Tag Archives: technology

Nonprofit Radio for March 13, 2023: Beat Back Cyberattack

 

Michael EnosBeat Back Cyberattack

Cyberattacks against nonprofits are on the rise. While you cannot avoid them, you can make them a lot less likely to cost you big money, your data, your reputation, your donors, and your employees. Michael Enos from TechSoup helps us out.

 

 

Listen to the podcast

Get Nonprofit Radio insider alerts!

 

 

Apple Podcast button

 

 

 

We’re the #1 Podcast for Nonprofits, With 13,000+ Weekly Listeners

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.
View Full Transcript

Transcript for 631_tony_martignetti_nonprofit_radio_20230313.mp3

Processed on: 2023-03-11T01:00:20.020Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2023…03…631_tony_martignetti_nonprofit_radio_20230313.mp3.38068433.json
Path to text: transcripts/2023/03/631_tony_martignetti_nonprofit_radio_20230313.txt

[00:01:26.42] spk_0:
And welcome to Tony-Martignetti non profit radio big, non profit ideas for the other 95%. I’m your Aptly named host of your favorite abdominal podcast. Oh, I’m glad you’re with me. I’d suffer the embarrassment of a phone. Yah. If I had to speak the words you missed this week’s show, beat back, cyber attack, cyberattacks against non profits are on the rise while you cannot avoid them, you can make them a lot less likely to cost you big money, your data, your reputation, your donors and your employees, Michael Enos from Techsoup Global helps us out on tony steak too. Get in people’s faces again. It’s a pleasure to welcome Michael Enos to non profit radio He is senior director of community and platform for Techsoup Global. He began his professional career in technology in 1996 and has since led team, tech teams at the national and individual office levels in increasing responsibilities on Mastodon. He’s at Michael underscore Enos at public good dot social and tech soup is where you’d expect them to be at techsoup dot org. Michael, welcome to non profit radio

[00:01:42.03] spk_1:
It’s great to be here. Tony Thank you for having me.

[00:01:46.69] spk_0:
My pleasure. My pleasure. Let’s please explain the work of tech soup. I think it’s so valuable, so many billions of dollars of software and hardware transferred to nonprofits. Make sure, let’s make sure everybody knows what techsoup is doing,

[00:02:52.57] spk_1:
you know? Absolutely. I mean, essentially our, our mission is to help civil society, organizations worldwide um better leverage technology to create impact in the missions um that they serve and to build communities. Um You know, that, that then can then foster that, that, that, that impact globally. Um We do that through a number of different ways. We do that by facilitating philanthropy from large tech donors. Um And you know, most of which are the ones that are just, you know, household names. Um We also do it through uh courses, services, consultations, um and through connecting organizations with each other and through also through engagements like this where we try to really uh to blogs, webinars and other facets where we help organizations understand how they could use tech um and protect their tech to uh enable uh and further have impact for their, their communities. They serve,

[00:03:17.12] spk_0:
I saw on tech soups website today, Microsoft Office or Microsoft 3 65 for a dollar. So

[00:03:18.55] spk_1:
that’s an example, right? And if you were to go to uh you know, Microsoft for nonprofits or Google for nonprofits, for example, um you know, the data validation platform that validates organizations worldwide is managed by Texas So, ultimately, we, we, we do many things but we’re also sort of a, I guess, data leading partner for, for a lot of these organizations that want to understand and make sure that their philanthropy is going into the right hands.

[00:03:48.25] spk_0:
You have, you have local uh connect groups to techsoup, connects groups.

[00:03:54.10] spk_1:
That’s great. That’s right.

[00:03:56.21] spk_0:
Yeah. You know, I know, I know you’re, well, you’re director of community and platform. So is that, is that part of your work

[00:04:42.76] spk_1:
director? I mean, you know, you know, I support that, that organization that we um we have, we have lots of different um areas and, you know, and, and in my role, I support them all um platform is a lot of the, you know, I oversee our enterprise, infrastructure and security as one of my fundamental sort of roles. I mean, obviously with the, with their expansive amount of technology that we have, that runs our platforms that, that consumes a lot of my time, but also the community side because of my background working in the tech for good space, you know, since, you know, for the length of my vocation, um you know, I have, I’ve accessed as a resource for a lot of other groups, including the connect group for when they need, you know, to understand, you know, how to, you know, for, for things like this and for, for other things um to help our communities um better leverage to the tech that they use. I mean, it’s one thing to, to uh provide the technology. It’s another thing to actually help people, you know, provide them the enablement to be able to use it and optimize it.

[00:05:08.91] spk_0:
Are there local meetups are the group’s going back

[00:05:50.06] spk_1:
to? Exactly. There are, there, there are, you know, communities within the regional and our, and that’s part of our connect program. Um And eli, the guy who runs that and, and the group that runs that are very, very energetic and it’s very community driven, which, which is fantastic and we’re sort of an enabler and facilitator in that work, which is wonderful. And that stems from the early days of us being part of the early groups that were involved with the, you know, tech for good space way back when technology was first getting launched, you know, and the internet was first launching different

[00:05:51.33] spk_0:
types of work. I mean, you know, n 10 doesn’t do consulting, which I wanted to ask you about very shortly. But, you know, they don’t do tech grants necessarily, but all, all very parallel with, with N 10.

[00:06:26.73] spk_1:
Yeah. Correct. And, and we, we have a close partner to put 10, 10 and, and we attend the events and such and we’ve long been sort of affiliated with that demand and other and other groups like like 10, 10. Um and we have partnerships that sort of expand throughout the different communities. Um And, and we try to be involved globally as well. You know, so there’s this sort of, you know, there’s the U S side of it, but then there’s also the everything that we’re doing outside of the U S and abroad because, you know, it’s um civil society is international and so, and tech soup is really involved with, with things not just within our own borders but, but outside of them um globally.

[00:06:50.58] spk_0:
Are you going to 23 NTCC the conference?

[00:06:51.42] spk_1:
Um myself. No, I’m not the, I know we have some, some other representatives that are there. I’ve been to many of those uh this year. I’m not specifically going, but we will have some representative from Texas there. I’m

[00:07:03.64] spk_0:
sure. Yeah. And non profit radio will be there as well. We’ll be on the exhibit floor.

[00:07:07.67] spk_1:
Excellent. That’s fantastic. Yeah. Yeah. Well, I’m sorry, I’m not going to be there to be in person to meet

[00:07:12.61] spk_0:
you. That’s all right. There. There are others every, every spring and

[00:07:17.31] spk_1:
virtually, by the way,

[00:07:18.97] spk_0:
that’s true. There is hybrid this year. That’s right. Um And, and texture is also consultants to consultants to nonprofits. Let’s make sure folks understand that too.

[00:08:46.84] spk_1:
Yeah, I mean, we, we provide, essentially, we help organizations connect with other organizations that then provide consultant services. We do some ourselves, but it’s very specific to some of the um because we, we provide a lot of, you know, what we’re doing to, to skills. So to speak what we, what we have is we’ve partnered with other organizations through our platforms to, to align organizations depending on exactly what type of consultation they need to inappropriate sort of resource for them. Um And that’s more uh our, our model in terms of we’re sort of a connector. So for example, if somebody needs, you know, specific sort of technology assessment uh for implementing uh Microsoft, we may do some, but then if it’s more advanced, we may work for them to, to impact or an organization that we partner with and then they provide that as a service to that organization. So, and we have other partners like that, who provide those similar sorts of services that are more hands on and direct than what tech soup can provide at this moment. And we may may expand that more and do some of that um more, more stuff ourselves and, and we are developing that and some of our customers success programs. Um and we do run a lot of sort of in the office programs where people could have webinars. And I’ve spoken in a few of those where we do it in in depth dive of a particular technology so that organizations can learn how to use them.

[00:09:00.19] spk_0:
I’ve always considered the big three to be Tech Soup N 10 and tech impact in terms of technology for nonprofits and, and all three of those of course, are nonprofits themselves. Right.

[00:09:12.87] spk_1:
Exactly. Yeah. All right,

[00:09:15.44] spk_0:
let’s talk about cyber attacks. Uh They are on the rise against nonprofits. What, what, what are you, what are you seeing? We’re going to get into the details, of course, but overall general, you know, kick us off. What are you seeing on this front?

[00:11:31.28] spk_1:
What, what we’re seeing is a lot more, um, targeted attacks, which, which is, which is unique because there’s, you know, speaking broadly about cyber activity, you know, there’s a lot of noise on the internet. There’s, you know, just all these robotic sort of in these bots that are flying around trying to find targets, right? And they’re sort of just, you know, you know, I guess, you know, they’re, they’re doing drive by sort of evaluations to see of anything, you know, just to see if there’s anything that they could get a finger in or, you know, just to explore and see if there’s sort of a, you know, something that they could find in there. What we’re seeing now is more targeted attacks, meaning there’s a specific purpose to it. Like somebody’s like, well, you know what we think that, you know, this is a, you know, a specific type of organization, they’re involved with a particular type of activity and we’re interested in knowing who’s donating to that activity and whether or not we could possibly have access to that information because that might be valuable or perhaps to the constituents that they’re serving because maybe that information is valuable as well, maybe for either financial reasons or, or, or or political reasons. And so we’re seeing a little bit more of that or, or perhaps because we really want to cause disruption in critical infrastructure. And one thing that um this is sort of a broader trend in cyber security around targets towards critical infrastructure and myself and and others in this space believe that civil society, organization data is part of critical infrastructure and critical infrastructure. So I mean, people are targeting things like, you know, we’ve we’ve heard about the target on power grids and uh gas pipelines and such. And you know, if you think about data that’s relative to communities that are specifically vulnerable in certain context or, or have access to information about others, then that’s critical infrastructure because we need these organizations to function in society. And so, you know, there could be other actors who say we want to disrupt that particular critical infrastructure for some reason and that reason could be varied just like it is for why people would disrupt any sort of critical infrastructure.

[00:12:55.08] spk_0:
I have an example that is pretty close to home. I I I own two homes in North Carolina. One of them was affected by that shooting at uh at the electrical substation in that was, that was in Moore County, North Carolina. Um And there’s a, there’s a possible correlation that, that that attack was to prevent a drag queen show from going on in the little town of Southern Pines, North Carolina, which is served by that substation that got shot at. Um So, I mean, it sounds like you’re saying, it’s not that far a leap like, you know, 11 cadre of bad actors uses guns. Another cadre of miscreants could be hackers that are looking for data at that maybe at that theater or, uh you know, among a nonprofit that may have been involved with

[00:13:45.30] spk_1:
maybe maybe the intent at the attendance list or the people who are donating to that event. And so, you know, this is the type of data and like I said, there’s, there’s different reasons why somebody might be targeting certain data. But this, these are the, this is, you know, this is like bingo on the nose, this is the kind of stuff that, that we’re seeing more and more and we’re very concerned about and why we’re really like soup is really sort of launching this um effort to help educate organizations on how to improve uh and understand what cyber security means in this space and how to prioritize it, but also how to um sort of get through the sort of complexity of it and, and, and find simple ways to knock off low hanging fruit to make it sort of actually, you know, doable for them with given their budgets and given their constraints that we a lot of smaller organizations in the, in the space you know, have, generally,

[00:14:39.67] spk_0:
it feels like in our polarized culture that there isn’t a nonprofit mission category that would be exempt from, from possible attack. I mean, you know, even feeding, feeding the hungry, you know, I could conceive of that being objectionable to some group of people that feels like why do those folks get food and, and I don’t get food or why are they entitled? And I’m not, or, you know, something that seems innocuous and purely beneficial. I, I can imagine, uh, another cadre of bad actors deciding that it’s, it’s, it’s worthless or worth worse than worthless. It’s detrimental to our culture for some reason and wanting to attack it. It doesn’t, it doesn’t feel like any particular mission would be more vulnerable or less than, than any other.

[00:15:59.15] spk_1:
Um, you’re correct. And one of the other things that is, has changed in, in this, in this sort of, you know, over time that I’ve seen is the availability of the tools to be able to perform exploits before you would actually have to be, you know, pretty well versed in hacking to be able to do any harm right now. It’s, you can, you can buy the service. I mean, you could just go to the market on the dark web and just say, hey, you know, I want to buy this, you know, uh, this hacking kit, you know, and, and, and, and there’s youtube tutorials on how to do it. I mean, it’s becoming, and, and these are, the tools are free and readily available. So what we’re seeing more of is not only just this trend of people wanting to and, you know, and maybe that hasn’t changed, it’s just that it’s more accessible, right? But, you know, people wanting to, you know, target communities and, and, and, and also try to find valuable data within these communities, but also their ability to do so it’s become easier and there, you know, and, and so you combine those things together and that’s why we’re seeing the trends we’re seeing. That’s one of the reasons

[00:16:21.11] spk_0:
you no longer have to be a sophisticated computer user. It doesn’t take a lot of study, you’re saying these things are available for cost or free to cause harm. All

[00:16:29.81] spk_1:
right.

[00:16:39.80] spk_0:
Alright. So how do we, how do we break this down for folks in small and mid sized nonprofits, you know, that, that they can sort of prioritize? I mean, is it as simple as let’s start having universal two factor authentication for everybody on your teams or maybe that’s passe maybe, maybe we’re past that now. I don’t know, how should

[00:19:30.66] spk_1:
we, you know, you, you make a good point. So for example, like the first thing I think people should do is, you know, or, or what you know, uh would be recommended and to think about it is to do the basics. Okay. What things like what you mentioned is like like multifactor authentication, um you know, anti malware on their clients, keeping things up to date and, and making sure you have backups of your data, these are sort of the basics, right? And so apart from the basics, though, you know, the next step above that is to then start looking at what we call privileged access management or role based security, not everybody needs to have access to everything, right? So, so, so let’s say, for example, a system was compromised with somebody’s permissions or credentials, depending on what they have access to, they could only do so much. And so there’s a, there’s a, there’s an important concept in cybersecurity that we call the privilege, the principle of least privilege. So, and that sort of dictates that a person really only needs access to the information that they need to do the role that they’re trained to do in their specific function. So if, if, if somebody is, you know, in I T, somebody who’s familiar with I T systems, uh they understand sort of the complexity involved and they may have access to privileged systems where they can perform things and have access to that sensitive data, but not the entire organization, right? And so we call that privileged access management. And sometimes, especially with today’s as we’ve moved into the cloud more when things get fired up and somebody spins up an app in the cloud, the cloud as well, generally have some basic role based permissions like the admin, you know, maybe a super user and then maybe some groups and then, and then just the regular users, right? You don’t want to give everybody admin rights. And so because then if somebody, if that just, that just provides more exposure and so these are small things that don’t take a lot of time or effort really to just sort of that, that’s a little bit beyond the basics though because um you know, and you know, for, you know, tech soup, for example, provides, you know, office 65 or 65 go for, for, for work space organizations. And once we, they provision, the next step is to really go in there and sort of harden them a little bit and lock them down and to go through that steps and understand what that looks like. So that um as people start doing things like maybe downloading spreadsheets that contain donor data or customer data that it’s not, somebody can’t accidentally just share that with somebody, you know, outside the organization or, or that becomes available on the general public internet.

[00:20:02.06] spk_0:
So how do we execute some of these things that are, that are more advanced, you know, beyond the backing up the multi factor authentication. Alright. So if you move into privileged access management, we need a, we, we either have a C T O which most listeners probably don’t or we need some outside help.

[00:21:13.19] spk_1:
No, actually, I think that a lot of these, you know, cloud based applications will provide guidance. The good news is is that they have an interest in protecting and wanting you as a, as a customer as well as, you know, the fact that it’s a shared data model. And so the the better that they do in terms of providing information about how this works, the better, you know, the, the the, you know, the people who use that product is going to benefit from it. And so generally in these, you know, you know, and these things aren’t if you have somebody who is at least responsible for the deployment of the technology and they don’t have to be an advanced, you know, computer scientists to do the work of the cloud app then. But somebody should be sort of designated within the organization to ensure some of the basics about the way data is handled. And, you know, getting to one of the export points, I wanted to bring up one of the most important things to understand for an organization is what data do they have? Where does it live and what is the value of it? And what is the value of Michael before we, before

[00:21:22.02] spk_0:
before we move to what, what’s our data inventory? I want to emphasize this, I wanna emphasize the value of being in the cloud. So there is there is value to using uh CRM databases that are cloud based versus server based at, in your office anymore.

[00:22:47.49] spk_1:
Correct. And for so many reasons and, you know, uh, and, and moving to that topic because a lot of the ways that systems are oftentimes breached is because what things we mentioned earlier, such as they’re not patched, there’s, um, not, not very good perimeter security on them. These things are taken care of for you, um, and they’re not backed up regularly. Um, those things, these things are taken care of for you in a sassy application. Um If it’s, if it’s a robust SAS application, like the kind that takes provides. And so when we, when we go to, you know, vet an offer that’s going to be in our marketplace, we we, we go through the list to ensure that this is gonna be a product that will serve the pole, the test of time and actually will, will be robust in, in the requirements necessary for our organization to protect their data. And so, and, and so that leads to, you know, also that making it more but maybe a little bit easier for organizations to then lock down their cybersecurity because they don’t have to have experts come into their closet or their data center and, and do this configuration and do all these updates are very technical on their firewalls and all the hardware and everything all the time in their own infrastructure, it can be managed within the cloud by people who are not necessarily have that sort of, you know, the Cisco CCN a sort of certification? Alright,

[00:23:07.85] spk_0:
thank you. I just, I wanted to drill down absolutely. Very

[00:23:11.75] spk_1:
good point.

[00:23:15.98] spk_0:
The value of from a security perspective, the value of the cloud. Alright, so let’s go to what you were, you were headed to what your data inventory, what what do you have? What what do we need to be? What do you want us to think about their?

[00:23:32.71] spk_1:
Yeah, so no data is not all data is not created equal, so to speak, right? So we have, we have data that it’s just things like, you know, my notes when I’m, you know, talking in a meeting or something like that. Okay. There’s nothing valuable with that. It’s, you know, generally not containing anything that’s sensitive. It’s sort of my notes from a meeting. Okay. Now, if that is something that, you know, maybe I don’t want to share, but it’s not something that, you know, if a hacker birds look at that so I can’t sell this and it doesn’t contain anything that’s gonna, I can do any harm with. Right.

[00:24:09.30] spk_0:
Well, it might depend, it might depend who’s leading the meeting. You might have different, you might have different sets of notes depending on who’s leading your meeting. You know, you might be commenting on the commenting on their uh I don’t know their, their capacity. I mean, not to suggest

[00:24:16.36] spk_1:
that people

[00:24:30.71] spk_0:
know, I’m actually, I’m actually having fun with you like, if somebody at tech soup was not a very good, not a very good speaker or supervisor, you know, then those notes you might not want in the public domain. But if the person is carrying their weight and they’re generally a good, good employee, you know, you have a brighter set of notes that you wouldn’t feel bad about getting exposed. That was my, my point. I guess I wasn’t, I wasn’t coming, I was coming across so dry. It was, it was desert, it was desert dry.

[00:27:18.46] spk_1:
No, I’m glad you brought into it. The, the, yeah, the types of data that you know, we think about when we think about the difference between data privacy and data protection to me, they’re very linked, right? So we, we have a responsibility to protect people’s data and the privacy of their data, but also to protect the security of that data. And so, you know, fundamentally speaking, generally in organizations in the sector, there’s gonna be some, you know, information that’s sensitive or may have some value and if we identify that and identify where that lives and then focus our energy on securing that, making sure that that data is backed up. Um and, and testing access to it, that’s, that’s, you know, if you have limited resources, that’s the place to really focus your attention. And then the other stuff is great. I mean, and use using robust tools like we provide um in our marketplace such as box for document repositories or even sharepoint, those can all be really configured for. So any type of theater, like even my notes from, you know that, you know, or my supervisor notes about me or your notes about me can be secured, you know, um you know, in a very robust way or shared. And one of the things we’re seeing, for example, especially the document collaboration software, it’s very easy to share things. They make it very easy to share with anybody, right? Just click and it always says like share with anybody with link, you know, you know, and so if you, if it’s something like, oh, you know, um uh oh somebody just sent me, you know, or they told me to put in my, you know, take a picture of my passport or something and, and stick it in here, right? And, and I, and the somebody has in the human resources once said, oh, I’m just gonna share this link and make it copied everybody. Now everybody has access to your past potential, everybody has access to your passport photo and I D so, you know, these are the things that we just have to sort of like start thinking twice, which brings me up to my next point. Um Security awareness within organizations, cybersecurity awareness, I cannot stress enough how important it is for organizations to have a cyber security awareness program within the organization. This these programs don’t cost a lot of money. They don’t take a lot of time and they go a long ways to prevent Uh an internal mistake that could lead to something 80% of cyber attacks happen from the inside.

