you ah, compliant client? Or were you not?

[00:51:38.86] spk_7:
I’d like to think so. Um, I I was involved from day one in terms of this stuff. Ah, And to Karen’s point. Yeah, we had everyone that almost every level in some capacity involved in this process are when we first sat down, uh, with some of Karen’s coworkers Attack impact. You know, we had in the room myself the head of our nutrition department, our CEO, uh, the head of our policy on my policy, I mean, uh, lawmaking policy, But ahead of our policy, uh, department and a ZX Well, a czar PR person, our office admin. So I mean, it was kind of deer point. We had somebody from every aspect of the organization who would be either affected by the policies being put in place or be the person who is actually implementing the policies themselves on dhe. Then we brought in, which was a tremendous helping to be, quite honestly, couldn’t have done it without them. We brought in an outside consultant whose work eyes in the field in our key, specifically in ah, tech security and has a lot of background again dealing with the folks that we work with being medical record based. Um they came from ah background with ah consultant work dealing with hip a related issues specifically, and so we have them come in and do ah full risk assessment to go side by side with the risk assessment that tech impact did. Um and we had a really nice look at, uh what what policies do we have? What policies do we need and what things are already in place? And where can we, you know, make some tweaks to get better? And so it really was very collaborative effort, both internally and in terms of the two external groups that

[00:52:18.51] spk_4:
we worked

[00:52:18.92] spk_7:
with. But we needed every voice in that room

[00:52:24.75] spk_3:
Any difficulty, Dan getting buy in from leadership t this for this project?

[00:53:03.47] spk_7:
So no, we’re fortunate, actually, that we have ah CEO who is one very progressive and and likes to be at the forefront of all aspects of, you know, our business. Eso that includes technology again. We’ve always we’ve been around 30 years, so dealing with our client records and the hip related issues. There has always been something that mattered to us. Um and so this was seen as an opportunity to improve upon efforts that were already making It was not seen internally as Hey, this is a bad thing in the world. We all got to go through this process to fix something. It was really more, um we’re doing a good job, but we can do better than what we’re doing, and we’re gonna strive to do better than what we’re doing. And so our CEO didn’t require any real pushing. She was actually the one pushing, pushing all of us.

[00:53:57.44] spk_3:
OK, OK, Karen, we don’t have time to dio in depth on all the six different policies that you that you mentioned. But since we’re in a time now, when a lot of people are using their own personal devices, why don’t we focus on that policy? The personal use of devices for work? What I you know, I defer to you. How do we like what questions should we be asking or what policies should we have in place? What’s the best way to approach that one?

[00:55:44.69] spk_6:
Sure. Um, here’s some some of the questions you could think about for that, um, one is, um usually, organizations start with who is allowed to use those devices and in the situation we find ourselves in right now, I think it’s almost everyone has allowed to use personal devices, but maybe not. I mean, maybe if you’re a non profit that is allowing people to work from home either indefinitely or just for a defined period of time. Maybe you want them to Onley be allowed to do their work on ah organization issued device. Maybe you will provide them with a laptop or a tablet or whatever it is to take home with them, and they’re only going to do it there. And then you know it’s important than to issue some guidelines that let them know your home computer is off limits for conducting your work. So that’s an example. But then it’s not just computers. What about their camera? You know, if they’re doing videoconferencing, if it doesn’t have a built in camera, can they use their own? Or do they have to get one from the organization? What about a headset? What about like all that extra stuff? And then, if they are using their own devices, what kind of support do you offer for that? If something breaks, you fix it. If they have a problem with their settings on the computer, are you responsible as an organization for helping them with that? Um, what about like antivirus software on their home computer. Are you now going to pay for the cost of that? Or are you gonna pay for the cost of their cellphone, which they’re now using to take calls? Because the office phone is being forwarded to their cell phone. So there’s a lot of a lot of different issues there. Um, 11 more thing that we find, especially with mobile devices, is like, What kind of encryption do you and require, um, and locks and authentication and, like different kinds of security measures that can be installed on a mobile device? Um, it’s not necessarily a case where more is better. You have to find the right balance between convenience and security there.

[00:56:11.33] spk_3:
What about use of other people’s use of the of that same equipment, you know, when they’re home? If is that a family laptop that the person is using for work and then night their kids do their homework on it? I

[00:57:01.27] spk_6:
mean, Well, yeah, I think that’s the reality for a lot of people right now. So, um, it’s I personally wouldn’t worry too much about ah criminal breaking into my home logging into my computer. Um, that has a weaker password at home than the computer that I used for work. Um, and you know, getting into my organizations, data or whatever. I just really don’t think the odds of that very high, but, um, but it’s more like, um, maybe through email, maybe my kids open a phishing email and they click on something. And then pretty soon, my computer’s infected on dhe. I’ve also got stuff stored on that computer that I don’t want to get into somebody else’s hands. So that’s where the vulnerability of shared devices probably is. Most important. I don’t know if you would agree with that, Dan, or if you’ve got through that with your organization

[00:57:11.55] spk_3:
damn before we before we. I do want to go to you immediately, Dan, but I want to make clear that we now know the password to Karen’s home computer is 12345

[00:59:56.18] spk_7:
Yeah, I think if the really important one and we did go through this in terms of a lot of the policies that we’re putting in place, we have ah mixed set of media for this organization, um, desktop and laptop, and for those with laptops taken, certainly take them out of the building, and so there’s no safeguards there needs to be in place. Um, but the one that we really found I don’t want to say a stumbling block, but it’s something that I think organisations should keep in mind when they’re when they’re thinking about this kind of stuff. So many of us now have smartphones, and they’re great and they can do all these different things. Um, the one thing that really got under a fair amount of people skin here was the restrictions that had to be put in place for, uh, one’s own mobile device. And specifically, what we dealt with was, uh in the case of our email client, um, outlook is great and can be controlled with a lot of the policies that we put in place with tech impact. However, uh, if you have an iPhone or an android and you do not have the outlook app if you just use the native mail app on your phone, um that is outside the scope and the control of a system like in June or Azure. And, uh so what we had issues with were people wanting Teoh, you know, use the app that they’ve been using for the last 10 years, Um, and having to switch to something that was considerably more restrictive. Um, and it’s one of those things that sort of the growing pains in this process. But ah was absolutely necessary for us to be ableto you know, rain in some of the control on the data that’s being used. Um, and to Karen’s point with, you know, kids clicking on an email, Um, you know, we have it set where, As an example, if I pull up an email on my phone, I can’t screenshot it. I can’t save whatever’s in it to my phone. I mean, we have everything as locked down beyond you can read it and reply to it, and that’s it. Um, but just just knowing that some of those those things they’re out there in terms of the restrictions in terms of the necessity to have them be protected. If I lost my phone and someone got into it, they could seemingly access information. I wouldn’t want people to see, you know, from a work standpoint. So I think those are things that we take for granted. Um, having these wonderful devices that we carry around every day, but they’re really, um they are portals to our jobs into our lives and security that needs to go with that is it can’t be understated. And that was definitely something that we hadn’t thought about quite honestly before.

[01:00:07.86] spk_4:
This all happened.

[01:00:16.07] spk_3:
Making compromises for company. Absolutely ization security. Karen, we’re gonna wrap up. Does this tech impact have any resource Is, um, better related to detect policies that that folks can access on the website?

[01:01:06.21] spk_6:
Of course, we dio with a lot. So I’m at Tech Impact out, or GE, we have a number of resource is about policies and security, which we’ve been touching on here, too, including free consultations for people who just have a question that they want to ask of a professional. You can request that on our website. Um so about that tech impact that or ge and then on ideal wear dot or ge, which is also a site that is heart of our organization. That’s a resource site. And so we have a policy workbook on there that will help you, like, step by step, develop each of the different policies that I mentioned earlier and also a number of other knowledge. Resource is, we’ve got a course right now to that. We just finished a live version of it and the recordings available at Ideal where DOT or GE, if people want to really take a deep dive into this

[01:01:20.01] spk_1:
outstanding thank you. And, uh, as former CEO of Idea where I know you’re well acquainted with the with the offerings there. That’s

[01:01:38.21] spk_3:
Karen Graham, director of education and outreach, a Tech Impact, and Dan Getman, senior manager of donor relations at Manna. Thanks to each of you for sharing thanks so much and, uh, and stay safe. And thanks to you for being with non profit radio coverage of 20 NTC

[01:02:21.65] spk_1:
next week. More from 20 NTC. If you missed any part of today’s show, I beseech you, find it on tony-martignetti dot com were sponsored by wegner-C.P.As guiding you beyond the numbers wegner-C.P.As dot com by Cougar Mountain Software Denali Fund. Is there complete accounting solution made for non profits tony-dot-M.A.-slash-Pursuant Mountain for a free 60 day trial and by turned to communications, PR and content for nonprofits, your story is their mission. Turn hyphen two dot ceo. Our

[01:03:00.45] spk_0:
creative producers Claire Meyer Huh Sam Liebowitz managed stream shows Social media is by serving Chavez. Mark Silverman is our Web guy on this Music is by Scots with me next week for non profit radio big non profit ideas for the other 95% Go out and be great

Nonprofit Radio for January 4, 2019: Stay Secure In 2019

I love our sponsors!

Do you want to find more prospects & raise more money? Pursuant is a full-service fundraising agency, leveraging data & technology.

WegnerCPAs. Guiding you. Beyond the numbers.

Credit & debit card processing by telos. Payment processing is now passive revenue for your org.

Fundraising doesn’t have to be hard. Txt2Give makes it easy to receive donations using simple text messages.

Get Nonprofit Radio insider alerts!

Listen Live or Archive:

My Guest:

Jordan McCarthy: Stay Secure In 2019 
Let’s resolve to keep our technology and data safe in the New Year. Jordan McCarthy will help. He’s with Tech Impact and he’s got simple, proactive measures for the short term as well as bigger long-term initiatives for your consideration. Stay safe!



Top Trends. Sound Advice. Lively Conversation.

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.

Get Nonprofit Radio insider alerts!

Sponsored by:

View Full Transcript

Transcript for 420_tony_martignetti_nonprofit_radio_20180104.mp3.mp3

Processed on: 2019-01-04T22:17:46.089Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2019…01…420_tony_martignetti_nonprofit_radio_20180104.mp3.mp3.454052384.json
Path to text: transcripts/2019/01/420_tony_martignetti_nonprofit_radio_20180104mp3.txt