[00:27:27.33] spk_0:
What does this cyber security awareness program look like?

[00:28:34.34] spk_1:
So essentially, so for example, um they’re usually conducted on point of like orientation for an employee that comes into an organization and they go through a video, you know, provided by a platform like no before which is in our marketplace. And, and what they do is they sort of go through this, this methodical sort of, you know, force to teach somebody about fishing about sensitive data about ways that people try to get access to information, either through cell phone, fishing through text fishing through um email phishing or through other means to or even on Slack to say, to try to fool you into providing some information um that they, that they can use a huge trend in this arena is what we call impersonation fishing. It’s a specifically targeted phishing email that looks like it’s coming from somebody within your organization such as your CEO, your CFO or uh the human resources director asking you to provide or update your banking information. And it’s very carefully crafted, crafted, it looks just like that and you really have to do a lot of due diligence to really go through there and say, oh, did this really come from our CEO having

[00:29:03.26] spk_0:
Haven’t there been cases where like a spoof email like this says, you know, wire $50,000 to this vendor account. You know, we’re, the payment is overdue. We need to wire this payment ASAP. And of course, it goes to the Bad Actors account. Isn’t there? Stuff like that? It looks like it’s like the treasurer saying, send a wire or the CEO saying, send, make a payment.

[00:29:40.35] spk_1:
That’s right. Exactly. And, and, and we’ve, um, and if you have an organization and people haven’t been trained to recognize that, you know, if somebody’s asking you for something and it’s something of value, double check it, you know, and, and to contact that individual in a different channel and say, did you really need me to send $50,000 in this wire transfer? I just want to check is this actually came from you? There’s other ways that they teach you in these orientation platforms or in these um security awareness platforms to check the email headers and, and the simple things, but essentially that’s the gist of it. And that’s why security awareness training is so important. So, so people are on their toes when they’re actually doing their work,

[00:30:03.43] spk_0:
do you recommend then ongoing training? You talked about orientation,

[00:30:51.51] spk_1:
there’s, there’s an orientation training and then, you know, most organizations will have it mandatory that they do an annual training and, and this just as a refresher course and also things change. So, you know, the space changes. Sometimes people are doing it now because of the trends more often like every six months. And then specifically for people who are in jobs where they’re doing data handling for, let’s say they’re doing data processing, they work in the donor uh services program or something where they’re managing sensitive data all day long. They’ll be specialized courses for people who are, are actually dealing with data on a day to day basis. So that’s a little bit more involved in terms of actually how to understand and, and that goes into things like, don’t download, you know, a C S V file on your computer and stick it onto a, you know, um, a thumb drive on your computer or transported or, you know, don’t, you know, send out, you know, via email to, to a coworker and, and these sorts of things that are specific to handling sensitive data.

[00:31:04.59] spk_0:
Okay. Interesting. Yeah. So even, even just emailing internally from employee to employee can be risky,

[00:31:37.20] spk_1:
yes, it can be stiff. It’s, and, and there’s because, for example, if, because that’s actually it’s going to stay within that email store wherever that is located. And it’s, um, if it’s unencrypted, it’s gonna be, it’s gonna be encrypted during transit, for example. Um, and, and encrypted at rest. But if somebody else had access to that access to your email server or a privileged access in your system, they could potentially go in and, you know, take over that account, log in as the CEO and have access to the deed and actually browse emails for, you know, and actually do queries and look for credit card information or, or look for email addresses and then they could potentially find information about donors or, or, or, or constituents that sensitive.

[00:35:08.08] spk_0:
It’s time for Tony’s take two. It’s time to get back in people’s faces. Again. Last month, I did a in person live face to face in person training on Long Island. I was in New York City for several days. What a joy. What a pleasure. What a difference, an improvement, you know, over virtual trainings. I mean, look zoom is, I’m all flustered. Zoom is, is necessary and I’m not saying necessary evil. It’s, it’s, it’s a part of the culture, whether it’s zoom or teams or Google meet, you know, whatever virtual meetings, they’re just a part of our lives now. No question about it. But don’t make those the default if you have the option to get back in front of people in person, I urge you choose that option. Uh You know, I could have passed on the opportunity to do the in person training, but I didn’t want to, I didn’t want to donor meetings to while I was in the city face to face meetings again, coffee lunches. It’s just so much better, so much more real than anything virtual can offer. Um I had a meeting, lunch meeting just about 10 days ago or so with someone from Heller consulting, which is gonna be Team Heller. They’re going to be our 23 NTC sponsors at the nonprofit technology conference coming up in Denver And the woman who works for Heller happens to live within 45 minutes of where I live in North Carolina. So we got together for a, a real lunch. We had lunch together over the same table. Remarkable. You know, it’s yeah, more real authentic. I urge you if you can meet someone in person instead of virtual, do it, do it. It makes the world of difference. It’s time to get back in people’s faces again. Don’t make virtual your your default. If there’s another way first, I urge you to do it. That is Tony’s take two. We’ve got Boo Koo but loads more time for beat back cyber attack with Michael Enos. Talk about not preserving data that you don’t need to preserve. Like credit card numbers, full numbers for instance, or dates of birth or other things that aren’t necessary for you to preserve. Isn’t there, isn’t there value in trimming down sensitive data that you don’t really need?

[00:35:40.17] spk_1:
Yes. And and one of the principal aspects of data handling is an optimization of data. So you know, there’s there’s transactional data that happens. And oftentimes, for example, with credit card things are processed nowadays, you’ll usually use a payment processor. So, you know, hopefully you’re not actually you know that server that actually storing that information is not on your box anymore because there’s, you know, you know, you can use an API and a web site and then it happened somewhere else and they take care of all that stuff for you. So, if your systems were hacked, they wouldn’t have access to the credit card data

[00:35:55.19] spk_0:
or,

[00:39:00.73] spk_1:
or Braintree or one of these sorts of services, you know? Exactly. And, and, and so those go to those payment processors and they manage all that, um, which is great because then you, it reduces the amount of exposure on your e commerce site or fundraising donor donation site. And if you’re using a donation software program, like, you know, donor perfect or one of these sites, that’s what they’re doing as well. You know. So they, you know, because, because they, they want to use because that you really have to have the best of breed technology to be able to make sure that that stuff gets that, that’s really super secure and they have higher standards and compliance standards by which they attest to the. Um, and so however though, let’s say you’re, you’re doing an email list to your constituents, right? Um You know, you’re gonna need some marketing data, you’re gonna, you know who to send this, this information to, but you don’t need everything about that individual. You don’t need things like that really. I mean, you may need the basics but you should be using a marketing provider that is secure and you should, you should transfer, get that information to them in a secure way and you should ensure that if that individual wants to opt out. Um and they, all these things should be an organization’s privacy policy so that people understand how their data is being used if they sign up for a newsletter or things of that nature. However, you know, I think your point specifically um oftentimes reports about, you know, activities, engagement, you know, that go into reports for executive or for things that are put into a PDF or in another format, the data should be anonymized. So the only thing that’s there is, you know, aggregated information about, you know, the engagement and not all they shouldn’t be able to drill down and see, oh who is this exact individual? Now if they need to know if it, if they want a donor report about, you know, I want to know exactly to see who um are the top donors and, and such, you know, there should only be limited people within the organization who have access to that data, to be able to see that information that goes back to my other point about um privileged access management. There are gonna be some, there’s gonna be some reason why people aren’t gonna wanna know specifically about, you know, who’s engaging with the community. And also oftentimes on the client level, we need to know that the people who are providing services to communities need to know exactly who these individuals are and more sense of information. And that’s why I was talking about earlier about, you know, understanding where that data lives and, and only having as much as you need to fulfill the function of that, you know, whatever you’re doing. Um and, and having that, you know, and making sure that’s really locked down when I worked in the food down. When I worked in the food and security sector, we had people going out in the communities and helping sign them up for, you know, um cal fresh, you know, essentially benefits, you know, for people to get, you know, you know, government assistance and they had to collect really sensitive information. But what they did is they had ways to you securely transmit that information to the local human resources agencies so that it was all encrypted, it was protected and then once we transmitted that we didn’t have access to it,

[00:39:44.68] spk_0:
what about vetting vendors? You know, if, if you’re offices using a male house, uh you know, some of the data that you just talked about for, for mailing? Um I can’t, I can’t think of other examples of vendors that could be. Well, events, events could have, could event management might have some sensitive data. What, how do you vet your vendors to make sure that they’re taking appropriate actions to prevent theft, fishing, you know, to, to defeat defeat, or at least you can’t defeat them, but at least minimize the threats. How do you, how do you check these third parties that you’re working

[00:41:16.80] spk_1:
with? Well, you know, that’s a big part of my roller tech soup. So whenever we, whenever we work with, with, whenever we’re going to be using a new product or app or something like that, it’s my job to go in and actually check and organizations, these, you know, these application providers will provide um on their site or they should and if they don’t, you shouldn’t use them, but most of them will provide on their site access to their information security program and what they do where their data is located, what they do to protect it, their compliance levels, their certification levels, um whether they do audits, whether or not they do penetration tests And what type of and, and, and everything to that order and that should be vetted by, by somebody before they onboard an aunt. And we do this all the time. We use a lot of different apps to Texas north of 100. And so we, every time we were on board one for some utility within the organization, we make sure that they meet this standard. There’s, and we actually, since we’re a third party vendor for other people, they have the same for us so that a lot of the work I do as well as to, you know, report out periodically to all the people who are using our, our platform to facilitate their data to organizations and you know, what sex, what tech soups information security program like. So this is, you know, because creates transparency, but it also helps people understand what the risks are, which helps when you’re in a situation where I needed to go and advocate for resources to institute a cybersecurity program.

[00:41:47.96] spk_0:
I want to ask you about the board’s role in all this. But, but is there anything more that you want before we get to the board? Anything more you want to talk about threat minimization policies? Anything we haven’t covered that you want folks to know about?

[00:44:14.11] spk_1:
Yeah, I think that one of the things that is, you know, that we haven’t mentioned yet is preparedness for an incident, essentially a security incident, incident response plan. This, you know, is another thing in that sort of list of five that an organization should understand. Um if you have a situation where your data’s been um breached. And, and one thing I do want to do is to describe quickly, even this kind of a dry topic is there is a difference between a security incident and a security data breach. A security incident is could be something as innocuous as somebody just knocking off your website and taking it down with a DDOS attack. Now that sounds in Oculus because it’s just, it doesn’t sound innocuous because it’s disruptive because nobody can get your website, but nobody’s taking the data. And as soon as that denial of service attack is stopped, your website maybe still functioning. Um But that’s an incident and a data breach is different because now you’ve got to do a couple different things. You’ve got to number one, find out how the breach occurred, which you should also do in case of the DDOS attack. Um But above that, you also need to then understand how to respond to, you know, what data was breached. What’s the scope of that data and who are the individuals and, and what’s our plan to reach out to those individuals and notify them about the breach? And was our policy around that? And who do we have to include in terms of communications internally and legally and, and to provide that transparency because for a number of different reasons, number one, it’s the right thing to do. Um and number two, because it actually helps build trust within, within communities because if people understand that, you know, these things happen and they happen to some very, very large organizations, right? We, we know about these, these really large breaches, but the more transparent they are the more the consumers or the constituents who used those products. Think gosh, they really responded well to this and they acted immediately, they communicated appropriately and they remediated, you know what happened and, and that was the responsible thing to do and you don’t wanna be doing that in the middle of a breach. So, having a plan up front helps during that process because otherwise it’s just too much at one time, everything and

[00:44:21.00] spk_0:
the plan is gonna lay out who’s in charge, who makes, what kinds of decisions, um,

[00:44:27.43] spk_1:
notify. Right. And what’s the playbook essentially? Yeah.

[00:44:52.19] spk_0:
Like, I mean, it could even, it could even break down to needing a remote place to work. I mean, go go that far or because we’re because we’re hopefully in the cloud we don’t like like if our physical infrastructure gets um compromised, do we need to go off site? And, and what’s the technology, the technology capabilities in our, in our off site work location?

[00:45:17.93] spk_1:
Well, that’s actually a little different. Um so we usually talk about that in terms of business continuity plan. So and, and that would be the same sort of plan you would enact case of a natural disaster or something like that. I mean, is a business continuity and, and that’s far exceeding the scope of what we can discussed today, although I’d be happy to discuss that. Let’s not let’s not

[00:45:22.65] spk_0:
I don’t want to panic folks. Okay. Alright.

[00:45:25.60] spk_1:
Alright. Alright,

[00:45:27.20] spk_0:
you got me focused on, you got me focused on like I don’t know, natural disasters and terrorism. All right, let’s

[00:48:44.52] spk_1:
go to the board. Okay. Alright. So, so one of the things that boards were all right. So organizations nowadays are let’s put cybersecurity is becoming and, and is becoming as important as sort of financial security with an organization. The two are becoming linked together An organization. And so for many years, as we all know, uh 501 C3 organizations in the us are generally bound to having a financial audit annually. Right. And then they report to the board and the board will make sure that, you know, there’s a financial audit to ensure that the funds are used judiciously. Um there’s oversight and governance over these matters. Cyber security is becoming as important as financial security because the two are linked together. If there’s a because it could affect it. If you have a ransomware attack, it could affect the viability and the business sustainability of an organization. So it’s a very serious matter. It’s becoming a very, very serious matter for organizations to then think about cybersecurity as a compliance issue, not just nice to have. And so helping the board’s understand that this has shifted from a situation where, oh, well, you know, there’s nobody’s going to attack a nonprofit and uh you know, and if they do, you know, it’s, our data isn’t very important. Um It’s things have shifted, right. So I think recently there was a community, um it’s one of these cities, for example, was an entire city was, has been locked down for days because our grants were attacked and so nothing can function within the city because, you know, um that’s going to affect everything within the city, not just their continuity and safety of people, but also um it’s gonna have a financial impact. So cyber security is becoming more like a compliance issue and a governance issue. And so I think if boards understood that, then they would understand the need to prioritize and to provide funding and resources for those within the organization. Whether that if a small organization that the CFO or the C 00 or even the CEO to then say, look, we need to carve out some resources to be able to understand our risk and the best way to do that would be to do a third party risk assessment and with, with somebody to come in and actually do an evaluation and say, because they’ll come in and do, you know and come in and say, hey, look, these are the, you know, we come in and, and these people are vetted, their, this is their job and you know, they’re safe to work with and go in and say this is where you really need to. These are the critical things, these are, you know, not important things and these are the nice to have and they’ll, they’ll lay it out for you and then you can develop as part of your strategic plan as an organization just like it should be part of your business plan and should be linked to the business plan because the strategic plan for the organization and then the funding, the budget resources, the resource planning and all these things should be baked into the operational strategic plan for an organization. That’s where we’re going in the sector.

[00:49:03.09] spk_0:
Okay. It belongs as part of your strategic plan, your business plan. Alright.

[00:49:50.46] spk_1:
Yeah, and, and that’s where I think that it’s um uh it’s just like I said, I think where a board comes in is to helps understand that so that they could then authorize and, and oversee and ensure that an organization is doing this work and it’s hard work because, you know, you may have limited resources where we’re gonna carve where we’re gonna carve this out. And however, the good news is that there are people who want to fund this, there are grantmakers who are super would be super happy to be able to say, look, I’m gonna help, I’m gonna capacity impact um grant to this organization to help improve their cybersecurity because of these trends that we’re seeing. And so, and then you can use that as a mechanism to possibly help fundraise to offset some of the funny. So it doesn’t have to come out necessarily of your operational costs.

[00:50:23.28] spk_0:
Okay. There are foundations that will fund fund this. Yeah. Alright. All right, we’re gonna leave it there, Michael. Thank you, Michael from Montana, Michael Eno’s Senior Director of Community.

[00:50:26.28] spk_1:
And it’s

[00:51:30.65] spk_0:
my pleasure to thank you, senior director of Community and platform for Techsoup Global he’s on Mastodon at Michael underscore Eno’s at public Good dot Social and Tech soup where you’d expect them to be techsoup dot org. Next week, I’m working on it. Uh, and I assure you that there will be a show next week because this is show number 630. And I’ve been producing a show every week for 13 years close to. So I assure you there will be a show next week. I just don’t know what it’ll be about, but don’t bet against me because there is gonna be a show. You know, you’re gonna lose if you bet against there being a show next week. If you missed any part of this week’s show, I beseech you find it at tony-martignetti dot com. Our creative producer is Claire Meyerhoff shows. Social media is by Susan Chavez, Mark Silverman is our web guy and this music is by Scott Stein. Thank you for that affirmation. Scotty B with me next week for nonprofit radio big nonprofit ideas for the other 95% go out and be great.

Nonprofit Radio for August 29, 2022: Your Tech Problem Is Actually A People Problem

 

Ananda Robie & Sam Dorman: Your Tech Problem Is Actually A People Problem

Wrapping up our #22NTC coverage, Ananda Robie and Sam Dorman sort out why your nonprofit’s technology problem is very likely a people problem. And they share their roadmap to better technology tomorrow. Ananda is with the Center for Action and Contemplation and Sam is from The Build Tank.

 

 

 

 

Listen to the podcast

Get Nonprofit Radio insider alerts!

I love our sponsors!

Turn Two Communications: PR and content for nonprofits. Your story is our mission.

Fourth Dimension Technologies: IT Infra In a Box. The Affordable Tech Solution for Nonprofits.

Apple Podcast button

 

 

 

We’re the #1 Podcast for Nonprofits, With 13,000+ Weekly Listeners

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.
View Full Transcript

Transcript for 606_tony_martignetti_nonprofit_radio_20220829.mp3

Processed on: 2022-08-26T19:11:13.159Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2022…08…606_tony_martignetti_nonprofit_radio_20220829.mp3.463558328.json
Path to text: transcripts/2022/08/606_tony_martignetti_nonprofit_radio_20220829.txt

[00:02:02.70] spk_0:
and welcome to tony-martignetti non profit radio big non profit ideas for the other 95%. I’m your aptly named host of your favorite abdominal podcast. Oh I’m glad you’re with me. I’d be stricken with cause Elijah if you burned me up with the idea that you missed this week’s show your tech problem is actually a people problem wrapping up our 22 Ntc coverage. Ananda roby and Sam dorman sort out why you’re nonprofits. Technology problem is very likely a people problem and they share their roadmap to better technology tomorrow. Ananda is with the Center for Action and Contemplation and SAM is from the build tank on Tony’s take to wrapping up national make a will month we’re sponsored by turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot c o. And by fourth dimension technologies I. T. Infra in a box. The affordable tech solution for nonprofits. tony-dot-M.A.-slash-Pursuant D Just like 3D but they go one dimension deeper. Here is your tech problem is actually a people problem. Welcome to tony-martignetti non profit radio coverage of 22 N. T. C. You know what that is by now through all the interviews we’ve been doing, it’s the 2022 nonprofit technology conference and you know that it’s hosted by N 10. The smart folks who help you use technology as you’re doing your important work with me now are Ananda robi and SAm dorman. Ananda is digital Managing Director of digital products at center for Action and contemplation Sam dorman is co founder At the build tank Ananda Sam welcome to nonprofit radio

[00:02:23.64] spk_1:
Thanks tony

[00:02:24.87] spk_2:
Yeah, thank you so much for having us.

[00:02:36.99] spk_0:
The pleasure. Pleasure to have both of you. Your session topic is your technology problem is actually a people problem. Sam can you, can you give us an overview of what folks are often, uh, misconstruing about the real problem perhaps at at their smaller, mid sized non profit

[00:03:30.65] spk_1:
Yeah, absolutely. Yeah. My partner chris and I, we, you know, founded the bill tank to try to help organizations resolve their pervasive technology pain, which is, um, which is really common. It’s just about every organization is struggling under these, these same restrictions where they just don’t have the technology that allows them to do what they want to do and it’s holding everybody back and it’s creating all all kinds of pain points. And so what I think that people don’t realize is so often it’s not actually a problem with the technology, the symptoms, you know, feel like their problems with technology, but it’s a gap in a certain kind of technology capacity. Um, and it’s about actually getting the right internal team doing the right types of things, which is sometimes not what people expect it should be. And Ananda is a perfect example of that kind of person. And the team she has built at C A C is a perfect example of what it looks like to go from those sorts of pervasive technology Pain points to actually really using leveraging technology to its potential to help increase the organization’s impact

[00:03:58.76] spk_0:
ananda what are some of the symptoms that you were you were feeling at center for action and contemplation?