Oppcoll. Hello and welcome to Tony Martignetti Non-profit Radio Big Non-profit ideas for the other ninety five percent. I’m your aptly named host. Happy New Year. Welcome. Welcome to Non-profit radio two point zero one nine. Whatever the hell that means. Welcome to the new Year. Oh, I’m glad you’re with me. I’d suffer the embarrassment of Pem Fergus Arithmetic. Assis, If you made me face the idea that you missed today’s show, stay secure in twenty nineteen. Let’s resolve to keep our technology and data safe in the new year. Jordan McCarthy will help. He’s with tech impact. And he’s got simple, proactive measures for the short term as well as bigger long term initiatives. For your consideration, stay safe on Tony’s Take two Time to be an insider. We’re sponsored by pursuant full service fund-raising data driven and technology enabled. Tony Dahna may slash pursuant by Wagner CPAs guiding you beyond the numbers regular cps dot com. Bye. Tell us Attorney credit card processing into your passive revenue stream. Tony dahna slash Tony Tell us and by text to give mobile donations made easy text. NPR to four four, four nine nine nine How police to welcome Jordan McCarthy to the show. He is infrastructure and security lead at tech impact. He works with organizations of every shape and size from three person grassroots advocacy groups to three hundred plus Persson social service providers to help them figure out what kinds of technical tools, analyses and strategies will maximize their social impact. Yes. A decade of experience and systems and network administration, technical writing and education and technology policy analysis. Tech impact is at tech impact dot org’s and at tech underscore impact. Welcome to the show, Jordan. Thank you so much. It’s a real pleasure to be here. Thank you. And happy New Year. Oh, you as well, Thank you very much. Thanks. Um, Tech impact is Ah, non-profit itself. What? What are you doing there? So quite a lot. We are an interesting organization because we have the heart and soul of a non-profit, um and to some extent, you know, the constant, you know, running from one thing to the next. But we provide services in the style of a more traditional tea shop to other non-profit. That’s not the only thing we do. We actually have several arms, one of which I’m really, really fundez works arm, and they’re sort of a more traditionally non-profit ah division that does workforce development in Philadelphia, Wilmington in Las Vegas. I bring in underserved young people and giving them a solid foundation of skills in its various kinds of support and allows them to go back in their communities and give back and start off on really solid careers. But, um, I was out of the house. We provided all sorts of technical services advising, consulting, implementations and an ongoing support. Two non-profits of every shape and size. And what we do for each non-profit really depends on who they are and what they need. So we try to meet folks where they’re at and, you know, get a sense of who they are and then sculpt a package of services, whether ongoing or short term. There really helps them be more effective at whatever it is that they do using technology related. Yes, exactly. Right. So you know, we aren’t necessarily going to help for supply cars, but anything related to information technology. It pretty much falls under arm broke Now I saw that in training you partner with Idealware Idealware Sze CEO Karen Graham is bound to show a couple of times. I’m a big fan of Idealware. Did I see that right? You You do some partnering with them? Actually, yes. And we’ve partnered more closely than ever because we have actually merged with Idealware second back and idealware. Yeah are now basically part in parcel of the same organization. So we are tremendously excited about that, Looking forward to working with Karen and her team to really redouble our efforts in the area of education and training and really trying to get people empowered to do some more of that stuff on their own. So they don’t have to, you know, exclusively, Rely on, you know, chops like that Come back. We will be here still that people need us. But we want to give people a much much of the tooling and resources that they I can stomach so that they can be as effective as they can on their own looking Look at Non-profit radio outside the loop. I did not know that you had merged. Is there going to be a common name? But between you and idealware. So they are, I believe now, but we’re keeping the name check impact it’s sort of, you know, it’s It’s a nice broad umbrella Idealware is keeping their name is well, but I think there now, you know, one of our major flagship. Yeah, Not not. I don’t know what we’re calling it the subdivision because they are, you know, really powerhouse in their own right. But they’re a member of the family. Let’s say OK, how recent is that merger that I that I didn’t know? Only in the past couple months. Oh, good. Okay. I don’t feel so bad. All right. No, more like two or three months behind. Oh, that’s not so bad. I’m still reading the newspapers from October then. Okay, Trump. Um, So you want to see, um, social progress? You say that you want to see social progress shaped technology usage, not the other way around. What do you feel like? Non-profits are not doing as well as they as well as they could in this. That’s very interesting and complex questions. All right. What we have in our you know, I mean, we go. Don’t take. Don’t take a full hour on it, you know? But now I don’t know if we have time. You don’t want the one you don’t want to tail wag the dog? Yes, exactly like that. One of my personal driving philosophies, that sort of really, um they put me where I am today through various stint in higher education and the D. C think tank world. And what I know what that means to me. I think, is that I see, you know, technology is everywhere in today’s world, and we’re doing a lot with it. But a lot of what’s being done is not all that socially oriented, right? You know, I several years ago was already sort of concerned about what Facebook was doing to all of us. And now, you know, come two thousand eighteen and we get a really big download of exactly what’s been going on there and how they have not really been all that interested in doing good by the world on. You know, Facebook is obviously the bookie man of the day. But you could look at any big tech company, really and and ask. Okay, well, how much of this is socially relevant? And to be fair, many of these cos I do have a lot of really powerful, um, philanthropy arms, and they do a lot of really good work. But at a zoo community, I feel like the technology space isn’t as focused as it should be on solving the really big problems that we face as a society as a world, you know, matters of civil rights and environmental destruction so forth, Um, and I think that the non-profit community really does tackle those problems day in and day out. You know, that is their core focus. They’re kind of safety net providers in the whole bunch of different spaces where you know other sectors just aren’t quite stepping up. And so what I would really like to see is a fusion of the spirit and the really innovative thinking in terms of social development and progress on the non-profit side and be able to fuse that with the you know, really, under a nouriel creativity of the technology space so that we can see maur tools, Mohr types of work that leverage this tremendously powerful tool kit that we’ve developed over the past twenty years or so to really maximize the number of people who can be reached by a particular social intervention, you know, the number people who are aware of various pressing problems really raise the level of engagement. OK, tidy as a whole. Uh, Jordan, I want Our people are not only more aware of what’s going on, what’s really important, but that they also empowered to do something about it. That’s meaningful. Unhelpful. Okay, we got to take our first break, but I want to continue this thread of the conversation talking about Cem Cem. You know, idealware non-profit technology network and I feel like there’s we’re making inroads to this, but time for a break right now pursuing two New resource is on the listener landing page. The field guide to data driven fund-raising is practical steps to achieve your fund-raising goals using data and they’ve integrated case studies included and demystifying the donor experience guide you through creating a donor journey. That donor journey map plus savvy stewardship strategies. You find those two resource is on the listener landing page at Tony Dahna may slash pursuant capital P for please. All right, now, back to stay secure in twenty. Nineteen. Right. Jordan sometimes might take these brakes. I forget where we were, but I did not forget where we are. This time. But future breaks, I may ask you, Teo, be my crutch. Remind me what? That we were just talking about. OK, so where you want to see this fusion between social progress and the technology tools that can enable it support it? We’re making inroads, though. I mean, there’s there’s tech impact. There’s a non-profit technology network there’s idealware. Let’s see, I just had a guest on and Mae Chang a few weeks ago talking about instead of lean, startup lean impact, you know, howto iterated and learn fast from buy-in in your in your non-profits. I mean, that’s sort of ah, that is broader than just technology. But she was taking that technology that that tech startup theory of lean impact from Eric Reese and applying it here to non-profits. I feel like we’re making inroads, right? Oh, yeah. Okay. Which is not where you want it or not, where you want to be yet, right? I think you know the corporate world is really good about innovating rapidly and figuring out new things, Teo. New products to bring to market and new ways to capture the public attention and so forth. I mean, there was really good at it. That’s what they do. And I feel like the non-profit and civil society space. You know, it’s so focused on its core work, which is some of the most important work being done out there, right? You know, it is life saving work. It is world saving work that they don’t necessarily have much time to throw at considerations that might seem, in some ways, like overhead. You know, obviously fund-raising that one is a given, right? Everyone needs to do that. Yeah, but way. I’ll know that mandate all too well, but there are other things that are perhaps equally important, like keeping abreast of what opportunities are out there in the way of technical tools that could really help, you know again, reach more people or make your operations more efficient or save money or saved. The’s are all important investments and unfortunately, overhead. Gotta bad label several years ago. But, you know, Ah, non-profit radio were always bristling at that. That that thought that, Oh, you know, if it’s not direct service related, it’s wasted money and people won’t. Our donors won’t understand it on DH. They’ll think that we’re not good stewards of the money that they give us. That’s that that thinking has got to go out because we’re talking about investment in your organization and your people and in the services that you’re providing. That’s exactly right. Yeah, I mean and invested time and money to end up with a better, more efficient, leaner you gnome or impactful and state like that’s just there’s no way around it, right? I mean, you can’t deny that the most Well, I was gonna say most admired companies, Let’s just say the wealthiest cos whether they’re most admired. That’s ah, value judgment, but that you can’t deny that they’re constantly investing in in themselves in their people. Amazon, Google, Facebook. Was that Fang Netflix? You know, the company’s heir, constantly investing in technology, and there’s a lot of lessons to be learned in those types of investments. Oh, most definitely. And I think you know, I I also share your frustration with the whole idea that overhead is a bad thing because you know, it doesn’t matter and you know not to stare at their do it, Lee. But information security is often seen his overhead right. It’s something that you have to deal with on a regular basis. You know, you do it right. It’s always in the back of your mind and always take some resource is an attention, and you don’t really see immediate, tangible benefits because by definition, good security is not getting broken into right. And it’s hard to measure the value of a negative. I know, until, of course, you do get broken into and you see just how bad it can be. So I completely agree. I think overhead is a sort of A I wish it were not a bad term, but since it is, let’s get rid of it and call it something like, you know, core structural support, investment. That’s what investment you’re investing. Exactly. Yeah, that’s even better. And people understand that. And you’re asking people to invent me? If you’re talking to donors, you’re asking them to invest and you’re investing in the work that they’re investing in. You just give it to you, and you invest duitz. Okay? All right, Let’s school. Good. Uh, love that opening. So let’s let’s get to some some details. Tech impact has this excellent resource which we’re goingto sort of talk through. So if you could just goto tech impact dot or GE, is that the way to get it? I got it. But I forget, how did what did I do? You go to Tech Impact or GE. And then where, then Eleanor website. There’s a whole bunch of menus, and there’s a menu item for things that we do on underneath that there is a security section and I’ll go there. You’ll get brought Teo Page that ask you for just basic information. And then you get a quick security checklist of the top things that you can do is a non-profit or honestly, for that matter, as any kind of organisation or even a person to be safer in a world that is getting less safe. Okay, Yes. And I I want to thank Thank you that I appreciated that it was very minimal information that you asked for sometimes to get the resource, you know? Yes, it’s free. But you have to give up your your physical address. Ah, phone number. You know, I bristle it that for this resource, it was this name and email. That was it, that’s all. And that’s all I asked for When people join our list. Name and email. So thank you for that. Thank you for not going overboard with data collection. You know, I mean privacy, because then you have to preserve lead right to you. If you take my address, then you will have to preserve it and secure it. All right, So we’re gonna get to that. OK? Eso what kinds of risks are you concerned about your welcome to share client stories. I know you. You know, you do direct work with clients non-profits clients. So what types of risk air you seeing? So I think I unfortunately have gotten pretty Harry particularly. I would say over the past year, twenty eighteen was not a good year in so many ways. So what we’ve seen is that, ah, the tax that previously were targeted, let’s say, mostly at bigger fish especially, you know, corporate fish are now coming downstream to smaller organizations. And that is ah, indicative of AA few things. One important thing to understand about the space of ideas, security or insecurity, if you like, is that it is and has been for a while. It is dominated by big, actually corporate actors. I mean, These are international crime syndicates who exist in their their core business model is to break into other organizations and steal their intellectual property. Used there are rather abuse their infrastructure. For other, you know, malicious reasons just generally do as much damage as possible. Like steal half a billion addresses and credit card numbers from it was, Well, Marriott, Whatever the weight of a company emerged with Marriott last year. Spring him not Spring Hill, but Starwood Starwood, right. Half a billion addresses, credit card, a data passport information for some people compromise. And that’s just one example of yeah, well, you go back, you know, even a couple of years. And, you know, many, many big names just, you know, fly off the pages of a Home Depot. There was target argast, you know, the Office of Management and budget in the federal government like you be. These attackers have targeted very successfully the some of the largest institutions out there that have truly massive databases of personal information. But Betsy’s coming down, proceed. You Ah, go and steal people’s identities or you know what? They generative process, right? They take the information that they’ve stolen, and they use it to try to extract as much value from that data set and then build dated today to set further. So they might use those emails to send more spam, encouraging people to log into a fake. You know, Google, Sinan Page or something and thereby build their database even further on. And they really refined this. It’s not a technique, it’s a hole. World of techniques, really. It’s a business model over several years. Two at the point where it’s really a precision engineered process, and they have a specialization. They’re different parts of this black market ecosystem that specialize in breaking into accounts. They’re different ones that specialize in spamming. They’re different ones of specialized in setting up and distributing attack tool kits that make it even make it easy for people to start performing these attacks. So there’s a lot of specialization, a lot of a lot of different firms engaged in this process, and there’s a CZ. You pointed out this billions of dollars to be made in compromising organizations. Now rhetorically again. And even now, of course, the Holy Grail, if you will, is to break into a target or a Home Depot or something because they have millions upon millions of records, latto payment information and so on. But of course, you know, this is an arms race, and so the big companies have gotten somewhat better at securing themselves. Many of them have been hacked and therefore have been paying a lot of attention to their borders and making sure that you know they’re relatively safe and At the same time, the attacks have gotten cheaper to run because they’ve been systematized and really reached a sort of industrial level of scale, which means that it is easy and cheap to run attacks against smaller and smaller organizations profitably. And so that’s exactly what’s been happening is that, um, these very sophisticated attack tool kits and procedures have been used to go after smaller and smaller organizations. Ah, and another important thing to understand is that most of this work is not at all targeted. It’s very opportunistic. So you know, a. A big crime syndicate will get a big list of E mail addresses by way of breaking into a company’s database. And you know, there’ll be all sorts people on that on that email list. You know, private individuals, partners of the company and so on. And the attackers will just use that database and send out fairly generic phishing emails to everyone on the list on the assumption that sure most people will recognise this email that’s