[00:04:54.00] spk_2:
Yeah. Well, luckily I was so blessed that by the time I came to the C a C, they had already met chris and SAm and gotten bought in on the digital product team model and investing in structuring technology Well. But prior to coming to see a C in previous roles, I’ve had, I did experience that other nonprofits or in higher ed, which has been my kind of career path. That really what’s most common is you hire folks to do a job and then technology is treated like off the side of their desk. So you might hire a development director who’s responsible for fundraising for your organization, but then they’re also responsible for, you know, keeping the donation platform up and running and troubleshooting issues or if you need a new platform going and finding it and uh, you know, putting it into place. And so it’s just means that people a have too much work on their plate. So their workload is too much and then you don’t have the right people with the right kind of interests and skills doing the work. And so there’s a whole model for how we kind of have distributed ownership and break down the ownership between content folks and technology folks.

[00:05:10.36] spk_0:
Okay. You say there’s a whole model, Is that, is that part of what your your session was about?

[00:05:51.03] spk_1:
Yeah, exactly. So, so, we, you know, we pulled together this thing called the road map to a better technology tomorrow. So chris and I were always trying to share everything we can as resources. We can work with some organizations like the CDC, but we can’t work with every organization. But it also feels like a lot of these things, once you understand the concepts there not that hard, they’re pretty based on common sense. They’re definitely not common practice, but uh, we try to share everything freely. So we put together this roadmap with just sort of six key steps about, here’s how you go from where you’re, where you are now to building this kind of capacity that’s gonna be able to supercharge you. So, in the, in, in the session, we just walked through those six steps.

[00:05:54.01] spk_0:
Okay. And this is the road map to better technology tomorrow. Like something from the 1950s,

[00:06:01.43] spk_1:
your

[00:06:02.85] spk_0:
new electric stove is the the kitchen of tomorrow for the happy homemaker.

[00:06:09.47] spk_1:
We kinda did. It’s a little bit tongue in cheek. We, we like to have a lot of fun with the work that we do. And so we sort of, it felt a little bit like it was like mad men branding the road to a better technology. Yeah,

[00:06:37.24] spk_0:
that’s what I think of it immediately, but before we All right. So, we’ll go through the roadmap Sounds, uh, sounds very exploratory what sam, but why why are we defaulting to blaming, uh, faulting technology? Is that, is that because it’s easier than looking introspectively at our team and our skills and gaps there in? Well,

[00:06:44.52] spk_1:
it’s hard to

[00:06:45.16] spk_0:
blame technology.

[00:07:49.02] spk_1:
Well, it’s understandable. That’s where you feel in the pain. So people just don’t have the basic tools that they need. If you’re trying to accomplish anything, you’re trying to, you know, not to use the example of a fundraiser. You’re trying to raise money if you’re a communicator, if you’re a program person, if you’re an executive trying to understand what things are working, the pain point is focused on. We don’t have a system that helps us track our donors well, or understand their journeys with us. Or a lot of pain is felt with websites, you know, like everybody needs to use the website as a key. It’s like your front door. It’s also your engagement pathways. It’s a key property. And very rarely do organizations have it where everybody who has needs with those properties, with those, with those technology platforms, is actually getting those needs addressed. And so, you know, they, that’s where you feel the pain. But what people don’t understand is it’s because there’s a lack of ownership and lack of stewardship and it’s not a highly technical kind of lack of ownership and stewardship that’s missing. It’s a highly strategic, highly communication based set of skills that needed to steward these platforms and make sure that everybody’s getting what they need out of them and have sort of a long term oriented view. It’s exactly the kind of stuff that Ananda is so strong at.

[00:08:08.05] spk_0:
Okay, okay, so it sounds like the shortcomings uh manifest themselves in people’s performance because we don’t have the kind of tools we need, you know, the things you ticked off saying that you’re you’re more eloquent in describing that I’m going than I would be, so I’m not gonna bother, but I’ll just say it’s everything you just said, but it manifests itself in poor performance or overworked or

[00:08:57.22] spk_1:
Yeah. And I’ll just say, you know, it’s sort of like you have, you you you you wanna you get great people around you in an organization, you have a really inspiring um mission and you get great people around you and it’s like getting a bunch of expert chefs in your kitchen and then all you give them is a bunch of wooden spoons and you say cook a gourmet meal, they just don’t have the tools, they need to make their amazing, you know, and so what you wanna do is you want a situation where you have someone whose job it is to just make const consistently enable their colleagues to do better and greater work via those sort of technology systems. So promise of technology is just not commonly realized for most organizations, it’s just paying up and down the up and down the books

[00:09:06.58] spk_0:
because the people at that dining table are gonna say these chefs suck

[00:09:10.08] spk_1:
right?

[00:09:10.81] spk_0:
Yeah, you’re gonna say something

[00:09:12.73] spk_1:
back.

[00:09:13.80] spk_0:
I’m sorry. But

[00:09:15.34] spk_2:
no, I was just gonna say, I think um

[00:09:17.99] spk_0:
when

[00:10:12.60] spk_2:
we say it’s a people problem, it’s that’s not to be misconstrued that it’s a problem with the people currently in the organization having a deficit or something. It’s usually a people problem because the right staffing to steward your technology has not been put in place. So it’s really a people problem often in terms of a gap in people for the technology. So it’s a misconstrued notion that, you know, when you get technology, it would be false to think that good technology is just plug and play, you get it off the shelf, you plug it in, you play, it works for your org forever more. Um, that’s not the case for anything. Your organization is growing and developing and adapting and evolving. Um your technology needs to do so as well. But in order to stay on top of that, you have to have the staffing of the folks like me who are responsible for treating that technology almost like a product. So we’re gonna make sure it stays up to date, it gets um serviced and updated and replaced as needed. So I just want to make sure no one is hearing this as it’s a people problem within your org. I’m sure the people within existing orders are phenomenal and they likely have too much to do and a full time job in addition to potentially looking and focusing on technology, you should have a specific stripe within your org that is focused on the technology much like you have stripes focused on your programs.

[00:10:40.30] spk_0:
Okay, thank you. Alright, banana. Are you, are you familiar enough with this too to launch our journey on the, on the road map to a better technology tomorrow?

[00:10:45.91] spk_2:
Well I’ve had the benefit of truly like working under chris and SAm’s mentorship for the last six years. So I like to think that I’m very familiar

[00:10:53.79] spk_0:
with it.

[00:10:54.46] spk_2:
Yeah, SAm and I have kind of been on a little bit of a publicity tour lately. I feel like where Sam you know because he and chris is brilliant minds are what came up with the kind of road map and then I get to offer a bit of the color commentary about what it looks like in like implementation and actuality versus

[00:12:51.20] spk_0:
theory. Turn to communications media relationships and thought leadership. First comes the relationships then comes the leaderships leadership but I couldn’t pass up the rhyme. You gotta have the relationships before you can get the leadership the thought leadership because you need those relationships so that when an opportunity for thought leadership emerges either because there’s some big news hook or you just have something that is compelling that you need folks to hear. You gotta have uh you gotta have the journalists and the other content creators in a position where they’re gonna pick up the phone when you call, they’re gonna reply when you email. That takes relationships turn to knows how to build those relationships. So you gotta have the relationships, then you can get heard. Then you become a thought leader in your field, turn to communications, they can help you build those relationships. And while you’re working on your messaging, that can help you craft that also so that you become the thought leader, you ought to be, you deserve to be turn to communications. Your story is their mission turned hyphen two dot c o. Now, back to your tech problem is actually a people problem. And what about buying leadership by in Ananda? Was was was was C A C beyond that. When you got there, you said they had already bought in. So, had you, like, had you passed that phase, Is that something you didn’t have to deal with?

[00:13:32.75] spk_2:
I mean, I think it’s always ongoing. I’m always telling the stories that it takes to make sure we’re investing in technology properly from a capacity and funding in time perspective. But I really was fortunate when I joined the Sea a sea, that our executive director, Michael Michael Poffenberger had attended one of chris and SAm’s talks and really just connected with their approach to technology and wanted them to support the C A c is really up upping our game when it came to tech. Um but one of chris and SAM’s requirements was that if you want to partner with them, you’ve got to have internal staffing to kind of fill that gap that is all too common when it comes to tech. Um, so hiring my position was basically the organization’s response to this is the direction we’re gonna head when it comes to structuring our technology and this is the first position we’re gonna hire to make that happen.

[00:15:11.64] spk_1:
tony maybe I’ll add. It’s also really important to note that a non as part of the leadership team now at C A. C as the chief of this team and that’s one of the things that we really emphasize is important. You know, the actually the first step in the road map we were going to talk about is you must be willing to invest and it’s about investing, not only resources, but time and care and focus. If technology is not part of what your leadership knows and understands, then you’re making decisions sort of devoid of what you can actually do in the world. You know, it’s like technology nowadays as your arms and legs to do almost anything in the world as an organization. And so if you have a bunch of people at leadership level, making decisions about programs and what you’re capable of or timelines or anything like that without that strong back and forth communication with those arms and legs and you have an organization that sort of lurches forward and can’t walk straight. And so it really makes a huge difference when you see a situation like CSC where nana is there as part of the leadership team, able to say yes organization. This is what we’re capable of. And also, um yeah, we can we can do these tradeoffs that we’re talking about at a leadership level, but here’s what we’re gonna have to dip prioritize and here’s what we’re going to prioritize. So it’s just sort of a whole different approach of, of investing in technology is a key skill set for the organization.

[00:15:17.61] spk_0:
Okay. And you said that’s our first, our first of the six steps is investing, but not only in the technology, but also in in the organization the people

[00:15:48.39] spk_1:
well. And that’s why we start with saying, you have to invest as, you know, you have to be willing to to hire people in this certain type of uh, you know, a certain type of capability and that means salary and that means head count and that’s one of the most expensive things. There are, so a lot of times we say, you know, that’s, you got to hear the bad news first, which is, it’s gonna cost a lot, most organizations are woefully under invested in internally internal technology capacity. And that’s just the truth of it. So when, when people come to us and say, you know, is there an affordable way we can do a B and C. We say no. If you want to be good with your technology and good good meaningful impactful outputs, you have to invest in terms of resources in terms of development, in terms of external experts and in terms of your internal team

[00:16:13.51] spk_0:
ananda what what’s the annual budget at Center for Action and Contemplation and and how many employees?

[00:16:20.30] spk_2:
Yeah. Great question. I believe our annual budget is close to about nine million and we have about 55 employees.

[00:16:35.89] spk_0:
Okay. All right. I want listeners to understand the context of what investment means. Why is at the center for action and shouldn’t contemplation come first and then comes action after you’ve given after you’ve thought about what it is you might be acting on, you

[00:16:51.54] spk_2:
know, one of my favorite things that our founder father Richard moore says is that actually the most important word in our title is the word. And because what is good action without sufficient contemplation? And what is the point of contemplation if it doesn’t result in good action? So and is the most important regardless of which order? Those words come in.

[00:17:08.97] spk_0:
Okay. All right, thank you. And thank you Father Also. Alright. All right. So, um Sam is there a place for folks who have you know have a smaller organization like uh suppose it’s like half the size of of C a C s annual budget like it’s 4, 4.5 5 million

[00:17:22.95] spk_1:
dollars is still

[00:17:24.56] spk_0:
a place that that they can improve their relationship. I’m gonna say their relationship with technology.

[00:17:31.79] spk_1:
It’s a great question. You know we have done this with very large sort of

[00:17:38.48] spk_0:
two great questions in a row. It’s all downhill. Yeah

[00:17:39.66] spk_1:
pretty much

[00:17:41.58] spk_0:
batting

[00:18:54.94] spk_1:
average, batting average is solid so far that we’ve done some very large sort of enterprise scale organizations. We’ve done it with tiny organizations and people ask me that often like well you have to be a certain size and I think the answer is no you don’t have to be a certain size. So I used to work out of an office where there was social enterprises that were being incubated. And so like people starting uh you know, triple bottom line businesses as they used to call them. And what they would do is either the founder uh would be someone with great technical sort of oversight capability or your first hire was sort of a C. T. O. Or a technical co founder. And so nowadays it scales down to I think the size of two, if your organization has a headcount to half of that capacity is probably focused on your technology because anyone starting an organization today understands how essential that is to be able to do anything in the modern day world. The problem is a lot of old organizations are trying to get away from this really old model of like the tech person in the back corner who just thinks of all things tech and everything. Tech goes through that person. We often say that’s like having a department of paper where everything on paper goes through one person in the back room. It just doesn’t make any sense. Everything is technology at these days and you have to be more sophisticated about what who you’re putting on what there’s a lot of different skill sets that you need at the table. Most organizations have their traditional I. T. Covered. Most organizations have their super users of technology covered. And almost no organizations have this particular gap which is technology stewardship

[00:19:15.10] spk_0:
Amanda. What were your credentials before you came to see A. C.

[00:19:55.68] spk_2:
Yeah so I um I actually studied film in college and I think that’s really comes from, I had an inkling towards technology. I really loved editing, I loved editing software and afterwards I went to work for a nonprofit. My goal was to actually be in the creative team. But but as a part of working there, a part of my job was using salesforce. Um And I was kind of what is traditionally called an accidental admin. So using salesforce for a couple of years they’re like, hey you’re really good at this, Would you be interested in doing this more full time learning more, taking on more responsibility. Um And I said yes and I think it’s one of the best decisions I ever made. Unfortunately our nonprofit went through a pretty massive downsizing. Um So they kind of kept on people who were like the jack of all trades and could do a lot. So I was kept on kept on as primarily the technologist but I’ve been working in Salesforce now for about

[00:20:16.08] spk_0:
12

[00:20:16.66] spk_2:
years. Uh So now certified Salesforce admin and focus on our digital product team. So I oversee our Crm Web and I. T. Teams for the C. A.

[00:20:24.93] spk_0:
C.

[00:21:30.54] spk_1:
Maybe tony I might add that. It’s like a perfect background. So you know one of the things we say is when you’re looking for technology people a lot of people think that means oh we gotta we gotta hire a bunch of developers um And that’s usually the worst thing you can do. Usually development is something that’s not easy um to hire for to manage to to evaluate the quality of work. And it’s one of the best things that you can outsource because there are firms that that’s their job, that’s what they do, that’s what their specialty is. But this sort of this sort of skill set that Ananda is such a master of this sort of like this communication based sort of ally ship based strategic layer of technology stewardship that comes from all all kinds of backgrounds and so oftentimes in an organization, people already have people like this that could be amazing stewards of their technology but they’re just not tapped for that, They’re not put in the right roles. So it really is, it really opens the floodgates for who can come in and help as opposed to sort of competing for the same highly technical, um, you know, people with, with, with depth in a, in a technical area. You’re really looking for people who are just, you know, great communicators and understanding of the big picture and allies, natural allies and uh for for their colleagues to help them do everything they do better.

[00:21:55.43] spk_0:
I think big picture big picture technologist is is valuable the way you, the way you described it. Let’s let’s move on to our let’s continue on our journey. Sam what you and your partner have, uh, what’s your next, what our next stop? What’s our next stop on the

[00:22:40.26] spk_1:
journey? We’ve already been hopping around in a few of these and you can, you can see them on on the road map. But I’ll mention one piece that Ananda referred to earlier, which is this, this we have this model of trying to separate out the just because of a chart we we created long ago, it was the Blue team and the gold team. The Blue team was this sort of tool. Optimizers like Ananda and the gold team was the people who are trying to use their tools to accomplish their work. So most, most of the people on our chart an organization, they might be like fundraisers communicators, program. People, executives, any number of things. They need tools but they need them to accomplish their work. And like said what often happens is they don’t have the tools they need. So they sort of finally go out and they’re like, I’m gonna build a Crm or I’m gonna build us a new website

[00:22:49.66] spk_0:
and

[00:23:02.20] spk_1:
now they’re on the phone with developers and talking about platforms and all the stuff that pulls them out of what their strength is instead of work focusing on their areas of expertise, which could be fundraising or anything else. And you’ve got these other people like who are just natural tool optimizers who can sit down with those people here, what they’re trying to do and say, okay, I can go figure out how we do that in technology land. Let me spend all my time on all these crazy paths that that takes. And then we come back together, have a meeting and I can tell you the three options and we go from there. So it’s it allows people to focus on their areas of expertise and and when you see that all of a sudden the machine really starts humming a lot more.

[00:23:32.29] spk_0:
So uh summarize the second stop for us. How would you, I mean if if the first one was invest, nothing has to be a single word. I don’t

[00:23:59.21] spk_1:
know that’s fine. The second one is differentiate three key areas of technology. So that’s where I was talking about, not just the sort of everything goes through tech but you’ve got traditional I. T. Which is something else which is setting up your computer’s security and software and hardware and all that. That’s a different set of skills. You’ve got your content users, your your super users and then you’ve got the the team that Ananda leads which is actually your your tool optimizer team, your digital product team

[00:24:09.47] spk_0:
stewardship to you call technology stewardship

[00:24:12.73] spk_1:
technology stewardship. Exactly.

[00:24:14.58] spk_0:
Alright.

[00:24:45.49] spk_2:
Yeah. I think one of the um you know chris and SAm have a great one liner that I always love to mention when we’re talking about this part of the road map which is that everyone likes to geek out somewhere. And I think that’s the importance here is like are the folks that you have hired within your organization able to focus the majority of their job on what they were hired to do that they’re likely experts and excellent in or are they getting distracted by having to work on tech or technical people having to contribute more to content. So the idea is making sure that folks who like to geek out on development or marketing or creative customer service program execution really get a partner that then is responsible for making sure that we find and build and train on, allowing them to have the best tools possible to do their jobs well. Um and that will just alleviate a lot of dysfunction and a lot of missed opportunity for um, just prioritizing capacity.

[00:28:50.81] spk_0:
It’s time for a break. 4th dimension technologies. They still have the free offer exclusively for nonprofit radio listeners. You get the complimentary 24/7 monitoring of your IT assets. It lasts for three months. They’ll be monitoring your servers, your network and your cloud performance. They’ll monitor your backup performance as well all 24 7. If there are any issues, they will let you know ASAP at the end of the three months, you’ll get a comprehensive report telling you how all of this is doing against different benchmarks that are standard. You know, you want to know how you’re, how you’re faring compared to where you ought to be faring. And they promised to throw in a few surprises as well. It’s all complementary. It’s on the listener landing page, tony-dot-M.A.-slash-Pursuant D just like three D. But they go one dimension deeper. It’s time for Tony to take two national maker will month is coming to an end. So sad. But I am celebrating to the bitter end. We’re not letting any of national make a will month go away, leave us without full celebration. And to that end I’ve got more ideas, more reasons really. They’re not just there. They are. My ideas, they’re my thinking. But these are, these are reasons, this is not in the abstract reasons why wills are the place to start your plan to giving, I’ve done 13 through 15 already. I’m gonna do 15 through 13 through 15 already. I’m gonna do 16, 17 and 18, the last week of August and you can see the compendium of reasons at linkedin so far. Eventually they’ll be on my blog. But right now you go to linkedin through the month of august, you will see the cornucopia of reasons why planned giving should be started with Will’s simple charitable bequests. So go to my linkedin and you will see the vast array of reasons That is Tony’s take two. We’ve got just about a butt load more time for your tech problem is actually a people problem with ananda roby and sam dorman. I’m thinking about fundraising, which is what I do. I do plan giving fundraising consulting and thinking about how the supplies and fundraising, like there are people who are great at relationships but not so good about the simple, the simple, very simple user task of documenting the relationships and the activity and the steps and things. So, you know, like for them, if there could be some smoother way, like maybe they could dictate instead of having to type or you know, maybe give them a portable device, you know, they can, they can do it on a, on a on a pad or a service, you know, instead of having to carry their laptop or feel like they have to go back to their desktop to to preserve things like that. I think that’s a simple example. It’s a

[00:29:20.61] spk_2:
simple example but it’s perfect. I mean that’s the epitome of my job is like what do you need to do in order to do your job well and if one of those things is documenting your interactions and there seems to be a roadblock to doing that well let’s find out why is it like that you are constantly maybe out in the field doing your work and there’s not a good mobile app in order to complete that. So you’re having to wait till you get back to your desk is the platform, you’re using the UX UI really clunky to use are you just not trained? Have we now not provided the reporting that then shows the return on your investment. So you have this incentive to see how all of your work is paying off. There’s not necessarily a single or simple answer. So the trick is understanding the need and the reason and the why behind that need, understanding what the roadblock is and then alleviating that and that’s different for different people, some people that might be a technology use equal issue and other people that might be not understanding the need or the reward behind doing it

[00:29:49.06] spk_0:
well

[00:30:16.31] spk_1:
so well said and you know when you hear a non to talk, you can just imagine the power of having a colleague like that who’s just sort of a heat seeking missile for problem solving and knocking knocking hurdles out of people’s way. It’s completely flips the sort of traditional dynamic that you have for technology which is if you got a problem submit a ticket and we’ll get to it when we can, you know, that’s like the opposite of what anna and her team are doing. They’re out there being like tony your we you know, you’re out there trying to fundraise for us. We want you to succeed your our colleague, your ally. Like how can we help you do that better? And what you find is that once people realize they have that kind of a team on board, those sort of that kind of allies in place. The ideas just come fast and furious and then the R. O. I. Just sort of spikes where all of a sudden everybody is more powerful and more effective with the hours in their day, the R. O. I. And it’s just unbelievable. But it starts with that upfront investment

[00:30:48.00] spk_0:
see all right, continue us on the road map.