coming in is not actually asking to reset their Gmail password. But even one percent of the people on that you know, many million person list do actually take the bait that represents thousands and thousands of more accounts they’ve just broken into and a hand that can now use to execute even more attacks. And so there’s a lot of daisy chaining that’s going on here a lot of building on prior work or prior attacks to create even Mohr devastating attacks that target even more people. And so the non-profit space is sort of squarely in the sights of this black market ecosystem now. And so, you know, at any given day I c e mails coming in both to Tech impact itself and to our partners, who then forward them on to me. You know, maybe somewhere between five and ten fairly well crafted emails. Ah, on all sorts of subjects. You know, some of them say your Gmail account has been compromised. Please click here to reset your password. I saw a brilliant one just yesterday purportedly from American Express saying something is wrong with your card. You need to click here to review some another as transactions. This email wass spectacular. He had all the right branding. It was formatted exactly right. All of the links in the email even went to valid American Express Web pages except the big click Here button, which set you to the attack Paige that tried to get you to divulge your log in information for your American Express account. You’re saying that was very high level of sophistication mary-jo right now, very hot again, basically targeting everyone at this point. Okay. And that was very high quality, so very equality. And I mean, I think the big theme is I have seen a steady progression of the quality. So it started out, you know, in let’s say, Well, that’s a year ago, January of last year, Most of the stuff I was seeing was pretty shoddy, right? It had lots of spelling errors, very little in the way of visual branding. Um, you know, the formatting was terribly off. The email address didn’t look even remotely convincing. But you know the email I got yesterday again, everything about it was perfect. Except that one button and even the button. I mean, it was, well formatted. You would have to actually hover over it and noticed that the link point somewhere other than an American Express. But Paige Teo be able to tell that anything was wrong. Okay? S so natural. You know, next question is, what the hell are we going to do about this? So you’re you’re resource papers, got ideas, and you really want to start not with the technology, but with your people. Exactly. There’s a misconception in the general, you know, world at large that because this is a high tech problem, it must have Ah, hi tech solution. And more to the point that you know that high tech solution probably going to cost a lot of money. And it is true that there are some high tech solutions out there or I wouldn’t call them high tech. I would just call them, you know? Yes. Technical solutions. None of them are that involved. And, you know, you shouldn’t have to pay that much, if anything, for most of them. On the most effective solution to this kind of problem, um, is getting your team, your staff on board with the project of keeping the organization’s safe and helping them to understand just how pervasive and sophisticated the threats really are. You know, it’s hard to get a bunch of dedicated, hardworking, you know, non-profit staffers into a room for an hour and get them to listen to a lecture on you know how they need to care about security. You know, for all the reasons we talked about you so much rather be getting their work done. But if you can get your team to understand that this is the risk Israel, the threats are, you know they’re significant and growing. I get people to just adopt a stance of reasonable vigilance, you know, not full blown paranoia, but just being a little bit, you know, thoughtful about everything they click on, whether it be an E mail that comes in from that they weren’t expecting, even if it comes from someone they know. Because part of this whole like iterative process in the attack space is that attackers will break into an email account and then send emails to every single person in that now hijacked account’s address book so that the emails do, in fact, come from someone that that person know you can’t even now just say, Oh, as long as I know the person, it’s fine may very well not be fine because you maybe not. But when you open an email and you’re not expecting it. And I’d ask you to go. You know, you this special report that, you know, if for your eyes only and what not especially if the person that you, uh, get this email from would never write that way. That should be a red flag. And similarly, whenever you’re browsing online, you need to be vigilant about what you click on you. No, don’t click obviously, on anything that says you’ve won a thousand dollars, because that is never true either. It’s certainly not true in real space, and it’s doubly not true online. And, you know, you always just have to be a little bit, you know, a little bit suspicious in back of your head. Think, Okay. Could there be another you No ulterior motive here? Like what? What’s the agenda of the person who sent me this thing or, you know, showing me this web page? Um, you know, is that someone I trust on? Do I have some context for why I’m being asked to enter my password here or provide this information Or click on this button? Um, is this going to do what I wanted to do? And if you can adopt that kind of a mind set and get your entire team to adopt that kind of a mind set. You become exponentially safer than most other folks around. Because this is a new mindset. It’s hard to shift your thinking, particularly the non-profit space, where we operate largely on the basis of trust. Right? You know, we have a lot of partners. Uh, you know, we have to trust that our partners are also interested in doing the same good work that we are. You know, we don’t want to wander around being endlessly suspicious of everyone, but unfortunately, the state of security online. Yeah. Yeah, You really have to be all the more vigilant. We just We just have about two minutes before break, tell us what’s been going on at Tech. Impact yourself. You’re you’re you’re CEO. You’re some sort Your CFO has been getting emails that purportedly come from your executive director. Oh, yeah. And we’re not alone. So the more sophisticated version of we’ve only really talked about one type of attack. And there are others that we might want to talk about. But, you know, let’s go quickly. There’s a different variant that isn’t quite fishing. So fishing is trying to get you to divulge your own personal information over email. But there’s a variant of that attack where someone writes into an organization pretending to be someone high up in the leadership team, the executive director or the CFO or someone like that and ask various members of the staff, Oh, I’m out of the office right now, but I really need you to conduct a transaction for me. I need you to buy some gift cards. Some of them get really creative, and they say, and they and they do their background research. And they say, Uh, we just had this annual conference, and I need to send gift cards to all of our speakers. Could you go out and buy those for me and then send me the codes from the back of those gift cards so I can, you know, send them along to peep folks by email. Those e mails, when they’re well done, can look exactly like they come from the executive director of the C. F O or whoever. And of course they don’t. And if you reply to them and do what they ask, you will be sending all sorts of things potentially financial information out to someone you’re never gonna be able to find again. Because they set up a fake e mail account for the purpose of trying to infiltrate your organization. And once they’ve done that, they’re going to get rid of it, and it’s going to be on Treyz schnoll. All right, we’re going where we’re going to take a take a break. And when we come back, I want youto continue this because I’m going to ask Ah, Jordan, how could this possibly happened? Attack impact. Okay, so ah, stand by for that weather. CPAs nufer the New Year. They’re kicking off a remote non-profit roundtable. Siri’s. They used to just be on location. Now they’re doing it remotely. Livestreaming each quarter a wagner’s C P a C P a will cover a topic that they’re intimately expert in. So they’re the experts, but you need to have a basic understanding of it. All right. I mean, you want to know what you want to have a rough idea of what you’re seeing is doing and what to do in the non-profit realm. That’s what they’re talking about. The first one is on January fifteenth about revenue recognition for your grants and contracts, you goto wagner cps dot com Click Resource is than seminars Now Time for Tony. Take two. It’s time for you to be an insider. A non-profit radio insider also nufer the New Year. I’m kicking off something expanded guest interviews that are going to be exclusively for non-profit radio insiders. Each week, I’m going to dive a little deeper into a topic with a guest or cover something we didn’t talk about on the show in these three to five minute videos. All right, the video is going to be on a private playlist entirely for insiders. Have you become an insider? Sounds like something that you would have to pay for. And you’re right. It does sound that way, but you don’t have to pay. Other people might charge for something like this, but I will not. Ah, all I do. All you do is go to twenty martignetti dot com. Click the insider alerts, button name and email Like George and I were just talking about that’s all you got to give and you become an insider. Tony martignetti dot com. Now let’s go back to Jordan on DH Stay secure in twenty nineteen Jordan How could this happen to tech impact? No. The unfortunate thing is this is really easy to do, and it’s easy to do for someone with not that much technical skill. And just because you get one of these emails that looks really carefully crafted and whatnot doesn’t mean anything has actually been weak or that you’ve been broken into every one of us as an organization has tons of information about us online, right? Certainly the names of our executive directors are incredibly easy to find. If nothing else, you can get them from our tax returns, right? And attackers again have built out this elaborate process that involves doing some basic background research on any organization that they want to attack. I’m sure that they go to the organization’s websites and maybe even look at their tax forms and find out other things about the organization’s. Actually, I read recently that many of these militias actors air now doing extensive Lincoln research on a particular people within an organization is they’re trying to go after, so you don’t know what they’re doing. They built the whole process around this on. They use the publicly available information to construct, you know, eh uh, intact. It is as plausible as they can make it. So, you know, if they see a mention on the Web site that there was a annual conference recently, they might throw that into the E mail again to try to make it that much more authentic. They might mention someone else on the team and say, Oh, you know, like, you know, pretend that the message was coming from your executive director. Oh, I tried to contact, You know, Jim our c F. O. And he was out of the office, but I really need this done. Can you help? It is very common behavior. Now, I will say each second a background research. That hacker does represent one less second of profit. Right. They don’t want to put in that much time. So you know, you shouldn’t worry generally unless you are really, really big and really, really interesting about, you know, hypothetical attackers scouring your web page and every other thing you’ve done publicly for information about you. They’re not going to do that, but it probably will spend, you know, a minute looking at the stuff they confined most easily. And then they’re gonna construct attacks based on what they found, uh, and make it seem like you know the emails. They’re sending our legitimate as possible. They also will do that, actually, not only even just pretending to be part of the organization, they will also try to extort you and say, you know, I found out all of this fallacious information about, you know, your executive director, or you know what your organisation’s doing on. They’ll drop some publicly available details that aren’t even remotely interesting and say, But I have so much Mohr and, you know, if you don’t want us to go out, then you have to pay me a lot of money. I actually saw entire wave of the attacks last month, and they they weren’t particularly well done. But they bothered to do a little bit of background research. So the bottom line is you’re going to get these emails on. They will contain information about you and that should not be as big of a red flag You as you might think. You shouldn’t respond to them. You shouldn’t do anything except, you know, look at them carefully make sure that there isn’t anything in there that really is private and that someone has figured out, because if that’s the case, you need to do a lot more work to get things locked down. Um, and again, just be suspicious. Don’t believe someone when they ask you to do something, you know, unless you have actually had a conversation about that request before. Better yet, I encourage every organization to have a basic policy that says no one in the organization is going to ask anyone else to authorize a financial transaction or a password reset or anything sensitive over email alone. That’s just never gonna happen, and it’s never going to be allowed. You always have to actually talk to the person who’s making the request to confirm that they, in fact, made it before anybody acts on anything. Sounds like a sound policy. Okay, Labbate. Let’s let’s bring it back to what we can do to protect our organizations. So after staff training, what what would you say is next? So after staff training and then again, building a sort of culture of vigilance and everyone being it together on everyone having each other’s back, I would say there are some basic technicals. Defense is you can put in place. Um, because the most dominant type of attacks that we’re seeing right now are definitely email based and identity based. That is, they’re trying to convince you that you know, the attacker is someone they’re not, or and most often there, trying to steal your own account credentials and then use them for exactly the same purpose. One of the best things you can do to protect identity online is too not used, just a password alone. Wherever possible, passwords are kind of outdated security mechanism. They were only added back, you know, twenty thirty years ago, when the original researchers who were building Internet realized Oh, really? You know, not everybody should have the ability to read everybody else’s email without a password. That’s how open everything wass until they tacked on the password, kind of as an afterthought to fix the security hole and a force. As the Internet has evolved to do all sorts of incredibly sensitive things. The password as a security mechanism really hasn’t kept up to speed. It’s not good enough for the level of security. We really need of our bank websites and our social services websites and our, you know, electronic health record websites. So there’s a new standard which itself is not perfect. Nothing ever will be, but it’s a whole lot better than just a user name and password. And this technique or technology is called a couple of different things depending on who you talk to. But they all mean the same thing. You can hear the phrase, multifactorial indication or dual factor authentication or two step verification and all of those terms mean you can. You still have a user name and password, but you also need to supply something else whenever you log in to prove that you are who you claim to be, so that someone who managed to steal someone’s password can’t get in with John. That stuff this is this is Well, I think it’s we’re starting to see this. I see it on a lot of options, you know? Do you want to enable? I usually see there’s, like, two factor authentication, and this is where it’s a code will be sent to your to your phone number to your to your cell, and then you have to enter that number into the site that you’re tryingto log into is that yes, we’re talking about. That’s exactly right in the core idea There is. It’s actually just terrifyingly easy to steal someone’s username and password, particularly if you build a Web page. It looked exactly like the Gmail log in Paige, but it’s going very, very difficult for someone to simultaneously steal someone else’s phone. It is possible are, but it’s just so much so non-profits can implement this a CZ. When people come in in the morning latto log onto the system, they have to provide two factor authentication. You can do that. I would say it’s less important to do that on, you know, your PCs, you know, so that when you grow up coming in the morning, you have to go to this process. Certainly, hospitals do do that. Everyone has, you know, their little cars, that they swipe against some sort of scanner and that that council there’s there in a second factor. But most of us, I think, are now using something like Google Sweet or Office three sixty five, which is accessible from anywhere. And that’s where the attacker’s really have a have a party right they can get because you could get into the system from anywhere. The attackers can get in from Russia, Thailand, South Africa, lots of various places where they tend to work out on. And so those kinds of cloud based systems, as convenient as they are, also present a pretty big security risk that literally anyone on Earth put attack. And so those are the platforms where you really want to make sure you have multi factor authentication turned on. And the good news is, in most of these platforms, turning on multifactorial education is free and pretty easy. It’s, you know, there’s a few steps to it, but you basically just go to someone’s account. You say this person should now be required to use this second, you know, step verification or multi factor authentication. You have to have your your team signed up. You know, basically, just put in their phone number that they want to receive those authorisation codes at and then you’re done. That’s it. You know, they’re they’re logging process is going to be a little bit harder in some cases, but the whole it’s pretty painless and it’s so affected by locking these kind of so much worth the extra minute that it takes just to enable this, okay? Let’s say we got We got a couple minutes before another break, so give us No, we have to go to a break. Sorry. My mistake. So hang on there, Jordan. Think. Think of the next thing we’re going to talk about Xero tell us. Can use more money. Do you need a new revenue source? This is your long stream of passive