[00:31:53.81] spk_1:
Well yeah, we’ve been getting a lot of this. So we differentiate those areas of technology, you build this team, a technology accelerator team or a digital product team like talked about and then it’s all about hiring the right kinds of people which we’ve talked about that sort of strategic stewardship level layer and then one thing we didn’t talk about is insourcing and outsourcing the right things. I did mention this idea that you don’t want to generally in source uh development, you want to hire, you want to work with external partners. Actually, the last step of our road map, we call make magic with external partners. And even though that’s sort of flowery language, we chose that on purpose because when you have the right dynamic, you have, you know, sort of a superhero internally, like Ananda working with a really skilled external developer or external firm giving sort of depth of strategic and technical expertise. Well that will take us on a certain, you know, certain type of work that they’re doing, but also for their, for their web work. They working with a terrific web firm and for their Crm work, they’re working with a terrific crm firm and not just, you know, the traditional thing is just handing the work out to somebody and then they do whatever they do and they deliver it and good luck. And on day one, you know, you figure out whether you can use it or not, it’s the opposite of that. It’s, it’s very much an ongoing partnership, just probably not to talk about this because that’s where you see a lot of the power, it’s not about building a team internally, that’s going to do everything, It’s about building a team that’s going to steward it, figure out who are the right players that you need on the field.

[00:33:53.49] spk_2:
Yeah, I think often like this part of what the roadmap that we talk about can be very surprising to folks, especially if you’re saying like, hey build a technology team and the first thing is maybe not to hire like an extra under the hood. Super incredible. 10 times certified developer. Um that’s not what we would look for as the first hire doesn’t mean you’re not going to grow and expand into meeting that kind of expertise within your org um but for me, technical knowledge is one of the easiest things to learn and like SaM said the contract for so yeah, what we want to ensure we’re not doing is outsourcing the brains because if you do that then you really risk making bad investments and bad prioritization so you might be doing the wrong work or not actually getting at the root of what’s needed because truly like no one has better knowledge of the needs and nuances and changes of your organization than someone internally. So you need someone internally who is truly tasked with owning and stewarding, you know, the strategy, technical work and investments for your platform. The way that we do that is like, you know, we do all of our own admin work inside and then we have a phenomenal partner for our sales force team that if we need any coding or high level development, there’s not enough of that work for us to need to staff a full time position, but we have a great partner that we can outsource that work to um but again, like sam saying it’s not just an outsourcing, we don’t have a partner that’s just an order taker. They’re not just like, yes, we’ll do it. They really come to the table and we expect and ask of them to bring their wisdom and their critical thinking and their partnership so that they up our game, so they’re just not execute ear’s, they’re actually asking questions and giving advice about how we’re investing in our technology as well. So we get an additional phenomenal external partner on our

[00:34:18.62] spk_0:
work. And I can see why you said earlier that you’re constantly making the case for a particular technology investment, you know, what’s the, what’s the return gonna be, how is this gonna improve our efficiency? You know, I can see how your regularly making this case these cases all

[00:34:47.30] spk_2:
the time. Yeah. You know, and we started with moving the air, creating a Crm team internally and advocating for this type of investment on crm structuring the team in this way, finding the external partners in, you know, replacing old platforms that were not performing well with newer technology. Um, and then a few years down the road, you know, went back to chris and SAm, I think our executive director went back and said, hey, we’re experiencing a lot of pain on the web, like what’s going on over here, and they’re like, it’s the same issue you’ve got to treat and staff your web technology like you have crm. So we’ve brought web into the fold and made the same kind of advocacy and same kind of investment for internal staffing, Internal stewardship and external partners.

[00:36:03.20] spk_1:
Yeah. And you know, Tony. I think you see the same sort of like when there’s pain, there’s turf penis because people are just fighting to get the basics of what they need to do their work. So they say, no, this is ours, we’re gonna hold on to this is, you know, I had to go build a new web site. So I’m gonna hold onto this with everything I got, once you have a team like Ananda hired this amazing uh, product manager for web jesse jones. Once Jessie’s in there, people are only too happy to sort of let go of control because they know that she is gonna look out for their needs and do it 10 times better than they could have done it themselves. And meanwhile they get to do their fundraising or communications or program work and focus on that. So it’s just this process of getting everybody optimized onto the skills that they are best suited for and the things they love to wake up in the morning and geek out on, you know, what better option is there, that one, you’ve got the tools all that, that you need and two, you get to do the work, you’re excited about with them. It’s, you know, a lot of it is common sense, but it’s about bringing the right types of people in

[00:36:28.82] spk_0:
ananda? What have we not talked about yet that you want folks to know about this the process or the investment maybe questions that came during your session that you think are were valuable.

[00:36:33.03] spk_2:
Yeah let’s see what have we not covered yet. We’ve covered a lot.

[00:36:38.04] spk_0:
Well non profit radio is a comprehensive podcast. I hope I hope you’re not surprised by that.

[00:36:43.06] spk_2:
I expected nothing less.

[00:36:44.64] spk_0:
Thank you very much. Thank you that’s the validation I’m looking for. Thank

[00:36:48.60] spk_1:
you very

[00:36:49.47] spk_0:
important to me it’s very important

[00:37:59.95] spk_2:
um I would just say I think the only other thing that um I have discovered in my work here that um is important is often people can start conflating um digital product team members with more like traditional I. T. And so one of the things that has become important about my role is really protecting my team’s time in their remit so often you know when you put these really ally oriented folks onto your staff and they start fixing all of these pain points or debacles and make things run smoothly and get improved and partner with your gold team members, your content members. Um you can start to develop a reputation as almost like a fixer and so one of the things is then all of a sudden you’re getting all kinds of questions like hey can you fix this printer, can you work on my computer, Can you do this? So I think you know we touched on it earlier about the three different areas of technology but really keeping that distinction and not letting you know I. T. And digital products kind of become one in people’s minds because then all of a sudden you have folks who re we have the potential to be force multipliers for your organization whose time ends up getting eaten up by you know fixing that are important but they’re not really what the remit of this

[00:38:14.17] spk_0:
exactly

[00:38:24.51] spk_2:
which is so important if you need to print that’s important to your job. But that’s not a force multiplication for the productive nous. And the mission of your organization said it’s a different skill set and they should be treated and maintained separately.

[00:38:34.04] spk_0:
Sam same question for you. Anything you’d like to uh I’d like to add that we haven’t talked about yet.

[00:39:26.23] spk_1:
No it indeed it has been very comprehensive and I appreciate the time to talk about it. I guess I would just say um that the the this path is very possible. Organizations can make this transition and like we say it there’s no shortcut you have to put in the time to focus on the resources you have to care enough uh to really invest and to invest in all those ways but you can walk down this path that’s why we’ve tried to share these resources as as openly as we have. It’s all there like the bill tank dot com slash roadmap you can read through it. Um it’s just about the sort of common sense of things are not going to be great unless you have great people stewarding them, just like every area of your organization. So I guess the thing I want to, I just want to offer some hope to people who are struggling under the burden of systems that hold them back instead of supercharge them that it is possible, you know, it’s not possible without investment but with the right investment in the right structures it is possible that everybody has the tools they need to work more effectively to be more happy at their work, to be more effective at the end of the day and to have more impact

[00:39:46.44] spk_0:
and you’ll find the resource at the build tank dot com slash resource map source roadmap of course that’s roadmap. The build tank build tank dot com slash

[00:39:58.45] spk_1:
roadmap which

[00:40:00.13] spk_0:
is the roadmap to better technology tomorrow for our happy homemakers

[00:40:04.77] spk_1:
19

[00:40:11.24] spk_0:
50s. Alright, that’s Sam Dorman, he’s co founder at the build tank and also Ananda robi, managing Director of digital Products at Center for Action and Contemplation. Ananda SAm thank you very very much for sharing. Thanks

[00:40:22.10] spk_1:
tony

[00:40:24.06] spk_2:
pleasure,

[00:41:45.33] spk_0:
thank you and thank you listeners for being with tony-martignetti non profit radio coverage of 22 N. T. C. Next week. We now return to our regularly scheduled non 22 N. T. C. Programming principles of sustained fundraising with larry johnson. If you missed any part of this week’s show, I Beseech you find it at tony-martignetti dot com. We’re sponsored by turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot C o and by fourth dimension technologies Yes, I Tion for in a box, the affordable tech solution for non profits but also get the free offer, the listener offer all of its at tony-dot-M.A.-slash-Pursuant four D. You know, just like three D. But they go one dimension deeper. Our creative producer is Claire Meyerhoff shows, social media is by Susan Chavez. Marc Silverman is our web guy and this music is by scott stein, thank you for that. Affirmation Scottie with me next week for nonprofit radio big non profit ideas for the other 95% go out and be great

Nonprofit Radio for January 17, 2022: Legal Outlook For 2022

Gene Takagi: Legal Outlook For 2022

Gene Takagi

Gene Takagi returns for a mix of checklist items and emerging trends. It’s a good time to look big picture at your HR investments, corporate docs and financials. Also, what to look out for in crowdfunding, donor disclosure, data protection, and more. Gene is principal of the Nonprofit & Exempt Organizations Law Group (NEO) and our legal contributor.

 

Listen to the podcast

Get Nonprofit Radio insider alerts!

 

Apple Podcast button

 

 

 

I love our sponsor!

Turn Two Communications: PR and content for nonprofits. Your story is our mission.

 

We’re the #1 Podcast for Nonprofits, With 13,000+ Weekly Listeners

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.

View Full Transcript
Transcript for 574_tony_martignetti_nonprofit_radio_20220117.mp3

Processed on: 2022-01-17T01:38:56.677Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2022…01…574_tony_martignetti_nonprofit_radio_20220117.mp3.559147057.json
Path to text: transcripts/2022/01/574_tony_martignetti_nonprofit_radio_20220117.txt

[00:02:10.34] spk_0:
Hello and welcome to Tony-Martignetti non profit radio big nonprofit ideas for the other 95%. I’m your aptly named host of your favorite abdominal podcast. Oh, I’m glad you’re with me. I’d bear the pain of proto psychosis if you infected me with the idea that you missed this week’s show Legal Outlook for 2022, Gene Takagi returns for a mix of checklist items and emerging trends. It’s a good time to look at big picture items like your HR investments, corporate docs and financials also though what to look out for in crowdfunding donor disclosure, data protection and more, jean is principal of the nonprofit and exempt organizations law group Neo and our legal contributor On Tony’s take two 50% off planned giving accelerator. We’re sponsored by turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot c o. It’s always my pleasure to welcome back Gene Takagi to the show. You know who he is. It’s almost it’s almost superfluous for me for me to do the intro. But but jeanne deserves it. He’s well credentialed and I want to make sure that he gets his due introduction. Gene Takagi are legal contributor and managing attorney of Neo, the nonprofit and exempt organizations law group in saN Francisco. He edits that wildly popular nonprofit law blog dot com, which you should be following and he is a part time lecturer at Columbia University. The firm is at neo law group dot com and he’s at jeanne, Welcome back.

[00:02:11.94] spk_1:
Great to be back. tony how are you?

[00:02:13.98] spk_0:
It’s always a pleasure. Thank you. I’m well happy New Year.

[00:02:17.99] spk_1:
Happy New Year.

[00:03:05.74] spk_0:
Thank you. And let’s, so let’s let’s talk about the new year. Um and just before we do I want to remind folks that not too long ago we have genes one, our legal audit which you might want to look back at. That was a sort of a condensed version of some of what we’re gonna talk about today. Although we have lots of new subjects to talk about today too. But there was the one our legal audit and also with jean recently Risk management Part one and then a different show. Risk Management Part two. So those are resources that you can look back at just from a couple of months ago and we’ll go into and and those go into more detail on some of what we’re gonna talk about today jean. Uh where would you like to start for the new year, throw it open, throw it, I throw it open to you. What would you like to start with?

[00:03:58.64] spk_1:
So it does seem like kind of this chance that restarting, getting reenergized and thinking about our organizations and where we wanted to go. Um Yes, we have to keep in mind some of those um risks that we talked about in previous shows but we also have to think about kind of where we want to go. What of our, what our dreams are um what our vision is for the organization? Had we properly captured it? Um, what is our mission? Is that sort of properly captured? Is everything because our environment seems to be changing week by week. It seems to be new stuff that comes up that we have to consider. Are we still on track with where we want to go? So having these sort of broader discussions. I like sending those organizational priorities for the new year.

[00:04:06.64] spk_0:
Okay. Okay. Um, what would you, what what priority would you like to start with?

[00:06:07.94] spk_1:
Sure. So, um, being the lawyer, I say, okay, let’s talk about legal compliance just to make sure we’ve got some systems in place, mission and values, which we’ve frequently emphasized them when we’ve had discussions about not just existing to further your mission, but to do it in a way that advances your values and if equity and inclusion of part of those values, then, you know, that’s something you should be thinking about as well, definitely considering some of the trends that are out there. And I know we’ll get into that a little bit later in the show, but also including kind of the times that we’re we live in and acknowledging that yes, we’re under the impact of Covid, which seems to be shifting constantly in both how it’s affecting us and how we might need to respond to it. The great resignation, which certainly isn’t completely unrelated to the Covid, but that is a huge trend and movement as we’re trying to figure out how do we keep our workers, are we burning them out? The mental health issues that are, you know, hitting pretty much all of us, um, from the isolation, remote, working from the uncertainties of health, from sick family members and loved ones and all of that and saying, well, are we going to be able to keep our team together? Should we be keeping our team together the way we’re working now? Do we need to shift our work practices? Do we need to shift what type of benefits for giving to them? All of those things have got to be sort of raised? And I would say raise at the board level, you know, together with the executives and senior management team. Let’s talk about it. Let’s brainstorm think about this and get what our organizational priorities are this year, because things can change rapidly and rapid change if you don’t have any plans um, to anticipate some of them don’t have contingency plans can force you into very, very stressful times where immediate actions are necessary and you can sometimes make bad decisions if you’re under that type of time stress. So

[00:06:18.63] spk_0:
then it because then it becomes a crisis

[00:06:20.30] spk_1:
right? Exactly.

[00:06:48.64] spk_0:
And and a crisis in staffing, especially knowing how hard it is to hire folks now, you know, you talked about, you know, keeping the team together or should we keep should we keep the team together? But, you know, I’m sure you’re seeing it with your clients. The difficulty in hiring, you know, you want to, that, that, that’s a, that’s a huge factor in, you know, do we have the right team? Well, putting the right team together, it’s gonna take a lot longer than it used to?

[00:08:01.94] spk_1:
Yeah, absolutely. And if you’re talking about retention, you got to figure out what are you going to invest in this? I know you want to, you know, provide as much as you can to your beneficiaries. But if you’re not really considering the team of people in, you know, on your team that are providing those services that are supporting those services, the whole thing can collapse. So just remember where your infrastructure and when your groundwork is and how important the human resources are in your organization to being able to deliver services and provide goods for your charitable missions. So really important not to neglect that. And that requires an investment both on retention and if you aren’t able to retain everybody and you need to recruit, you’re gonna have to be able to show what you’re going to invest in those new employees and give them time to learn. You can’t expect them to perform like experience people have, um, in the past. So it’s, you know, some patients, um, and definitely investment in education and training and orientation, um, and all the rest and again, um, to the extent that your executive is probably also overwhelmed with everything else going on. The board is really pivotal in trying to be able to come up with plans that help invest in their teams.

[00:08:10.44] spk_0:
This goes to legal audit the conversation we had a few months ago. You’d like to see a review of governing documents to.

[00:09:31.74] spk_1:
Yeah, I I always think that that’s a great thing to check out in the new year. Just even if you have somebody, you know, a higher up kind of a board member or where your executive or senior manager take a look At your articles and bylaws, even spending 30 minutes on it and saying is our mission really reflected in these documents or have we evolved into something else? And these documents are like stale and old and outdated now in that case those documents still rule. So if you have the I. R. S. Or a state regulator coming in audit you, if you’re not performing within that mission statement in your articles and bylaws, you could be acting completely out of compliance and worst case scenario, you can really threaten the organization through penalties, etcetera. So that’s something to take a look at. Also just take a look at a lot of organizations. I find out their their boards, they’re like, oh, you know, we forgot to elect them. You know, we, we, you know, we’ve had terms, you know of two years but they’ve been on for like 10 years and we’re happy with them. So we just don’t do elections that can be really, really harmful as well for multiple reasons. But you know, sit back, see what you’re doing and what you’re not doing consistent with your articles and bylaws. And if you need to change things determine that you have to change. And if you need the help of a lawyer, try to find somebody that can help you with that. And there are some good resources on the web as well.

[00:09:48.64] spk_0:
What’s, what’s one of the good resources?

[00:10:15.04] spk_1:
A little bit of a self plug because I’m a board member, but board source has excellent resources on board of directors, governance things of that nature. Stanford University also has excellent resources in terms of sort of template documents that are just a guide for nonprofits. It’s not one size fits all, but it just gives you a general idea about how some things operate. Um, so those are just too good resources to look at.

[00:10:18.35] spk_0:
And, and again, we, we talked about this extensively in the show called your one

[00:10:24.34] spk_1:
hour legal audit.

[00:10:30.14] spk_0:
You have some last one. You have some financial performance advice for the new year.

[00:13:04.74] spk_1:
Yeah. Well I think probably, um, most people take a look at their financials throughout the year on the board level and on the executive level. Um, but the new year, you’ve actually sort of completed your financials and they might not be, um, in final form yet, but you might have what some people call it pro form, a set of financials, um, sort of close to final, where you get to assess what you’ve done in the year, you know, for, for most organizations, this goes without saying, but you want to make sure that you’re performing in a way that you’re not becoming insolvent. So you want to make sure what your balance sheet looks like and whether you have net assets, um, if you don’t have net assets, that means that you are either insolvent or, you know, in the zone of insolvency, you have to think about how you’re going to address that very serious issue. And I would say you don’t have internal expertise on dealing with it, get outside help right away if that’s the case. But your, your statement of revenues and expenses as well, are you sort of operating what people call in the black so that there is, you know, some net income in there or are you operating in the red where you’re very concerned because you’re losing money, timing is always important. So it’s misleading to look at one year in isolation because sometimes grants are given in one year, but they’re actually uh received in another year. So the timing issue can pose different challenges about reading financials. So you want to be able to read it sort of collectively through a multi year period just to know where you stand. And again, if board members aren’t able to help an executive and the executive feels like they need some help with understanding financials, to reading financials invest in everybody’s training in this area and there are a lot of people, even pro bono, that, that are offering this training pro bono and a lot of resources on the web. So make sure you understand your financials and what they’re indicating. You don’t need to know every single financial ratio that you know, business people use, but just generally no. Are you healthy financially or are you trending bad? And if you have several years where you’re in the red, where you, where you’re not making money, it looks like you’re bleeding money, then that might be indicative of some change that’s necessary in order to make your organization sustainable on an ongoing basis. So again, you don’t want to hit crisis mode financially. So this is a good chance, take a look at your financials, not just last year, but over a multiyear period and see where you are, get help if you need it.