revenue that you get when companies that you refer process credit card transactions through. Tell us watch the video. Send potential companies to watch the video. After you do, you go when you want to see it first. And then if they use, tell us for processing you. Your NON-PROFIT gets fifty percent of the fee for each transaction. This adds up small dollars. Adding up the video is that tony dot m a slash Tony. Tell us time for live listener love. We’ve got to do it. There’s so much of it. I get it. I get three sheets of paper, but do not. Eight and a half by eleven sheets. Uh, Northvale, New Jersey. The live love to Northvale, New Jersey. Wow, Northvale. Hello. That’s like that’s two minutes from where I grew up in uh, old Japan. Ah, New Bern, North Carolina. Live Love to you, Carmel, California Paddocks. Kala Patasse, Piela, Ohio Pascal or Patasse Piela Live Love goes out. However you pronounce it even if you pronounce it differently than either of those two ways. Live loves going to Ohio. Jacksonville Beach, Florida Atalanta. Oh, California Tampa, Florida All right, Awesome. Lots of live listener love today. And let’s go abroad. Uh, why wouldn’t we? No reason not to, um Tokyo and Cicada. Oh, Japan. Wonderful. Konnichi wa Hanoi, Vietnam. Ah, Social Korea, on your own. Haserot comes a ham Nida for our Korean listener. Beijing, Beijing, China. Of course we know d how everybody knows that Mexico City, Mexico I was always said, guten tag. No, that’s not right. Mexico City. Mexico would be good afternoon. What a star days when a star dies. Of course. Iran. That’s not guten tag either. But Iran is listening. Laos and Egypt. Well, look. Ah, Middle East. Checking in love it Lots of live love going out to all those people. And they maybe others that we can’t see. Sometimes there’s masked cities, et cetera. Um and ah, the podcast pleasantries. The podcast pleasantries have to go out to our over thirteen thousand podcast listeners right on the heels of the live list. Their love comes my gratitude to our the bulk of our audience, which is sitting podcast in the time shift. Whatever time device, however, you squeeze non-profit radio into your life, whether it’s Sunday nights or Saturday mornings. Pleasantries to you. Very glad that you’re with us. Thank you. Okay, we’ve got several more minutes left for we got lots of time left. Oh, yeah. We got latto two time left for Jordan McCarthy and stay secure in twenty nineteen. What’s next? Jordan? What? What should we attack after we take on too factor with simple enabling of two factor authentication? I don’t want to sound like I don’t make it sound is difficult. Once we once we checked out off, where should we go next? It is really not not hard at all again, just so valuable. So we talked about fishing. We talked about email based attacks on identity based attacks. Again, I would say they are the most frequent, Andi increasingly sophisticated type of attack we’re seeing so that definitely your number one priority, I would say. But then there’s a whole other universe of things that also are happening at the same time. So let’s talk about malware and others have more software based attack. So in addition to the attackers, just constantly, you know, trolling around, trying to find people who they can trick into divulging their passwords. There also constantly scanning every system connected to the Internet to see if those systems are susceptible to various kinds of software attack that can sort of worm their way onto PCs, possibly even then spread to other PCs on the network. Um, and again, all these attacks, very opportunistic, automated. It’s very rare that you’ll see someone actively targeting you because they care about you. They just want a, you know, hit the low hanging fruit. Um, but that means they’re going to put up a malicious file that looks like, I don’t know, maybe a pdf of, you know, um, various discount code for something that that’s that’s a common technique. Or or even better yet, a free version of Adobe Photo Job. Right, look, one one deal. What, one day deal, you know, download adobe photo job for nothing here, right? Of course, that’s ridiculous. That would never happen. And if you click on that link and download the software, you may get some variant of Adobe. But you’re also going to get a boat load of malicious software along with it. And once that software is on your machine, that could do anything it wants. Pretty much, you know, they can watch every keystroke that entered into the BC. It can even take video and audio recordings. It can hijack the computing a network power of the PC and use it to attack other targets. Um, until malware is Avery Big deal. And it’s producing a pretty big deal because the most rallies not even that recent anymore, but one of the more modern variants or evolutions of malware. Let’s say it’s called crypto ransomware, which is a mouthful. But what that basically means is this malware is very sophisticated and what it does. Once it gets onto a machine, it takes a look around. It finds every file. It looks like it might contain something useful to you. So every word document, every picture, every email, takes all of that data and steals it, put it into an encrypted archive, delete the original copies from your computer entirely, and then puts up a message on the screen saying, We have your files. If you ever want to see them again, you have to pay us about a thousand dollars. That was last year. The British medical system, right? And the entire city of Atlanta. All right, let’s get to what we can do. The help mitigate the likelihood minimized. I know we can’t prevent. What can we do to minimize the likelihood of this? So when you were talking about malware again, the number one thing going back even earlier discussion is, too promote that culture of vigilance and thoughtfulness. But technical safeguards there your most powerful defense of your software systems and your system security is to keep your systems up to date and that that sounds deceptively simple for anyone who’s actually tried to do it. You know, it’s next to impossible because everyone is very busy and no one wants to take the time to reboot their computer ten times a day to keep everything up to date. So it’s a challenge. But there are various tools that can help you do that shit. Um, e-giving mind when I say keeping up to date? I’m talking about not only your computer’s operating system so Windows or the Mac OS. I’m also talking about your phone operating system, whether it be Android or IOS. I’m also talking about various programs on your PCs, especially Web browsers on other boardmember that connect to the Internet quite a bit from all of that needs to be kept up to date because any one of those pieces could theoretically, if they get out of date, be broken into by one of these automated attack phones. Khun B phones could be turned. Phones could be turned around into microphones against you, right? Exactly. And you know, phones or general purpose computers, too. So if the phone gets compromised, theoretically, you could end up You know, using that phone is a launching point onto other devices are connected to it. OK, what are we going to do? What? You scared us enough. You scared me. And it was very good, too. Sorry. Didn’t get a little bit late for Halloween anyway, so there’s a few tools that can help you. There are tools that very simply watch all of the program’s installed on your PC and alert you. If any of them get out of date, some of them will automatically install patches for those tools for you on. Most of them are free. You know, if you just do a quick online search for, you know, keep my PC updated, that kind of thing. You’ll get some good options whenever you download anything online. As part of this, you know, theme of vigilance. You wantto look for reviews, make sure other people have used that tool and like it. But there are a lot of tools out there to do this work. That’s very ad hoc, right? Each piece he would have to have that installed, and, you know, someone could uninstall it. It would be kind of messy for organizations that are I would say above, let’s say ten people inside. It probably makes sense to aim for some degree of centralization. Uh, you can monitor and enforce the prompt application of software updates for both the operating system and other applications on there’s a variety of tool kits that can do this that there’s a too big name, um, types of rockets that are useful in this case. One of them is called a mobile device. Management took it. And again, if you do a quick Web search for mobile device management, you’ll find a bunch of different options. Um, some of the big players in the space there include things like Microsoft in Tune, Cisco Air Watch, um, IBM mas three sixty and there are a bunch of others. But those are just some that come to mind, and those are really, really good at managing the security of mobile. As their name suggests mobile devices. So many of them focusedbuyer merrily on the the mobile phone space. But many of them can also handle desktops and laptops as well for desktops and laptops. Then there’s another tool kit or a type of tool kit that really focuses in on that space and those air remote management and monitoring toolkit abbreviated are. Mm. On the first one was abbreviated mdm tonight. We love acronyms. I’m not really sure why, but but thankfully, you kept yourself out of jargon jail by actually using the full name before you even said that with him. So yeah, I get that way. That’s why we have debts when non-profit idea has