[00:15:08.54] spk_0:
We have a show that I replayed, oh, I think within the past six months, uh, the guest was Andy Robinson. So you could go to tony-martignetti dot com and just search his name Andy Robinson, but it was something like teaching your board basic financials and he wrote a book, I’m pretty sure it was published by charity channel, uh, with, with a title similar to that. So if you, and the show is a few years old, but reading financial statements and and balance sheets hasn’t changed much in probably 100 years. Um, so it’s just all in and out now now, it’s all in Excel. But uh, so if you’d like some help with that, there is a, there is a show where Andy Robinson was the guest talking about, you’re improving your boards, financial literacy. It’s time for a break. Turn to communications, your 2022 communications plan. Does it have lots of projects? Lots of writing projects? You can get the biggest projects off your plate and outsource them. Free up staff time to devote to the work that it’s not feasible to have others doing for you. Like the annual report, just because it’s been done in house in the past, doesn’t mean it has to be done in house this year. What about research reports, White papers, your other heavy lift pieces. Do you need help with writing projects in 2022, Turn to communications, your story is their mission turn hyphen two dot c o. Now, back to legal outlook for 2022 with Gene Takagi. Okay, so let’s talk about some trends then, jean, you have a, you have a case we haven’t talked about, we haven’t talked about an actual case for a while. Americans for prosperity.

[00:19:16.54] spk_1:
Yeah. So um that was a huge U. S. Supreme Court case at least huge for the nonprofit sector. Um, but with deeper implications for if I if I’m not over hyping it for democracy itself. So um so americans for prosperity, Foundation versus Banta, who was the California Attorney general basically it was about the schedule be disclosure of donors who donated more than $5000. So for nonprofits who know how to prepare their form 19 nineties, you’ll know that on schedule B of your form 1990. Eur actually disclosing to the I. R. S. It’s not public information. Um But it’s to the I. R. S. The name and address of your donors who donated more than $5000. Now that hasn’t changed, you still have to disclose it to the I. R. S. But certain states, including California where volunteers from as the attorney general um New york I believe New Jersey I believe Hawaii also included Um all asked for a copy of the 990 including an unredacted schedule B to be given to the state regulator because they also want to look at that information for state law compliance purposes. A lot of them are concerned about donors who give money but get something back in return that’s not being disclosed. So if they ever have to have an investigation of that, that information turns out to be very helpful to the state to be able to say ah they were giving money but they also took in this huge benefit, this huge contract for example, which you know, reap them millions of dollars. Um So there was a legal case um that went up through the courts um finally hit the U. S. Supreme Court and the A. G. Lost here, The California G. Um So the court decided and we know the court’s composition is fairly conservative right now. The court decided that uh the states don’t have this right. Um It was based on the fact finding of the lower courts which is a little bit unfortunate because if the higher court could have considered more facts, then it might have been decided a different way but based on kind of how how our legal system works and and and how the Supreme Court works and the composition of the Supreme Court. They held that, hey this is not disclosed able to the states essentially that’s the impact of it. The broader impact on why I said democracy might be uh issue here is because well what about sort of campaign finance disclosures? And what about the I. R. S. Should they be entitled to that information as well? So it’s really helpful in compliance. But the counter argument and why some organizations charities, we’re also um not in favor of the disclosures is because of the protection of the donor. And the old case cited um in this part of the argument was an N double A cp case that said, well, if we disclose our donors, the KKK had threatened to kill all of them. Um And you can see why privacy was important in that issue and this issue, it was nothing like this. I think it’s a Koch brothers, um, kind of funded charity. They wanted really to keep their identity, um, more hidden because they have desires to influence politics in many ways. And if it always gets associated with them, then the impact lessons. So if they can look like they’re ground swells of movements that are funding these things rather than individual donors, um, it looks better for for what they’re trying to do. So that’s, you know, that’s what’s at stake here is not only are the state’s not allowed to get this information that would really help them in state law enforcement of whether there’s diversion of charitable assets that benefit

[00:19:29.74] spk_0:
donors. But

[00:19:30.15] spk_1:
in the broader sense, are we going to allow more dark money to enter into our political systems without knowing that there are donors, heavy donors that back these, you know, politicians or political parties or political movements. So that’s the scary part about this decision.

[00:19:57.94] spk_0:
What’s the, I think infamous Supreme Court case that that allowed the allowed the dark money into, uh, into politics. United

[00:20:02.73] spk_1:
Citizens. United

[00:20:27.54] spk_0:
United. Yeah. Um, All right. All right. And so I just want to repeat this. So this case that Gene was just talking about is americans for prosperity Foundation V. Banta B. O. N. T. A. What about crowdfunding you, you point out that there’s a new crowdfunding law. Hope is this a little more optimistic? I hope?

[00:21:22.54] spk_1:
Uh, well, depending upon how you look at it. And I think in one sense it’s inevitable. Um, a lot of our laws that are developed regarding fundraising, um, don’t even, and never anticipated the internet, right, johnny. So, uh, you know, now crowdfunding platform is, you know, not just the internet, the use of the internet, but it’s a lot of different for profit companies getting involved, um, to enable charities and organizations and people who are not charities to raise funds that look like they could be for charitable purposes, Right? So you want to help victims of a fire, but you want to help them directly, because some individuals said, I want to start a Go fund Me campaign, right? And say, well, you know, chip in 50 bucks and let’s try to get these people some help doesn’t, that doesn’t go through a charity. Often it just goes to this person, right, who promises to give these other people money

[00:21:35.90] spk_0:
and go funding the person’s goodwill. Honestly, yeah,

[00:21:58.14] spk_1:
Go fund Me is, you know, reacted to this and they’re probably the biggest crowdfunding platforms. So they’ve reacted to this in terms of having their own internal policies to help prevent a check. But overall, there’s, you know, hundreds, if not thousands of crowdfunding platforms out there that do this to make a profit. Um, and they may not have those types of controls or checks to not to just, you know, prevent somebody from saying, let’s raise money to help fire victims and then just keeping it. Um, so,

[00:22:11.97] spk_0:
what, what, what is the import of the law for, for us?

[00:23:21.34] spk_1:
So I think the import of the law is, if you’re going to get on and decide, hey, we want to do crowdfunding, um, you’ve got to select your platform provider carefully and this law, which is in California, but is likely to spread across different states in various forms, says, well now, if you’re gonna do that, you’ve got to make sure that this crowdfunding platform is registered. Um, and they’re reporting and there are all sorts of rules involved. So if you have a contract with them, it should be subject to these rules that might say things like, well, if they collect money, they have to give the money to the charity within a certain time period. Right? So they couldn’t say, well, it takes this administration, so maybe a couple of years before you get that, you know, nobody’s gonna be happy with that, but without rules, why not? Um, so these are, this is why it’s important for charities to have rules. The actual details of the rules. So I can see why some people have some, some issue with them. And we haven’t had all of the regulations yet, they’re still in discussion. So this is very, Still very trending, but the crowdfunding law, the law, the general law that’s in place now will become effective in California in 2023, and the regulations are being developed right now,

[00:23:58.04] spk_0:
let’s turn to remote work, which is obviously so much more common now. Hybrid work, you know, return to work dates are being pushed off and off. Um What what are what are what are what trends are you seeing? What should be on, will you be on the lookout for with respect to uh remote work and employment law issues?

[00:25:10.84] spk_1:
Yeah, it’s, you know, this is a really tricky area. Um you know, for sure, Covid where people were suddenly not permitted to to go indoors in some cases for months. Um and who knows if, you know, we’re going to return to some of those scenarios with the omicron variant out there, We’re hoping that it’s less um severe in terms of its impact, even if it might be a more transmissible, but if we if we keep worrying about this and saying, you know, our workers aren’t comfortable coming to work, even if the law allows them to come to work. Um Maybe we’re going to let people work remotely, and many of us have gone full remote, some of us have gone back to partial returns, some have gone back to full returns and then gone back, you know out the other way and said, okay, you know, it’s at the workers discretion whether they want to come in or not. So what makes us a little bit tricky. Um is that you don’t control the work environment as the employer, if they’re working at home, right? Um but that becomes the work environment, if they’re doing work from home, that’s their work environment, and, you know, the employer is responsible for the work environment if they should get hurt, for example,

[00:25:22.94] spk_0:
um

[00:26:56.24] spk_1:
So it becomes a little bit tricky about, well, how do you, how do you handle that for workers comp reasons, for safety reasons, for OSHA reasons? Um and I think there’s an understanding by regulators that, you know, this is out of control of most small businesses, small charities and, you know, to to that extent, we’re not really gonna look to enforce things on that level, but there are other things that, that are also concerning, because not everybody goes when, when they decide to work remote, we work in the same city or in the same state, right. A lot of us um have decided to, you know, maybe move back with family, which might be in another state. In some cases it could be another country, or some of us have decided to travel and spend a little bit of time, you know, in different places. Um So how does allow treat that? And basically, you know, the old rules, which are the rules, many of us are stuck with. Um the old rules are, well, you have to comply with the laws where the worker is doing the work, so if you have a worker in new york who’s now working remotely and came out to florida, well, then all the employment rules regarding worker safety and wage and hour laws and salary, overtime, sick pay benefits, all the florida laws apply to that worker now. Um, and so now it’s like, well, you’ve got to work in florida, you’ve got to think about, are you qualified to do business in

[00:27:00.21] spk_0:
florida,

[00:27:36.94] spk_1:
charity registration in florida? Um, and you may have had no connection to florida before, but all of a sudden you have a worker working there. Um, so a few states, um, and they’re not very many, but a few states that said, well, you know, during covid, we’ve got these temporary rules where we’re relaxed, where you don’t have to do that. And there’s also state tax issues, right? State payroll taxes, and, and other times, all of those things, some states said, you don’t have to worry about it. A lot of organizations are simply not complying with, But,

[00:27:37.49] spk_0:
but you said it’s only a handful of states that said, we’re we’re we’re not enforcing

[00:27:42.14] spk_1:
right. Exactly.

[00:27:43.33] spk_0:
The majority of

[00:29:01.34] spk_1:
states are, Yeah, well, I shouldn’t say they’re enforcing, but they haven’t the old laws or the existing laws still apply. There are no transition laws, so you’re out of compliance. And if they do enforce, which might not be like a, you know, a regulator coming out to you and saying you haven’t done this, it may be your employee is unhappy with something you’ve done, who’s working there and said, hey florida law applies and you haven’t been complying with the florida sort of benefits laws that, that apply. And maybe I could give you more specific example because san Francisco, if you came out to California, your remote employee came out to California, san Francisco has mandatory six hours and not a lot, a lot of states don’t have sick our pay. Um, but all of a sudden if you’re not paying them and they get wind of that, hey, you were supposed to pay me for this and you haven’t been, it’s the employee who could launch the complaint. Um, so it’s just to be careful of these things and, and just as your strategy for charity registration, tony when you’re sort of fundraising all over the country to, to, you’re not going to be able to maybe do all 50 states at once, but just to make sure you’ve got a plan to attack this kind of the same thing here. Um, check out where your employees are, you should know exactly where they are and check each state in terms of how strictly, maybe in terms of enforcing this and start to slowly comply

[00:30:12.74] spk_0:
the implications of state law. Yeah. What about the technology remote work? I don’t know if that’s all been figured out yet and maybe there were, maybe there were stopgap measures during the, during the, the darkest part of the pandemic, but but going forward, you know, tech technology has to be, has to be upgraded. You know, are we gonna, we’re gonna continue providing work phones? Are we going to provide work laptops? What about paying for internet access over the long term? I mean, you know, the internet access can be costly. And if if work is taking up a lot of the bandwidth, isn’t it appropriate for an employer to be paying a portion? And then how do then how does the, how does the, what’s the mechanism for the employee verifying how much they pay and you know, and then what percentage are we gonna cover of that, all the all the technology issues around, around remote work.

[00:30:58.44] spk_1:
Yeah, def definitely. And and as an as an employer, I would say, beyond sort of any legal compliance issues, um, you’ve got a, I think an ethical issue to make sure you’re providing your employees with the tools to do their job. And if you’re allowing remote work, you should make sure that they have the tools. So if they need a computer to be able to access it, so they’re not, they’re not using their personal computer. Um then you should make sure that happens same thing with the telephone. And if, you know, if those are going to be dedicated to work, um it should be explicitly written out that way. But if you force them to use their personal things, there are some states that actually do have laws that say you must reimburse your your employees if they’re using the tools that they need um for for remote work, but just ethically. Yeah.

[00:31:18.74] spk_0:
But then that’s then that raises security issues too. Absolutely. They have any kind of HIPPA protected information on their personal laptop. That’s gonna be a big problem. That that’s I think that’s probably a mistake if you’re dealing with that kind of data. But um

[00:32:01.74] spk_1:
and don’t we probably all have that type of stuff on our personal computers, right? You know, sort of HIPPA protected? We may have had emails like that are saved onto our computers. Um Right. So if if the computer is also being used for work and there’s a work issue that causes that data to be taken or corrupted, like, you know, what’s the employer’s responsibility if they hadn’t provided an alternative, it’s a great point

[00:32:50.94] spk_0:
and and it’s not only hip hop data, but other other personalized data that that maybe on now the personals, the employee’s personal computer, desktop or laptop or phone, you know, how is that? How is that private private data protected? Do they have malware prevention on their on their personal devices so that so that company emails that they’re that they’re using on their personal device aren’t potentially compromised. I mean, the use of the personal equipment raises a lot of technology and and Legal privacy and ethical issues to your right. I mean, if the person is eight or 10 hours a day, they’re using their personal laptop, shouldn’t there be some compensation for that?

[00:34:46.94] spk_1:
Yeah. And I think minimally because no matter you know how much we encourage people to have sort of work dedicated computers provided by the workplace, people are going to use their personal phones. I mean we can go back to the politicians who have all been using their personal funds. So we know it happens regardless of what the best practices. But what can the employer do, they can pay for all of that data protection stuff that that computer should have. Right, tony because now it has much more sensitive information on there and the employer is partly responsible for some of the other information that could be on there and hack. So yeah, employers should help. And that kind of leads us to the whole data security issue as well that everybody’s got to be paying attention to now is really um nonprofits have important data in their system. Some of it is, you know, hipaa protected some of it is other privacy information. You may have employment reviews on there that you don’t want going out into the real world or client, you know, feedback which might be positive. Some of it might be negative sensitive communications, all sorts of stuff that you might find on a work computer and if it gets hacked and if that data gets stolen or if somebody holds the system which might run your programs or aspects of your programs if they cause your system to crash and say that they will only sort of fix it because they’ve hacked and caused the crash. If you pay a ransom, you’ve got all sorts of problems. Uh and maybe some of that may have been mitigated with some basic steps like you mean you’re not going to be, well even the U. S. Government can’t prevent all hackers. I think we we know that, but you can take reasonable steps based on your budget, whatever that might be to to control some of this. So it really is important to have some safeguards.

[00:34:55.74] spk_0:
Another potential category of data is the G. D. P. R. Data. If if if your nonprofit is implicated at all in in that european common law law then or the yeah then then you’ve got those concerns as well.

[00:35:08.94] spk_1:
Yeah, absolutely. So if you have european donors or you’re doing business with any european entities and you have data from those entities or persons be careful and again, remote working can trigger some of that. So if if they decided to, you know their home or or they want to travel to europe and do their work from there.

[00:35:28.74] spk_0:
Um,

[00:35:29.74] spk_1:
all sorts of implications.

[00:37:44.03] spk_0:
Yeah. Absolutely right. People very good point where where people are sitting and where they’re planted when they’re working, It’s time for Tony Take two We’ve got 50% off the tuition for planned giving accelerator. That’s because just last week A donor stepped up someone who believes very deeply in planned giving accelerator and he is offering to pay 50% of the tuition For the 1st 10 nonprofits that take him up on his offer. A couple have already done it as of the time I’m recording, but there are several spots left. So if you’ve been toying with the idea of planned giving accelerator, it’s never going to be cheaper than 50% off. What the way this will work is. You’ll pay the tuition in full, which is $1195 for the six month course. This donor will then make a gift to you of half of that. So you’ll have a new donor, he’ll pay half your tuition. So it ends up being 50% off the full tuition cost. I know the donor, it’s someone I trust you have my word. Your final cost will be half of the full tuition if you’d like to jump on this and be one of the members of what is now our february class. I want to give people enough time for this because it, it just came in last week. So I’m extending, we’re, we’re not gonna start the class until february if you’d like to be part of that february class At 50% off email and we’ll, we’ll talk about planned giving accelerator and whether it can help you launch your planned giving program. Mhm. tony at tony-martignetti dot com. That’s me. That is Tony’s take two, We’ve got boo koo but loads more time for legal outlook for 2022

[00:38:01.22] spk_1:
one and one of the tools to think about and I’m a little bit guilty of this as well um is be careful of public wifi um because that often is an entryway for a

[00:38:03.83] spk_0:
hacker. Yeah, that’s totally unsecured airports, airplanes,

[00:38:09.89] spk_1:
coffee shops,

[00:38:13.42] spk_0:
coffee shops, Starbucks, wherever those are, all unsecured networks.

[00:38:29.32] spk_1:
Right? Meaning that there is the potential for somebody in there who has some malicious intent if they want to be able to hack into to your computer through that public wifi. Unsecured wifi. And there are different systems um but maybe one of the simplest for for those of us who have smartphones, which I think is most of us is you could actually create a sort of a private wifi just

[00:38:52.92] spk_0:
for your smartphone, right? Hotspot? Hotspot and don’t use the unsecured wifi to connect to, you know, use the uh the four G or five G or the five GHZ et cetera.

[00:38:56.17] spk_1:
Right? And that’s something an employer could pay to make sure that the employee has significant data and data plan that can incorporate all the additional data that they may need in their plan because of the work. So again, that would be reasonable and and ethical for the nonprofit employer to pay for their employees to have a higher data plan. Um, if they’re going to to use that and insist as a policy that they do not use public wifi. If they’re using a work computer or a computer that contains work and sensitive information,

[00:39:36.52] spk_0:
all you need is to transmit an email on, on an unsecured wifi that that has a donors credit card number, maybe

[00:39:38.77] spk_1:
native

[00:39:58.12] spk_0:
birth address, name any, any two of those things together, uh, hacked could be very detrimental to that donor. And you know, whether it ever gets traced back to you is is uncertain, but you’ve, you’ve put your donors privacy at risk in a simple email that has any two of those pieces of information.

[00:40:04.31] spk_1:
And it appears to be a myth, um, when people have relied on, they’re not going to go after us because we’re nonprofits, people don’t go

[00:40:12.29] spk_0:
after. Oh, that’s bullshit. Oh, that’s ridiculous.

[00:40:14.57] spk_1:
Right?

[00:40:22.61] spk_0:
I’m working with a client now that, that is a, is in new york city that’s, that’s, um, victim of, of a malware, uh, ransomware, so brought me a ransomware attack.

[00:40:27.61] spk_1:
Yeah.

[00:40:40.41] spk_0:
And they’re keeping it quiet so I’m not permitted to say who it is. But um, yeah, they’ve, they’ve been, they’ve been hindered for weeks and weeks with data accessibility issues.

[00:40:42.71] spk_1:
Yeah. And it’s much more common than we think because organizations do want to keep it quiet because if there is a vulnerability, they don’t want to come and say other hackers come come and attack us, we’re vulnerable. So it may be much more pervasive than we think

[00:40:57.61] spk_0:
and that myth also breaks down along ideological

[00:41:00.04] spk_1:
lines.

[00:41:21.61] spk_0:
Some some person on the left may may attack an organization on the right. Some person on the right may attack an organization on the left just because of where the organization stands with respect to the person’s political and ideological beliefs that that that’s enough. It doesn’t matter that you’re a nonprofit. It’s it’s your ideology and your mission. It has nothing to do with your tax exempt status as to why somebody would or wouldn’t go after you.

[00:41:28.41] spk_1:
Yeah and um in these times that those ideological differences have been very um pronounced and. Yeah.

[00:41:41.11] spk_0:
Alright where else should we go? Gene with trends, trends for the new year. Come on.

[00:44:24.69] spk_1:
Um Let’s talk a little bit since we’re talking about technology and data security. Let’s talk a little bit about crypto currency because I find that pretty fascinating. Um There was an organization that came together and bid $40 million on a copy of the U. S. Constitution just a few weeks ago. Um That money the $40 million plus more I think about 47 or $48 million was raised for that purpose in less than two weeks. Um So um Cryptocurrency donors um often have made a ton of money because of the appreciation of cryptocurrencies like. Bitcoin for for those who aren’t super familiar with it. Um And if you donate Cryptocurrency, it’s like donating a non cash asset, meaning that if You bought crypto currency for $1,000 10 years ago and it’s worth now several million dollars, which if you bought the red Cryptocurrency, that might be the case if you sold it, uh you would have a lot of taxes to pay on that appreciation right? The several million dollars of appreciated income that would be subject to capital gains tax. Um So if you sold it and donated some of the proceeds, that would not be a very tax efficient way to donate. When if you donated the Cryptocurrency itself, what you do is you get to take a fair market value deduction of the several million dollars. So you gave several million. So potentially you could deduct that is a charitable contribution and pay no capital gains tax because he never sold it. Um So very tax efficient way of giving um And Cryptocurrency people, wealthy millionaires and others who decided that they wanted see some positive impact um from giving these gifts are are making gifts of Cryptocurrency now and that’s that’s partly why I am so many gathered together to say hey we’d like to fund a charity to buy a copy of the U. S. Constitution so that we can ensure that this constitution is always for the public’s benefit and on public viewership and not sitting in somebody’s house, you know for for their own prestige. Um But that really opens it up, cherish. Think about there’s a lot of these people who made quite a bit of money on Cryptocurrency and a lot of younger people are investing barely heavily in Cryptocurrency now. So it’s something to not sort of blow away if we’re um kind of our age or older, tony to say, Cryptocurrency, what is that? It’s it’s something to really embrace now because it’s it’s not just this exotic tool now, it’s part of regular investment portfolios.

[00:45:56.79] spk_0:
Absolutely, it’s it’s it’s coming and and jean this dovetails perfectly with Our November 15 show of 2021 Bitcoin in the future of fundraising with my guests who are an Connolly and Jason shim who wrote a book Bitcoin in the future of fundraising. So, um it’s do you it’s just more, more sage advice that crypto donations are coming. It’s not a matter of if it’s just when are you gonna get on board now or you’re gonna wait two more years and potentially be behind the curve. Um and as an and Jason pointed out today, there are so few organizations accepting crypto that a lot of people are just searching for. Where can I donate? Cryptocurrency and probably largely, Gene for the reasons you’re describing there, They’re looking for a direct crypto donation to help them with substantial capital gains. Are there specific legal implications of crypto donations that that we need to be aware of or or is it just, you know, you just want folks to know that this trend is, it’s in the middle, it’s happening right now.

[00:48:15.97] spk_1:
So I think, you know, one of the reasons why charities are afraid to take Kryptos because they don’t know what laws apply when they receive the crypto. They’re like, what do we do with this? Um, and there are ways to easily cash that out and turn it into us cash. And in fact, most charities that accept crypto and they’re not a lot, you’re right, tony but most carriers that accept them liquidate them immediately turned them into cash and deposited into fiat currency, like regular paper currency, um, in their bank accounts. Um, So they’re not holding onto the crypto very long at all. One of the reasons why that’s, that can be very important is because there are prudent investor rules for charities that don’t apply to for profits that basically say if you’ve got investment assets, charities, this is not just endowments, but just any sort of investment assets for reserves or for a capital fund or anything you can’t invest. It speculatively, you couldn’t just throw it all in like Apple stock, um that would be too speculative. You have to look at it, uh, through what financial professionals, investment professionals called portfolio theory, are you sufficiently um, have an investment portfolio diversified across several different asset classes? So if one bombs, you haven’t tanked all of your money. Um, and the board of directors have a fiduciary duty to live up to the prudent investment laws that also sort of follow this portfolio theory of how how have you actually divest? Sorry? Um diversify Yeah. Um your your funds across different investment classes to protect yourself and there are different considerations that go along with that. Um But that is one reason why you don’t want to get stuck with all of your investments being in crypto because crypto maybe one of the most volatile type of investments where it can double in a matter of days and it could tank and disappear in a matter of days as well. So depending upon what type of Cryptocurrency you have and there are hundreds if not thousands of crypto types of Cryptocurrency um that have evolved in a lot of people and organizations that are making new coins all the time. So new new forms of Cryptocurrency arising and while we talked about crypto as being a part of more investment portfolios as a normal part of of investments. Now it’s not every Cryptocurrency that would be in that it’s certainly one

[00:48:47.07] spk_0:
1000 right? Some of these thousands trade for thousands of pennies, Thousands Yeah thousands of pennies even you know .0001 three zeros and a one is you know is the value of the currency. Um So. Alright that’s perfect as I said, perfect dovetail to that to that uh that november show because you’re you’re raising the prudent investor rule and and uh portfolio theory.

[00:50:07.66] spk_1:
One more thing on this, tony the forms the I. R. S. Forms for when you get Non cash contributions of more than $500. And how quickly you sell them. Um Also applies to form 82 83 is what the donor needs to sign when they give a non cash contribution of over $500 of over $500. And if it’s over $5000 which many crypto gifts are, they have to get a qualified appraisal for this. So that’s really important. And the Dhoni which is the charity has to sign that form for the donor. And then if the donor the Dhoni, I’m sorry the charity sells it within three years, they have to sign a form 80 to 82. Yeah so that’s again it’s not terribly hard. It sounds like a lot of just legalese I’m blabbing out but it’s not too hard but just take a quick look at those. If you decide that you want to start getting Cryptocurrency and at worst you might ask your donor to find a donor advised fund that takes crypto turns it into cash and then disperses it to the charity. So there are donor advised funds that do that

[00:50:15.76] spk_0:
interesting. Okay so so a Cryptocurrency donation is a non cash donation

[00:50:19.90] spk_1:
correct?

[00:50:58.76] spk_0:
Okay and for non cash donations of $500 or more, That’s where your your donor has the implication of i. r. s. Form 82 83. And you as the charity if you sell it within three years which your advice is that they do because it’s of its volatility Then you’ve got the implication of i. r. s. Form 80 – 82. I always thought those were backwards. The donors should have 80 to 82 because that comes first. Then comes 82 83 from the don’t to the Dhoni first the donor has it. Then the charity should be 80 to 82 82 83. But it’s not It’s 82 83 for your donor and 80 – 82 for you.

[00:51:06.16] spk_1:
That sounds like larry david logic. But that’s how I think as well.

[00:51:10.58] spk_0:
Yeah. I’ve been accused of being larry David in lots of ways. Including my my hair when it’s long like it is

[00:51:16.23] spk_1:
now. I’ve

[00:51:33.46] spk_0:
been accused of looking like Larry David. But we’re not complaining, we’re helping. That’s all right. Um Alright let’s leave us with something else. Another trend for the new year that you want us to be thinking about gene. Um

[00:51:36.96] spk_1:
Let me talk a little bit about diversity equity and inclusion. Since we’ve we’ve talked about that in the

[00:51:42.21] spk_0:
past. You could search jean and I have talked about D. I a bunch of times. But

[00:53:46.05] spk_1:
yeah please. You know I think in combination when we talk about the great migration and how the pandemic might be affecting different populations in different ways that we start to think again about kind of? Well if our charity is doing some some mission and we might not think of that mission as being really reflective of of specific races or or anything like that. Um But could D. E. I. B. Important anyway. And I think that’s where we get to think about. Well if we had more perspectives in our organization, if if we’re lacking some of those perspectives now, for example not having a lot of latin thinks Hispanics or blacks or asian americans on the board or in the leadership group, maybe we’re not really thinking about how our services that we’re delivering are affecting different populations differently. Maybe we’re just sort of providing services but we’re focused on urban centers or urban centers where if we’re center based, our center based is in neighborhoods that are much more accessible to uh white populations versus other populations. So getting different perspectives, even if we think of ourselves as being race neutral, which is kind of a charged term. But I’ll just use it for for these purposes. If we think some of us think of ourselves as race neutral and therefore we don’t have to get involved in the D. E. I work. We want to say, well don’t we care about serving our population in a way that’s kind of fair and not just favoring one segment over other segments or just totally neglecting certain segments of the population because they don’t have the same type of access. Have we ever thought about those things and having diversity can help us think about those things. Um, but it has to be done obviously in an inclusive way, which we’ve talked about and I know we just have a few minutes here, but it’s

[00:54:03.34] spk_0:
sort of it’s touching on, you know, not knowing what you don’t know without without having the perspective of diverse populations on your board, in your leadership, then you don’t know how you’re not serving other non white populations. Yeah. And even when we were perceived by other by by non white populations.

[00:55:32.64] spk_1:
Yeah, exactly. And even when we say, well when we look at a group of people and we say diversity, you know, that has one meaning. But sometimes when we just look in our inside our own heads, uh, and when people go unconscious bias, for example, try to think about what that is. It’s like, well if we don’t have the benefit of having different perspectives are being exposed to that all of our lives and none of us have all of the perspectives in our lives. So we were all going to be guilty of some sort of unconscious bias because we just don’t know any better. We we haven’t had other information that would have help develop a sensitivity or understanding or just knowledge of some of the disparities that are out there. So, and and how our organization can be either helping those disparities or hindering them. So just getting a sense of where we’d like to go. I think that can improve employee retention. It can lead us to new areas of employee recruitment and it can make us more relevant as organizations in the future, where if we’re not addressing some of these things, we could find ourselves becoming irrelevant less attractive to future donors, especially younger donors who this is very important to. Um, and so that’s my, my closing thought. Mhm.

[00:55:48.24] spk_0:
All good thoughts for uh, for the new year for 2022, Gene Takagi are legal, legal contributor, Managing attorney of Neo. You’ll find him at nonprofit law blog dot com. He’s also at G attack and you’ll find the firm at neo law group dot com. Gene again, thank you very much. Happy New Year.

[00:55:57.39] spk_1:
Happy New Year. tony

[00:56:47.13] spk_0:
next week. I’m working on it very diligently. If you missed any part of this week’s show, I beseech you find it at tony-martignetti dot com. We’re sponsored by Turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot c o. Do you need help with any of those ready projects in 2022? Get them off your plate. A creative producer is claire Meyerhoff. The shows social media is by Susan Chavez Marc Silverman is our web guy and this music is by scott stein. Mm hmm, thank you for that affirmation scotty Be with me next week for nonprofit radio big nonprofit ideas for the other 95%. Go out and be great.

Nonprofit Radio for January 10, 2022: Nonprofit Software Vulnerability With log4j

My Guest:

Joshua Peskay: Nonprofit Software Vulnerability With log4j

Happy New Year! There’s a software risk gaining attention and there’s a good chance you’ll need help diagnosing and repairing it. You don’t need to horde gas, cash and toilet paper. Just be aware and do the repair. Joshua Peskay, from RoundTable Technology, sorts it out.

 

 

 

 

 

 

 

 

 

Listen to the podcast

Get Nonprofit Radio insider alerts!

 

 

Apple Podcast button

 

 

 

I love our sponsor!

Turn Two Communications: PR and content for nonprofits. Your story is our mission.

 

We’re the #1 Podcast for Nonprofits, With 13,000+ Weekly Listeners

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.
View Full Transcript

Transcript for 573_tony_martignetti_nonprofit_radio_20220110.mp3

Processed on: 2022-01-07T15:56:41.833Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2022…01…573_tony_martignetti_nonprofit_radio_20220110.mp3.687498576.json
Path to text: transcripts/2022/01/573_tony_martignetti_nonprofit_radio_20220110.txt

[00:00:10.04] spk_0:
Hello and welcome to tony-martignetti non profit radio

[00:01:11.84] spk_1:
Big nonprofit ideas for the other 95%. I’m your aptly named host of your favorite abdominal podcast. Oh, I’m glad you’re with me. I’d suffer with Producto Sigmoid itis if you inflamed me with the idea that you missed this week’s show, non profit software vulnerability with log four J Happy New Year. There’s a software risk gaining attention and there’s a good chance you’ll need help diagnosing and repairing it. You don’t need to hoard gas, cash and toilet paper, just be aware and do the repair Joshua pesky from roundtable technology, sorts it out And Tony’s take two. Thank you jean and Amy sponsored by turn to communications. Pr and content for nonprofits. Your story is their mission turn hyphen two dot c o.

[00:01:45.14] spk_2:
It’s a pleasure to welcome back Joshua pesky eh he has spent nearly three decades leading technology change for over 1000 nonprofits. It’s especially dedicated to improving cybersecurity in the nonprofit sector and works regularly with at risk organizations to address digital security challenges. He regularly presents and teachers on topics including technology strategy, cybersecurity project and Change management. You’ll find him at Joshua pesky a and the company is roundtable technology, Joshua. Welcome back to nonprofit

[00:01:54.14] spk_3:
radio It is an absolute pleasure to be here. tony Thank you so much for having me on.

[00:01:58.17] spk_2:
Oh, it’s it’s my pleasure to and it’s been the three years or some since, since 18. NTCC

[00:02:05.47] spk_3:
when you were Yeah, which was that the no that was the second to last in person in TC they did the 2019 1 and then it’s been virtual since Yeah,

[00:02:14.24] spk_2:
2nd the last yes

[00:02:16.74] spk_3:
and Happy New Year. Happy New Year to you as well. Happy holidays to you and all your listeners as well.

[00:02:26.24] spk_2:
They’re our listeners today. Not my listen, they’re ours share and share. That’s fair. Our listeners.

[00:02:30.24] spk_1:
Um all right.

[00:02:42.74] spk_2:
Log four J potential security vulnerability that uh, well it is a security vulnerability that nonprofits potentially have give us the, the the 30,000 ft view before we dive in. What, what is this log for? J?

[00:05:43.74] spk_3:
Yeah. So log four J. First of all, on a technical level is a java based, that means the programming language that it’s written in his java and it’s a logging utility that is used predominantly on servers on what are known as Apache servers which run just a huge amount of the things that run on the internet. And this logging utility um, is a little bit of code that developers used to log things that happen on the server and then generate reports or create actions to help them identify bugs or other things that would go on. So that’s what log four J is and it’s very, very widely used. Um, and unfortunately it was disclosed, I think around December 10 was when it became public knowledge that there’s a pretty rough vulnerability in it that allows an attacker to essentially take control of a server that is running log for J in an incredibly simple way. And the organizations like the center for Information security um and the cybersecurity and infrastructure security agency or cisa um they use this um terminology called si ves which is common vulnerabilities and exposures I think um I always forget what that stands for. Um yeah, common vulnerabilities and exposures are cbe, they have ratings of like 0 to 10 for how bad it is. So zero is like that’s not too bad. 10 is this is Armageddon and this is a 10 and the reason it’s a 10 okay, is twofold in the most simple way. One is that it’s a actually, I’ll say three. Okay, there’s three reasons. One is that it the vulnerability is the most, the worst thing possible that the exploit of the vulnerability allows complete takeover of the system that is exploited. So if your server is running this log four J utility and I can send it a single packet of data, I can take it over and now do anything I want on that system. So it’s really bad. Second is that at a rough estimate, uh this is running on something on the order of three billion devices um that are connected to the internet in some way. So it’s running on everything. And the third thing is that doing the exploit is incredibly easy. So a 12 year old can go download a little bit of code off the Internet and automate it and go out and find servers that are running along for J and take them over. So incredibly easy to exploit. And the combination of those three things is why all the security experts around the world started freaking out To varying degrees around December 10.

[00:05:55.54] spk_2:
Okay. And and sister calls it a 10 out of 10. Yeah, this is all very interesting. I just saw the movie. Don’t look up with Leonardo Dicaprio jennifer Adams, Meryl Streep.

[00:06:00.49] spk_3:
Someone was just telling you about this movie. I have not seen it yet, but mixed things about it. But yeah,

[00:07:24.24] spk_2:
a comment is coming to earth. Uh, they this comment is categorized as a planet killer. Uh, and the President Meryl Streep is uh, not initially focused, you know, and she, in the first meeting with the two folks who have identified this comment and its trajectory right toward Earth. You know, she decides to sit tight and assess and, and their estimate is that the comment is gonna hit Earth within six months. And it’s a it’s a planet killer. It’ll it’ll make us extinct. But she takes a sit sit tight and assess approach. Yeah. Right. So, so I’m I’m tempted. Um, No, but I don’t wanna I don’t wanna be that like physical about it. Um, but I want to keep things in perspective too. So, but 10 out of 10, you know, from sister. That’s that’s significant that obviously. So. All right. And thank you for explaining why it’s called log four J and what a logging application is. I’ve I’ve sometimes looked at logs and it’s just thousands of lines of activity that could be incremental, like every every couple of seconds or something depending on what the, what the, what the, what the activity is that the log is logging. Um it mean it means nothing to me but

[00:08:14.94] spk_3:
to write essentially a bit of code that runs on servers. Um there’s a really funny XK C D cartoon. I can, I can send you if you want to include in the show notes. Um XK C D is a cartoon by a cartoonist named Randall munroe. And he created this cartoon like two years ago. That’s like uh you know, the entire internet infrastructure. And it’s like this giant kind of house of cards thing, you know that everything is on top of. And then at the very bottom there’s like this one thing that’s holding the whole thing up and it’s like, this is a bit of code written for free and maintained for free by some developer in a small town in Nebraska. And this was like two or three years ago that he wrote this because he’s kind of like noting how so much of the critical infrastructure of the internet are just open source free projects that people maintain in their free time. And this is, this is almost literally that like this is just a utility that someone made a long time ago that no one pays for that’s free to use that was useful and everybody used it. And then it was like, oh, this has a vulnerability. We we now have to fix it and it’s everywhere.

[00:08:29.53] spk_2:
Send me a link to that that drawing because I know the one you’re talking. Another one you’re talking about. I think I saw it on your linkedin.

[00:08:35.54] spk_3:
Yes, Yeah, yeah, yeah.

[00:08:37.35] spk_2:
But I want to include it. I’m gonna put it next

[00:08:39.11] spk_3:
to your headshot show in our show notes. Yes.

[00:09:35.04] spk_1:
It’s time for a break. Turn to communications Your 2022 communications plan, lots of projects on their, lots of writing. You can take the biggest projects off your plate and outsource them. Free up staff time to devote to the work. It’s not feasible to outsource the annual report does not need to be done in house just because it always has been, doesn’t mean it has to be. How about research reports, white papers, this stuff can be outsourced. Do you need help with your writing projects in 2022? Turn to communications, your story is their mission turn hyphen two dot c o Now back to nonprofit software vulnerability with Log four J and Joshua Pesky EH

[00:09:44.04] spk_2:
And you also said it’s on three billion devices now, potentially. So it’s not just server level. Right? This could be an

[00:12:36.74] spk_3:
individual works problem. Yeah. And so, so here’s where everybody’s gonna start panicking, right? Which is, they’re like, well, if there’s three billion devices go ahead. Yeah well we don’t wanna panic. Right. Right so so people are thinking oh gosh I must have one of those devices or or more more of them in my home. And so the first thing is just you know calm down take a breath. Um But it it’s the most critical things are you know from a prioritization standpoint are things that accept input from the internet. Now this might be something that non technical people would would have difficulty understanding. But the average computer that you’re using or the printer in your home most likely is not accepting input from the internet meaning someone from the internet can’t just go and communicate with your printer or your coffee maker or your amazon Alexa. Right? Because it’s not accepting input from the internet. The way most devices on most networks and in most homes work is it’s a kind of one way invitation traffic rule. So your computer can get data from the internet and in that respect accepts input because the data comes in. But the only way data comes in is when you request it. So when you type google dot com in your web browser your computer is essentially making a request out to the internet and saying I’d like this information sent to me and then the internet sends it. But the internet can’t on its own. No one out of the internet on their own can send data to your computer without you requesting it. Okay that’s most cases, most people wouldn’t know whether their network or their devices are set up to receive input from the internet or not. But mostly they wouldn’t be they would have to have done something specifically to put themselves in a state where their home devices would be accepting data from the internet. But if you have a server that you’re using for any reason in your organization that accepts input from the internet then that server is if that server has this vulnerability on it by the time you’re hearing this podcast, it’s probably compromised already. And the term that cisa and C. I. S. And other security agencies uses assume compromise and that’s the stance they’ve had for several weeks. Now we’re recording this in december 28th. If you’re listening to this, let’s say january 15th. You know you’re and you have a server or more servers that are X. That are accepting input from the internet that have this vulnerability and you’ve done nothing about it at this point. You would assume compromise and that means um you need help. You need someone who knows how to go look at your server and look for indications of compromise and remediate them meaning fix them and undo them so that your server is not compromised. Um You’ll need help at that point. Okay

[00:13:04.94] spk_2:
let’s start with the first of all, thank you for being a calm voice and and explaining things. So you keep yourself out of jargon jail, which I appreciate our listeners appreciate. I I hate to slap you into jargon jail so

[00:13:09.83] spk_3:
but keep me keep me honest on it, tony If I, if I say stuff that’s like, you know, if I’m either being condescending or you know, you know, saying things that you are not, you know, the folks aren’t gonna understand. Call me out all the time. I

[00:13:53.94] spk_2:
will well condescending, I’ll just shut off your mic and we’ll just end perfect. I don’t I don’t tolerate condescension but jargon that’s recoverable. So let’s start with the case. Uh, you know, our listeners are small and midsize nonprofits. Let’s start with the nonprofit that does not have a person devoted to I. T. Let alone a team or you know, doesn’t have a devoted consultant. Do they need a consultant? Can they what what what should the non I. T. Affiliated nonprofit?