jargon jail. Oh, thank you. I What? All right, finish your sentence, and then we gotta take our last break. Okay? So remote management and Mandarin monument and management and monitoring tools do exactly what I proposed. It needs to be done. They help you watch species for anything that might need to be updated and get those that they supplied promptly. They can also do more than that. They can watch and monitor and a virus programs which are not actually as useful as you might think. So that’s why I didn’t put them first on my list. Keeping yourself repeated is actually more important than having antivirus programs in place generally. But it is a good last line of defense. And these talk is gonna help make sure that those you’ll stay in place and are updated as well. All right. Jordan and Jordan, Wait. Take your last break. When we come back from this break, I want you to list list again. The resource is that you named so that people can have a place to ah t check out and you know, the ones that you believe are our sound. Do you think hoexter give can use more money again? I need a new revenue source. Here’s another way. Mobile e-giving. You could learn about it with text to gives five part email. Many course. Now, this is an E mail that is bona fide. So you don’t have to worry about is being a phishing e mail. You know, you’re just five e mails away through this many course. One each day from raising more money are raising money to get started through mobile giving. It’s cheap to get started. Its easy for your donors. The way to start the many course. You text NPR to four, four, four, nine, nine nine. All right. And we still got several more minutes. Force they secure in twenty. Nineteen with Jordan McCarthy. Alright, Jordan, what’s your What’s your list of resource is that users can trust. So first of all users listening listeners, listeners, contrast. Who’s you? Well, they are users, too, but listeners is what we’re talking about here. You want to look at whatever vendors you use and you want to see. You wanna have a look at what they say about their own security? So, you know, look at go to the web page of, you know, blackbaud sales force, Microsoft, Google and, you know, just say all right. Tell me about your security. What do you do? What do you offer? What can you help me to nail down? Okay, because many of these platforms will have a lot of security features built in that you may not be taking advantage of. So start simple. Start free. You use a totally ordinary included but may not know about you already included. Ok, then you want to start looking for other resource is to tell you you know, about what else you, Khun Dio? What else? What what? What are the sort of tools of record that really are effective and secure and we’ll increase your security So I mean not to be too self promoting, but idealware is a phenomenal resource for this kind of thing. That haserot hutchisson tons of resources and listeners know that idealware idealware knows dimension of, you know, I, including security brought up Yes. Objective, objective, objective. Other indexes as well. So if you look at sites like PC World, um, com p world ars technica Wired, they usually do reviews of various security tools I go to them routinely to see. All right, what is the latest on the mobile device management tool kit? There really top notch? What antivirus programs are recommended this year because they always cycle in and out. Okay, no. In terms of the tools that I use quite a bit and trust, I would call out for things like authentication. Obviously, Office three sixty five and the Google Sweet are phenomenal talk it They can both do a lot for you in terms of keeping things safe and helping you to monitor the security of your communications and your files and everything. So either this platform’s, I think are exemplary. And both have built in multi factor authentication. You just need to turn it on. Um, if you’re looking for something that can be, go beyond those core platforms and spanning multiple product, you might want to look at. Ah, couple of tool kits that focused squarely on authentication, safeguarding identity. Those tools are duo. Do you and octa O K E A. And these They’re both really big names in the space of again. Just making sure that people’s identities were kept saying that they cannot get attacked by simply divulging their passwords. Both of them provide multifaceted indication toe a wide range of other tools so you could end up just logging in with your duo or octa credentials and then be granted access to a bunch of other things. But but in a very secure way. Okay, excellent. We just have about a minute left. Jordan. So I feel like we did enough on why you should be paying attention to this. Let’s not. Let’s not wrap up with that. But I’ll leave it to you. How do you want to close? You got a minute? I think I would say that. You know, things are pretty scary right now, and I don’t want to sugarcoat that way. As you say. We said enough about it, but there is a lot that any given non-profit Khun do it doesn’t It’s not rocket science. You know, you might be told that you need to pay a butt load of money or hyre, you know, a really fancy consultant to tell you what to do. Ah, and if you find it helpful, sure, by all means, go and get some help. And you know, if you want a lightweight approach or even something more in depth, tech impact is here to help where we’re more than happy to meet you at whatever level the support you need. But having said that, a lot of this stuff is really not that difficult. It can be done by someone who just has the time. I mean, that’s sort of our all of our scarcest resource. I know. So that’s easier said than done. But if you have the time and you know, you can set aside some resources to dig in and turn on mold a factor authentication and figure out how to keep yourself up to date, you were going to be so much safer as a result. And for most non-profits, that’s exactly what they need to do as long as they are safer. Than the average. They are totally not interesting. Okay, hackers we got Okay, We got to leave it there. Don’t be interesting. Two attackers. Ah, he’s Jordan McCarthy. Infrastructure and security of the tech impact. You’ll find them at tech impact dot or GE, which is where you’ll find there the resource paper with even more ideas. And they are at tech. Underscore impact. Thank you so much, Jordan. It’s really a pleasure. Thank you. Thanks. My inside a video with Jordan. We’re going to talk about single sign on next week. The annual zombie loyalists replay with Peter Shankman. His customer service ideas are excellent, so it’s very worth Well, he worth replaying it. Do it every year. If you missed any part of today’s show, I beseech you, find it on tony martignetti dot com. We’re sponsored by pursuing online tools for small and midsize non-profits data driven and technology enabled Tony dahna slash pursuant Capital P. Well, you see, piela is guiding you beyond the numbers regular cps dot com by tell us credit card and payment processing your passive revenue stream. Tony dahna slash Tony Tell us and by text to give mobile donations made easy Text n p. R. To four four four nine nine nine. A creative producer was Claire Meyerhoff. Sam Liebowitz is the line producer shows Social Media is by Susan Chavez. Mark Silverman is our Web guy and his music is by Scott Stein. You with me next week for Non-profit radio Big non-profit ideas for the other ninety five percent Go out and be great. What duitz? You’re listening to the talking alternative network you get to thinking. Things xero. You’re listening to the talking alternative now, are you stuck in a rut? Negative thoughts, feelings and conversations got you down. Hi, I’m nor in Santa the potential tune in every Tuesday at nine to ten p. M. Eastern time and listen for new ideas on my show Yawned Potential live life Your way on talk radio dot N y c geever Hey, all you crazy listeners looking to boost your business. Why not advertise on talking alternative with very reasonable rates interested? Simply email at info at talking alternative dot com. You like comic books and movies, HOWBOUT TV and pop culture. Then you’ve come to the right place. Hi, I’m Michael Gulch, a host of Secrets of the Sire, joined every week by my co host, Hassan, Lord of the Radio Godwin. Together we have over fifteen years experience creating graphic novels, screenplays and more. Join us as we bring you the inside scoop on the pop culture universe you love to talk about. Wednesday nights eight p. M. Eastern Talk radio dot and wives. Did you know you’ve been playing poker your whole life, even if you’ve never played a hand of cards? Hi, I’m Ellen Lake and author of Polka Woman and host of the new show Poker Divas. On the show, I talk about poker. Strategy helps you win in business. Life and Love tune in Live every Thursday one p. M. To two p. M. Eastern Standard Time on talk radio dot N. Y. C. You’re listening to talking alt-right work at www dot talking alternative dot com, now broadcasting twenty four hours a day. Are you a conscious co creator? Are you on a quest to raise your vibration and your consciousness? Um, Sam Liebowitz, your conscious consultant. And on my show, that conscious consultant, our awakening humanity. We will touch upon all these topics and more. Listen, live at our new time on Thursdays at twelve Noon Eastern time. That’s the conscious consultant, Our Awakening Humanity. Thursday’s twelve noon on talk radio dot you’re listening to the talking alternative network. Yeah.