[00:17:13.64] spk_3:
Sure. So let’s say you’re you know f 5 to 50 person nonprofit. Maybe even up to 100 staff. Okay. And you have no dedicated I. T. Person, maybe you have an accidental Tuckey maybe of like a you know joe or jane laptop that helps you out with stuff, you know, as a consultant or maybe you work with a small managed service provider. Um someone who helps you with your technical, but let’s say you don’t have any dedicated resource. Okay. Whether you’ll need help or not, depends on whether the directions that I’m going to give you now are something you could do or you have someone in your organization who could do this. So what you would need to do okay is I’m gonna use two big words and then I’ll explain them. Enumerate and remediate. Okay. These are the two most important things to do in order. Enumerate. All right. Or enumeration is the act of figuring out what are all the things we have that may be vulnerable to this exploit. Okay. So I’ll give you just a simple example. We know uh and there’s a link will give you in the resource because again, C I s has a resource of all of the software applications, products, devices that are known to have a log for j vulnerability in that. So let’s say for example, I’m a typical nonprofit and we’re we have out of our 10 staff. We have five of them that use tableau desktop because we purchased it from tech soup and we used Tableau to do some data visualizations. That’s a really common application that lots of nonprofits would have running on their desktop. They probably aren’t updating it that regularly. Could be an older version Tableau which is now owned by Salesforce. So it shows up under Salesforce is listed in this directory of all the vulnerable applications. So you need to if you know that I have Tableau, I need to go to this list I need to search for Tableau and then I need to follow the links to see if the versions of Tableau that I have are in fact vulnerable and if so what I’m supposed to do about that, which is usually going to be to run some patch that updates it. So you need to do that for everything that you have. So the enumeration part is figuring out what’s all the software and devices that we have. Our firewalls are wireless access points are the operating systems that run on our computers, the software that runs in our computers and for many organizations, you’re already saying we have no idea about any of those things. We don’t have that written down anywhere. We don’t and that’s a real problem. And that that problem, you know, when, when you go to best practices about how to govern technology, they’ll say have an inventory, have it current, you know, having automated, so you can just go look online and right, this is why this is one of the reasons why that’s really important. If you don’t have that, this job at this time becomes extremely difficult for you. But if you don’t do it, You have no idea what vulnerabilities you have. It’s like not going in to get a physical in your doctor’s office for 20 years. You know, when you finally do go in, you’re probably gonna find a bunch of things that you maybe would have wished you found out earlier.

[00:17:20.14] spk_2:
Alright. So even before we get to remediation. Enumeration sounds overwhelming.

[00:17:47.04] spk_3:
If that sounds overwhelming then you need help. If there’s some if you have your accidental tech in your organization, you play them that part of this interview and you asked them could you do that? Apologize for sirens coming by? I don’t know how my Yeah, sorry about that. But if that person listens to it and says yes, I can do that. Give me a day or two. I’m pretty sure I can do that. Hey then you can do it if you have them listen to that and they’re like, I absolutely can’t do that. That sounds totally. Then you need help.

[00:18:01.14] spk_2:
Okay, let’s go to remediation then. So once you found out where your potential vulnerabilities are,

[00:18:07.04] spk_3:
yes, we do this

[00:18:08.04] spk_2:
patching. It sounds like in

[00:19:46.94] spk_3:
most cases exactly. So we’re saying okay, we’ve got five people running Tableau desktop, this is the remediation that we need. This is the software that needs to be updated. This is the setting that needs to be changed. I just whatever the instruction says, I need to go do it and check it off my list. So let’s say we have a sonic wall firewall that’s in our office network and that’s still running and we still have people coming to the office. So we need that to work. I need to go to the C. I. S for the enumeration piece um go see if the model of Sonic wall and the software version that we have on it. That’s our firewall. Is that listed here? If it’s not? Yeah. See we’re good. I can check that off the list if it is listed now. I need to follow the link through and see what is the remediation that I’m supposed to do to fix the vulnerability. Right. The enumeration part is I now know it’s vulnerable because it showed up on the list and then I verified it’s and it’s part of why this is hard for non technical people is you know, sonic wall has I don’t know 100 different firewalls that are out there in the world. Maybe more than that. And they’re at all different software versions. Right? And firmware versions. Firmware is like software that sits on a hardware device so it’s typically called firmware. Alright? But it’s just like software, you update it just like any other software and so I need to both see what model of sonic while I have the software or form firmware version that I’m running on it verify whether that sonic wall and that software version are vulnerable. And if so what I need to do to remediated and I need to do that for everything that I have. All right.

[00:19:56.94] spk_2:
Let’s just let’s let’s just get help. You’re just gonna have to if you don’t have someone devoted who can do this like like Joshua said play it back for them. It sounds it sounds as far into them as it does to me. You need you need you need help. You need help. Alright.

[00:21:38.64] spk_3:
And the urgency is like if if you have again public internet facing stuff, if you have if you know or think you have a server that accepts input from the internet, right? Again, if you don’t understand how to even know that, then you need help. If you have no organization that can help you understand that. But if you do know that that is by far your top priority and again, by the time you’re listening to this, if you haven’t done it, assume compromise. It’s it’s probably it’s not that it’s too late but it’s but you’ve probably been compromised already. And so the question is what do we do from that point? Um and what you’d like to do is learn about it before you learn about it from a ransomware demand. Right? Because what’s what you’re worried about is that that compromise will eventually be exploited by what what Attackers are doing is exploiting systems and then putting in persistence meaning a way for them to stay connected to the environment. Once this vulnerability is patched. So if they’ve done that, once you patch the vulnerability, it doesn’t matter because their persistence is already there on the system. Right? So the next thing they do is exploit you by doing a ransomware attack or installing crypto miner software on your server or doing any of a dozen other things to leverage the resource that they have taken over and what you’d like to do is find out that they’re there and remove them before they notify you by sending you a ransom or notice.

[00:21:47.94] spk_2:
Okay, we need help.

[00:22:04.04] spk_1:
It’s time for Tony’s take two. Thank you. Gene Takagi and Amy sample Ward our contributors, you know them, I barely I don’t even have to say it right. You know, I have to honor them

[00:22:05.94] spk_2:
to give them tribute,

[00:22:20.34] spk_1:
but you don’t really need me to introduce them. You know that Jean is our legal contributor and that AMY is our technology and social media contributor, you know this and longstanding to boot

[00:22:22.64] spk_2:
jean.

[00:22:36.94] spk_1:
Gene has been with nonprofit radio and me Since the first several shows, it was 2010 kicked off the show in July 2010. And jean was on very soon

[00:22:40.44] spk_2:
after the very first show

[00:24:03.14] spk_1:
early, early early days, AMy sample ward joined at the 100th show. So that would have been July of 2012 50 shows a year. Mhm I’m grateful. You know, they take time each time they’re coming on. You know, they come up with the topics we we exchange messages about them talk a little bit sometimes, but you know, they’re doing the lion’s share of the work and then of course, you know, thinking about how best to explain it and then spending the time to explain it all valuable for you all great value for you. So I am grateful to them for so many years of contributing to nonprofit radio and helping you listeners. Our listeners thank you jean thank you amy That is Tony’s take two. We’ve got barely a butt load more time for nonprofit software vulnerability with Log four J. This week is short less time to get aware, more time to do the repair. And I’m gonna I’m gonna keep pushing this rhyme until I can’t stand to hear it anymore. Let’s continue.

[00:24:15.94] spk_2:
If you have an I. T. Devoted team, then certainly by the time that I’m playing this that that team must know that otherwise you need to fire your team and and get a new

[00:24:30.94] spk_3:
team if you have a if you have a cybersecurity, if you have someone who purports to be a professional information technology provider, right? Whether they are your own staff or whether they are an outsourced provider And they haven’t talked to you about log 4J. And what they’re doing about it then. I don’t believe that they’re serving you very well. I think that’s fair to say,

[00:24:40.54] spk_2:
okay, well we’ll leave it at that. Well let the ceo and executive directors deal with their C.

[00:24:47.85] spk_3:
IOS and

[00:25:13.64] spk_2:
uh I. T. I. T. Managers. Okay now I looked at the uh the cisa cisa again as the cybersecurity and infrastructure security agency. Um just for context. That’s that that’s the agency that Christopher Krebs came out of in the trump administration and said that 2020 presidential election was the most secure election in the nation’s history. That’s that’s

[00:25:16.31] spk_3:
system the cyber summarily fired but that’s a separate

[00:25:20.66] spk_2:
Yes, he was he was fired but he said yes,

[00:25:24.22] spk_1:
I’m trying to stay away from

[00:25:25.78] spk_3:
I’m a huge fan of So this is

[00:25:29.20] spk_2:
offered not for political purpose. This is offered for context.

[00:25:32.74] spk_3:
Yeah, for context. That is that is set to and there there I believe part of homeland security.

[00:26:13.94] spk_2:
Yes, they are part of the homeland Security agency. Yes. And they, you know, they’re the ones who said 10 out of 10. And in at a press release they said quote, this vulnerability poses a severe risk. They called it a severe risk, end quote. So you can go there, you can go to assistant dot gov and they have a page called Apache log four J vulnerability guidance. You can search that system dot gov. Apache log four J vulnerability guidance. Without me giving you full U R. L. Of the page. Just just search that and they have a couple of valuable links as

[00:26:16.37] spk_3:
well. And and we have links to all that from our website. So if you want to start at round table, just go to our website, search log four J. You’ll find our our blog which we update as we have updates and that has all the links in it as well

[00:26:34.34] spk_2:
and that is roundtable technology dot com if you want to follow Joshua, Joshua pes K.

[00:27:00.44] spk_3:
A. Y. Yeah. Although you’re better off following at round table I. T. I’m I’m not on social as a rule like a little thing but I really don’t touch twitter or facebook really. Ever so twitter or roundtables, twitter is at round table I. T. Um And that’s a better place to follow. That’s where you’ll that’s where you’ll get updates of things. You won’t get anything from following me because I don’t post to twitter hardly hell with Joshua pesky.

[00:27:03.63] spk_2:
Don’t follow at Joshua follow at round table I. T. If you’re following Joshua pesky unfollowed, you’re wasting your you’re hurting your follower,

[00:27:13.44] spk_3:
It’s a follower following it. And uh and I don’t I don’t even know if I get notifications if you try to dm me like that, you know if you want to contact me. It’s Joshua roundtable technology dot com. It’s very easy to find me that way.

[00:27:25.94] spk_2:
Alright. Don’t use twitter, you’re hurting your ratios unfollowed

[00:27:29.49] spk_3:
him. If you ever our apologies to all you social folks, I’m just not a social guy in that regard

[00:27:35.44] spk_2:
now you sound very sociable otherwise just

[00:27:37.52] spk_3:
not really. Yeah. In person on zoom over the phone incredibly social online. Unfortunately not so much.

[00:27:44.57] spk_2:
Okay. And humble as well,

[00:27:46.94] spk_1:
let’s go to

[00:27:52.64] spk_2:
Something that you have on January 27. You have a training coming up, tell us about

[00:30:09.64] spk_3:
that. Oh my gosh we have, it’s a mouthful. So I’ll spit it out the sixth, annual, best free one hour cyber security awareness training ever. My colleague Destiny Bowers, who is an absolute delight and also brilliant and who have worked with for a long time. She and I six years ago started doing awareness trainings with the goal of giving nonprofit organizations and small businesses an opportunity to get all of their staff cyber security awareness training at least once a year for free in a way that would be easily accessible for them, would be fun and would give them some incentives to for their staff to attend. So not only is the training free for literally your entire organization to attend, But we offer prizes over the course of our one hour training, so people have an opportunity to win up to $100. We give out typically $100 gift card, $50 gift card, $25 gift card and then we’ll give out other gift cards or, or prizes throughout the training. But at the end we do a quiz that is competitive. And so if you win the quiz, you have an opportunity to win $100. Uh and an amazon gift card is what we typically give out. And so you can tell your staff your, if you’re a nonprofit leader, hey everybody sign up for this, it’s gonna be a fun training Joshua and Destiny will try to make an entertaining, brisk and enjoyable and you have an opportunity to win prizes. And if you sign up with your organizational email, you know, uh, tony at my nonprofit dot org, then roundtable will actually send the organization a list of everybody that attended the training from their organization. So if you have a regulatory requirement that says, we have to train our staff, you know, with awareness training once a year, this can actually satisfy that regulatory requirement. If you’re in new york, new york shield law requires that you provide awareness training to your staff. So you can literally satisfy this regulatory requirement by having all of your staff attend this training, which again, is free and not only free, but you can tell your staff, hey, you can even win prizes by attending

[00:30:14.94] spk_2:
right. Win big prizes, free, epic, best ever training. More, more humility

[00:30:25.64] spk_3:
from Joshua, pesky. Yeah, again, the humility best ever. Yeah. And we say that every year because of course every year is is just a little bit better than the previous year. So it continues to be the best ever training until someone comes to us and says, you know, actually the training you guys did in 2019 was better than this one. So I don’t think this was the best ever, but no one you would, you

[00:30:47.74] spk_2:
would have the best you, they would be saying that you were one upped by yourself, there wouldn’t be any other,

[00:31:00.14] spk_3:
I I can’t conceive that there could possibly be any other training other than ourselves. I really feel like Myspace of best free one hour cyber security awareness training, I feel like we are really are our only competition. I

[00:31:12.04] spk_2:
hope you know what the word means. There’s a nod to, there’s a nod to Princess Bride inconceivable that there could be another another entity offering, offer anything offering anything comparable in cybersecurity. Alright, so where do we go for this damn thing?

[00:31:20.10] spk_3:
It is, I couldn’t make it any easier for you.

[00:31:22.87] spk_2:
It’s very simple.

[00:31:54.44] spk_3:
Go ahead. Best dot r t t as in roundtable technology dot N.Y.C. as in new york city doesn’t mean you have to be in new york city to attend anywhere in the world you can attend? So best dot r t t dot N.Y.C. If you go to that, you are l you’ll go right to our registration page and send it to all your staff again, have all of them sign up and you can all compete together and compete for prizes, have a good time getting awareness training and we, I love doing it, it’s sort of our gift to the nonprofit community to try to provide this training and make it fun and accessible for everybody and we’ve had so much fun, we keep doing it year after year.

[00:32:07.24] spk_2:
Is there a video, If folks cannot attend

[00:32:23.84] spk_3:
On January 27, sign up as with all things, then a recording will be sent to you the day after and you can take that recording and you can add it to your learning management system. If you have one too you know onboard your new staff whatever you want to do but of course you can’t win the prizes unless you attend the live strengthen

[00:32:28.84] spk_2:
you have to be like you have you must be must be present to

[00:32:32.14] spk_3:
win. Yeah

[00:32:32.67] spk_2:
win the big prizes in the in the epic best ever cyber security training. You’ll have to be present on january 27th 2022. At what time

[00:33:04.54] spk_3:
is one p.m. Eastern time? That’ll be 10 AM pacific time. That’ll be noon Central time if there is anyone out there on mountain time I don’t know where you’re at in regards to daylight savings. I forget if you’re on pacific time or Central time now so you figure that one out. If you’re on Mountain time, I’m sorry I wish I knew people

[00:33:12.74] spk_2:
will know people will be able to extrapolate hopefully from the Eastern time disclosure of of one p.m. eastern

[00:33:54.04] spk_3:
and we’ve even had organizations who we know nothing about you know who aren’t clients of ours reach out to us and say you know they found it on Youtube or whatever and they said can we you know use this recording for our on boarding package for our own staff or do we need to pay you or do you have rights or anything and then I’ll answer that question now for all of your listeners tony go ahead. Free take it, it’s yours. So if you sign up, you don’t attend live, you grab the recording, you chop it up and use it to onboard your new staff for the next year. That makes us super happy. Do it with our blessing. Don’t even have to tell us. Thank you. Okay,

[00:34:22.94] spk_2:
we’ve now spent as much time talking about the january 27th training as we have the subject of the podcast and the video, which is the log four j vulnerability for nonprofits. He’s Joshua pesky. They don’t follow him so I’m not going to repeat his, his twitter handle but follow roundtable at round table i. T. The company is at roundtable technology dot com. He’s Joshua pesky eh, thank you very much,

[00:34:23.61] spk_3:
Joshua tony thank you. It’s been an absolute pleasure,

[00:34:26.81] spk_2:
my pleasure as well. Thanks so much.

[00:34:54.64] spk_1:
Next week Legal Outlook for 2022 with our Gene Takagi. If you’re not aware, you cannot repair if you missed any part of this week’s show. I beseech you find it at tony-martignetti dot com. We’re sponsored by turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot C. O. That’s the end of the aware repair rhyme scheme. It’s now ended

[00:35:31.84] spk_0:
our creative producer is Claire Meyerhoff shows social media is by Susan Chavez marc Silverman is our web guy and this music is by scott stein, thank you for that information scotty Be with me next week for nonprofit radio big nonprofit ideas for the other 95%. Go out and be great.

Nonprofit Radio for June 28, 2021: Center Equity & Tech In Your Hiring, Retention & Training

My Guest:

Amy Sample Ward: Center Equity & Tech In Your Hiring, Retention & Training

Amy Sample Ward

Amy Sample Ward returns for a valuable, fun conversation that starts with the #ShowTheSalary campaign and winds into technology strategies for treating your staff like adults and learners. She’s our technology and social media contributor, and CEO of NTEN.

 

 

Listen to the podcast

Get Nonprofit Radio insider alerts!

 

 

I love our sponsors!

Turn Two Communications: PR and content for nonprofits. Your story is our mission.

 

Sendinblue: The only all-in-one digital marketing platform empowering nonprofits to grow.

 

We’re the #1 Podcast for Nonprofits, With 13,000+ Weekly Listeners

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.
View Full Transcript

Transcript for 547_tony_martignetti_nonprofit_radio_20210628.mp3

Processed on: 2021-06-29T12:48:45.958Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2021…06…547_tony_martignetti_nonprofit_radio_20210628.mp3.449627571.json
Path to text: transcripts/2021/06/547_tony_martignetti_nonprofit_radio_20210628.txt

[00:02:04.04] spk_1:
Hello and welcome to Tony-Martignetti non profit radio big non profit ideas for the other 95%. I’m your aptly named host of your favorite abdominal podcast. Oh, I’m glad you’re with me. I’d be forced to endure the pain of para Nicaea if you infected me with the idea that you missed this week’s show center equity and tech in your hiring retention and training. Amy sample Ward returns for a valuable fund conversation that starts with the show the salary campaign and winds into technology strategies for treating your staff like adults and learners. She’s our technology and social media contributor and ceo of N 10 on tony state too. Let’s rejoice, we’re sponsored by turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot C o. And by sending blue the only all in one digital marketing platform empowering non profits to grow. tony-dot-M.A.-slash-Pursuant in blue, let’s get started, shall we, what do you say here is center equity and tech in your hiring retention and training. It’s always a pleasure to welcome back Amy sample ward. You know her, you know who she is, she’s our technology and social media contributor and she’s the Ceo of N 10. Her most recent co authored book is social change anytime everywhere about online multi channel engagement. She’s at a me sample ward dot org and at AMy R. S Ward, Welcome back amy,

[00:02:05.44] spk_0:
it’s been so long.

[00:02:15.34] spk_1:
I know it’s been several months. I didn’t even look back. It’s been too long, but let’s not, let’s not dwell on that. We’ll get, it’s my job to fix it.

[00:02:16.81] spk_0:
So what is time anyway? You

[00:02:19.37] spk_1:
know? Oh, that’s an existential question that we don’t have the time to answer what time is. So, um, you’re well in Oregon. Yes.

[00:03:00.44] spk_0:
Yeah. Doing pretty well hot. We’re hot in Oregon. We’ve got, we’ve got a hot hot keep wave and a hot summer ahead of us, but otherwise doing okay. And you know, I think like a lot of parts of the country, the kind of atmosphere feels like it’s lifting a little bit as, as cities kind of open up more because because it is summer, even if it’s super hot, it’s better to be outside and see other people, You know, I think after a long hard winter, people really just be inside

[00:03:08.12] spk_1:
Last summer, largely the same. Yeah, at least if you were doing the right thing. So yes, it beats the hell out of summer, 2020,

[00:03:15.10] spk_0:
right? Yeah.

[00:03:17.44] spk_1:
Although I’m sorry that climate change has contributed to bad temperatures in Oregon and

[00:03:22.55] spk_0:
yeah, yeah, we’ve already, it’s already fire season here and fire

[00:03:27.78] spk_1:
season is all the year now. Now California just doesn’t even have a fire season anymore. They just have fire fire

[00:04:40.64] spk_0:
thinking about, you know, how many And and 10 has community members all over the us Canada Europe all around the world. Um, and so it’s something we’re always thinking about is, you know, what’s going on and for somebody that might open an email or show up to a court. So being one of our cohort programs where we’re really kind of expecting a lot of you over an extended period of time and, you know, there’s folks in so many different geography, so many different identities, so many different kind of compounding factors where it just might not be a day that you can join of course, you know, and we have done a lot of work, kind of, all of all of 2020 started in 2019 and launched this calendar year with a number of changes to our programs so that people were better able to say, yeah, this isn’t the day that I can join us and that they weren’t kind of like slowly slipping behind or slipping out of any of our programs, that the system was already built for them to be like, yeah, not today. You know, uh again,

[00:05:15.54] spk_1:
we’re gonna talk about that to me that falls under the rubric of tech equity. We’re gonna we’re gonna talk about that. Let’s start with the something I know is on your mind. The show the salary campaign. There was it was a critical piece In the chronicle of philanthropy. Just yesterday, we’re recording on June 23 yesterday. There was a piece by Vincent Robinson, critical of show the salary campaign. Let’s acquaint folks with what show the salary is

[00:06:21.64] spk_0:
for sure. So I think show the salary like hashtag no spaces show the salary is a campaign, but it is not the only movement for there are many, many folks, many different hashtags, many different appeals to the sector at large, whether that’s foundation jobs or nonprofit jobs, whoever to include the salary, whether that’s a hard and fast number or that’s a range in every job hosting from Ceo to to any other position really because of the number of dynamics that come when you don’t show that salary and the privilege that it really wraps itself around, um that it’s not creating an equitable opportunity or access point for all different kinds of folks to apply for that job. And show the show salary is one of these campaigns and efforts to encourage folks whether by asking nicely or shaming whichever direction works to get people to do it

[00:07:41.14] spk_1:
all right. And some of the some of the reasons that showing the salary is important are I know that it gives an advantage to folks who negotiate salary better, which is typically white men. They are more confident in their negotiations. They have better outcomes when they attempt to negotiate. If not even better outcomes, they at least get get a better reaction when they attempt to negotiate. So it gives advantage to the white privileged. Um It’s um it’s disadvantageous in that you might be, I mean this this applies to everybody. You you might spend your time applying for a job that’s beneath your salary requirement. We all got to cover. We all got to cover a monthly nut. And if your salary isn’t gonna do it, you gotta go through a a laborious process to find that out. Maybe a couple of interviews, several hours your research time, you’re spiffing up your resume time, your credentials. So why should I hide it from anybody? Um on the positive side, he promotes transparency and you’d like to hire people who want to work for transparent organizations and people want to work for transparent organization? What am what am I what am I leaving out of the why the advantages, the reasons for showing the salary?

[00:08:32.14] spk_0:
I mean, I think all of those are right. And also all of those are kind of like doorways into an entire, you know, grouping of arguments that are related to them, right? And I think it intend we really um combined when we’re trying to mask or compelled or encourage or convince other organizations to include salaries to us that means compensation and generally make clear what your benefits really are. Don’t say generous benefits because to your point, if someone is um has chronic illness and they know that health care is going to be a really important part of the benefits they get and all that you’ve said is generous benefits. They don’t know how to navigate if that’s going to be worth their time competitive

[00:08:54.34] spk_1:
Really. You know, when you think about these things critically, which, you know, it’s, it’s just uh you know, for me at 59 years old, it’s what I grew up with commensurate salary, salary commenced with the experience and generous benefits. No, but if you do think about that well, it really communicates nothing generous, generous by whose standards commensurate by what type of experience

[00:08:57.34] spk_0:
and with the arbiter of that. Right?

[00:08:59.53] spk_1:
Well who is it? Yeah, who is? Right.

[00:10:24.74] spk_0:
Yeah. I think especially as uh folks are starting to maybe in a token izing way, look to increase the number of black indigenous staff of color, um, L G B T Q I plus like all different, you know, quote unquote diverse metrics for their staff. Those folks want to know that they are going to be evaluated by something they opted into, Right? So seeing something like, oh, it’s commensurate with experience. Well, if you are excited to hire me because I also speak spanish, but you’re not, you’re not giving me a salary because of that, then that’s probably not a great place, right? Like all of those decisions add up to a picture that’s getting painted to potential staff before they even apply, let alone are hired and start there. And if you think about, you know, what is this picture we’re painting? Is it just like murky and you can’t see anything isn’t really clear. We painted a beautiful picture of this land. They could come come join. You know, it isn’t just like what’s in the organization’s interest because you really want to be able to negotiate with someone. I would, I would invite a bit of reflection on why you want to change something, you know, because if you don’t already know how much you can pay, that’s how much you can pay. And if you don’t, then you’re probably not ready to start hiring.

[00:11:23.84] spk_1:
Okay. Uh, Vincent Robinson pushed back against the show the salary campaign. His his main point is that now he is a recruiter. He makes a point of saying that his practice is devoted to expanding diversity and accessibility among job applicant among applicants. Yes. And placements that he makes uh, he says that 90% of the candidates that he places are diverse. Bye bye. Common standards. Alright, So let’s, let’s just assume that that’s all the case. Uh, take him at his word for that. He says that the main problem with the show, the salary campaign is that it actually disadvantages folks. Um what’s this point? Because

[00:11:32.54] spk_0:
I mean, essentially, if I can, can recap it, um, the way that we read it and have discussed, invented is essentially saying that by disclosing that salary, so don’t already make it discouraged, right? Would feel that they wouldn’t go for that job. And

[00:12:22.64] spk_1:
Their if their current as it uses the example of someone whose salary is $60,000 and they feel they’re eminently qualified for a job that posts range, or a salary of $150,000, that they will be discouraged from applying because they feel they’re not worthy of that salary. And he says that he has counseled many people in that situation that they should absolutely apply. What does the I’m not I don’t want to make you a spokesman for the show, the salary campaign. We don’t even know who the members of the show the salary campaign are, which we are going to talk about. The secretive side of that. I’m curious about that. We’ll get to that as an advocate for show the salary. What do you say to Mr Robinson?

[00:15:23.34] spk_0:
Sure, I wouldn’t have nothing to do with the show, the salary campaign. And as far as I understand it, it’s a campaign started by nonprofit staff in the charity sector in the UK. Um wow, she and being in love with their julie and I have nothing to do with it. But there are, you know, folks like Julie and the community centric fundraising community and 10 lots of folks in the us have also been calling for this. I think the idea that someone would see a higher salary and think that they are not qualified. I’m not going to say that doesn’t exist like humans are complicated, dynamic, interesting creatures. And I’m sure there are people for whom they have experienced a lifetime of internalized messages that they are not worthy of that job, right? That is not going to be changed by all organizations continuing to hide the salary. We’re not changing the sectors general attitude that everyone deserves more money by hiding salary. So even if, even if there are individual use cases where people were discouraged because of a high salary, that is not a validation for not disclosing it. And ultimately, by showing those salaries, you’re encouraging peer organizations to equally pay that much for the similar title or scoped positions. Um, You know, I think another perspective, we talked about an intent was, well, if that person is making 60,000 there in an organization that has the full kind of, uh, equate herbal scope to that other position, then they probably shouldn’t be making 60. And the issue is that they are currently making too little, not that they are not qualified for a job that makes twice as much right. That the real issue is, is their current place of employment and that that place they should be able to use that job posting to say, hey, I like a race. I think the dynamic that’s not spoken about in the Chronicle piece that I do think is an important part of the conversation about hiring in the sector is the fact that that articles written by a recruit and I think that I have experienced and seen and coached many people applying for jobs who have a very different uh understanding or expectation or assumptions about what’s going on when they are dealing with a recruiter, then when they are applying directly to the organization. I think there’s a lot of messaging and marketing that recruitment firms are, you know, leadership or C. I. O. C Suite ceo type of jobs. And those feel like they imply a level of corporate nous, maybe certain size of organization, you know, and those are probably more likely the factors that are making folks feel like they don’t want to go for the job than the fact that it pays more money. But

[00:15:43.84] spk_1:
it’s interesting just the existence of a recruiter could be off putting to a lot of folks who internalize messages about their credentials.

[00:15:45.61] spk_0:
Not that I don’t think people should use recruiters, I definitely think they should, but I think that that’s an unspoken reality that is not factored into that article.

[00:16:01.94] spk_1:
Right. Right. Right. Which I’m not sure that he would even acknowledge. Yeah. But okay, I

[00:16:06.74] spk_0:
wanna, can I can I can I steer us back to the question and you always get to steer Can I give

[00:16:10.01] spk_1:
you latitude

[00:17:36.74] spk_0:
well, because you said something that I thought was interesting and we could talk about for a second earlier when you were saying, you know, expertise. Uh and I think that’s also a big part of all of this, is that If you were to take to job listings that you found, that said the salary and they said they were both $60,000 jobs, right? 60,000? Um as your annual salary? Mhm. I cannot imagine that you would find those two jobs, say they’re looking for the same experience or expertise or scope of job, even if they were both in communications are both in in programs, right? So I feel like there’s also an opportunity to be very open and intentional with how we phrase or or position to potential staff, what we were looking for when we hired you, because if it’s just like, you know how to use this database and you know, you know, you know how to do these tactical things, I don’t know how it matters who it is. You hire hire the first person then, right? Like if that’s the thing that’s most important to you, it’s just that they can technically do these things that feels to me like you maybe don’t even need a human. That’s a

[00:17:51.64] spk_1:
pretty, that’s a pretty shallow job description. If it’s just a list of four things that you need to be able to do it, right, then you just hire the first person who can do those four things and it makes no difference who it is,

[00:18:15.74] spk_0:
right? But I see, you know, intent as a dartboard and um see jobs posted in the sector on twitter et cetera all the time. I feel like hiring is kind of picking up now and I see so much of it is like we really want you to have experience with X database or X website platform or you know, and like does any of that matter? Can’t you teach somebody the

[00:18:19.26] spk_1:
database? It’s all trainable, it’s all right, we need somebody who’s trainable

[00:18:49.24] spk_0:
right? Like eager to learn, interested in doing the work that we do, but not that you already know how to do certain things right? That’s not the most compelling. And again back to that idea of like you’re painting a picture for these potential applicants, you’re painting a picture that like what they’re what they’re part of. That magical garden scene is like you have a hammer, you have a shovel, you have some seed like you know, it’s probably looks not as appealing, right? It looks like, oh yes, this is beautiful garden scene and I will sit over here hammering on the bench.

[00:19:26.14] spk_1:
Uh I mean uh I guess what we’re, what we’re talking about though, depends on the level that you’re hiring too. I mean if if an expertise is required in something that’s not that’s not trainable, I mean you so you have I. T. Staff, you have the luxury of having write your own development team. Um

[00:19:26.79] spk_0:
So yes, he does the work of a team. Okay. Okay.

[00:19:32.40] spk_1:
Yes. We’ll shout him out now. Go ahead

[00:19:34.25] spk_0:
dan. Yeah.

[00:20:02.04] spk_1:
So you have the luxury of having a development person, web development person. Um So, you know, he has to have a basic level of skill or or beyond basic in certain things. I don’t know whether it’s C Plus plus or drooping or you know, whatever. I don’t know. Html Well, we’re beyond html That I know. So, you know, at that point you would, you would advertise a fluency with something, wouldn’t you?

[00:20:09.44] spk_0:
Yeah. I mean when we hired for that position, you know, we certainly wanted to say these are the platforms we’re currently using. Um, but okay. And you need to, you

[00:20:15.11] spk_1:
need to be able to support these.

[00:20:58.64] spk_0:
Yeah. Yeah. But that was, you know, that’s more of like, hey, this is the job. So stop reading if you don’t know what wordpress is, Maybe not the posting for you, but the things that we really want our, that you, I want to be part of a team where every person has leadership responsibility. You know, you’re not just going to be told what to do. Like you also have to come up with what to do and uh, you know, we want everybody on the team helps with the Ntc. You’re going to like carry a sign down the hallway, put it somewhere. Like you don’t just get to sit at a computer. You know, like we really want to communicate that working at what working in china is like and make clear that that’s what we’re looking for, right vs. The list is for this salary. You can do these five technical things.

[00:25:18.94] spk_1:
It’s time for a break. Turn to Communications, The Chronicle of philanthropy, the new york Times, Wall Street Journal, UsA Today stanford Social Innovation Review, the Washington post, The Hill Cranes, nonprofit Quarterly Forbes Market Watch. That’s where turned to clients have gotten recent exposure. You want that kind of press turn to has the relationships to make it happen. Turn hyphen two dot c O. Your story is their mission. It’s time for Tony’s take two. Let’s rejoice this summer. We’ve come so far from a year ago from where we were last summer. Let’s take some pleasure in this summer. I hope you can. Yes, there’s a long ways to go to My state. North Carolina is less than 50% vaccinated, but we’re so much further from where we were last summer. Let’s take some pleasure in how far we have come. I hope that you can do that in your own way. I hope you can schedule some time away or some just some time. It doesn’t even have to be time away. I hope you can schedule time for yourself, family, friends, all of which we couldn’t do couldn’t do safely a year ago. So let’s rejoice in how far we have come while at the same time recognizing there’s a good way to go before we’re out of the woods with this pandemic with the delta variant now and other possibilities of variations. Yeah, we’ve come a long way. I hope that you can take the time for yourself, for your family, for friends to do some rejoicing this summer. Have some fun, whatever form fun takes for you, whatever it is. If it’s crocheting, if it’s travel, if it’s stay home, okay if it’s more time with kids, nieces, nephews, grandchildren, whatever form fun takes for you. I hope you can do it. I hope you can because we are so much further along than we were this time last year. That is Tony’s take two sending blue. It’s an all in one digital marketing platform with tools to build end to end digital campaigns that look professional are affordable and keep you organized. They do digital campaign marketing. Most marketing software is designed for big companies and has that enterprise level price tag, tisk, tisk. It’s your life if you’re using one of those, send in blue is priced for nonprofits, easy to use marketing platform that walks you through the steps of building a campaign to try out, sending blue and get a free month. Hit the listener landing page at send in blue. We’ve got boo koo but loads more time for center equity and tech in your hiring retention and training. Very melodic. It’s like, it’s iambic pentameter. Almost. How do you encourage job posters on the N 10 job board, which I know is one of your more popular pages on the areas on the, on the site at n 10 dot org of course. Um, I know you require salary their number or arrange a minimum or arrange I guess. But beyond that, what, what can you or what can other folks do to either encourage it if they have a job board or working in their own job descriptions.

[00:26:06.84] spk_0:
Yeah, it’s interesting. I think a lot of the other work that we do is not very publicly visible. I have had a number of community members over the years since we’ve been requiring salary where they want to post a position. They themselves had already asked their organization, what’s the salary going to be in the organizations that were not posting it? So then they come to me and say like, I don’t have a lot of positional power. But what I could do is like bring you in on a conversation that put some pressure on, you know, and have some conversation that, that does convince them because even if they didn’t want to do it, they’re doing it gradually. I was looking at them so they did it, you know, you know,

[00:26:10.85] spk_1:
you know that,

[00:26:11.79] spk_0:
well, you

[00:26:13.28] spk_1:
Have the leverage of the N- 10 job board and we’re talking about technology if it detects job, the intent job board is like a Seminole place to be.

[00:26:43.74] spk_0:
Right. Right. So I’ve had lots of places where I’ve either helped people come up with their talking points to take to their team or joined email threads or even had phone calls with hiring managers who weren’t convinced, you know, and just spent 10 minutes talking to them about it, um, to get them kind of to the other side. And I think that’s, You know, while it’s kind of maybe not in my job description, those 10 minute calls or helping somebody with their talking points in a Google dog are changing organizations. And I really love between that work, you know,

[00:27:31.84] spk_1:
but that’s using intense influence the same way you do when you, uh, when you sign contracts for, for the NtC that you insist you have, you have certain requirements from, I guess diversity to food to, you know, whatever you use the leverage, use the leverage in that case it’s dollars in hiring case, it’s the N 10 job board you want to be on it. I mean the bottom line is you got to play by our rules. I’m happy to have a conversation with you about why those rules exist and how they contribute to the in 10 values,

[00:27:33.92] spk_0:
How

[00:27:43.54] spk_1:
they flow from the intent values. Maybe more more eloquent, but more appropriate. But in the end, you know, if you want to be on the job board, you gotta, you gotta use our rules if you want. You want the N 10 money, you want the N 10 conference at your center, then we have, we have certain basic requirements that are unyielding.

[00:28:51.64] spk_0:
Yeah, it’s interesting because the intent job board, of course you can post a job, but I think most people think of when they think of a job board, like a part time or full time organization that you are working for overtime. But we also, you can also post gigs or RFP s shorter term project type posts and we require a salary or budget to be listed on those two and that’s actually the place where we get the most push back. Um and folks will say, well we don’t know what our budget is until people reply to our RFP. And while I understand that, could I feel like reality, there is just like a, just like a potential applicant to become an employee. A potential contractor also doesn’t know if this is a project that they should bother trying to take on if they have no idea what your budget. So again, you don’t know what your budget is. You’re not ready to hire. Call for our FPs. You

[00:28:56.38] spk_1:
Need to know whether this is a $10,000 project or $60,000 project. I mean without saying a range of $10-$60,000, which is, which is worthless. People, people do that. Do they say?

[00:29:08.44] spk_0:
Okay, sometimes? Yes.

[00:29:10.03] spk_1:
Alright, well that’s

[00:31:05.24] spk_0:
worth. Sometimes. Yes, we try and catch those and talk to people. But you know, I think that folks, it’s such, it’s also such a privileged position to say like, well, we don’t even know what the budget is, where what I hear in that is whatever people tell us is what we could pay. And I don’t think that most nonprofits have a relationship to their cash flow, where they could say whatever somebody says is what we should pay, right? You you likely do have a discreet budget range And even if you feel like it’s really low and you’re sad that it would look low, it’s better that that’s on the table at the beginning, before a bunch of firms, you know, do a bunch of work. Um, and 10 actually just closed an RFP for our own, like it was on our job board, but it was our own RFP to do a website redesign project. And um, we had talked to, uh, so many firms in the community, but one had kind of expressed a bit of a surprise that we were anticipating 10, maybe 15 Responses to the RFP. That that would be a lot of responses. Well, we got over 40 and what we heard from a lot of people is the reason we got so many is because the RFP was very clear. It said why that was our budget and what what we could do in house, what we needed somebody else to do. So, because we have taken longer than our original timeline was internally to be really clear in the RV, we were able to get so many more potential folks that wanted to work with us. And now of course, I don’t know how long it’s gonna take us to read this many are applications, but um, it’s a better problem to have than than only a few that submit and none of them feel like a good fit. You know, now we’ll be able to choose from a great difficult group of to decide.

[00:31:45.34] spk_1:
So it ends up being worth the internal time that you spent. It was beyond your projected time because you’ve got 433 times the number of applicants, uh, proposals that you were expecting. All right. Right. Um, uh, so let’s talk about the show the salary campaign. Okay. Now you all right. So you said you’re not you’re not a part of it. I didn’t know that had started in the UK for one. I feel like they, um, they suffer some because it’s all it’s all secretive. They don’t reveal.

[00:31:46.69] spk_0:
Doesn’t need to be like,

[00:32:01.04] spk_1:
well, yeah, I mean, I think credibility, I think naming who you are, at least some of whom you are, helps with credibility. You know, purely

[00:32:02.03] spk_0:
seeking. But they do say that there are non profit staff.

[00:32:05.84] spk_1:
Yeah.

[00:32:24.34] spk_0:
And I feel like their appeal isn’t saying we like this one organization, you know, we’d like this one funder to change their grant application and we are previous grantees. So we have a level of knowledge. Like there isn’t any, uh, in my opinion, there isn’t any justification you need to do to say, yeah, I think people should have to show their salaries, you know, they

[00:32:38.34] spk_1:
Have, like six or 8 reasons why the salary should be shown. Uh, you know, it’s secretiveness creates suspicion,

[00:32:44.14] spk_0:
doesn’t I just I just don’t share that feeling. I feel

[00:32:48.15] spk_1:
like,

[00:34:03.44] spk_0:
um not the number of people that, like, for example, we have because we have talked on the website and the job board, we have a blog post about why we want people to to include their salary. Um, it’s common that folks that we don’t know or or we’re not first name basis, like community member, we know who they are will tag us in a tweet thread and include our blog post while they are trying to convince someone else. We weren’t even heard of that. We don’t know who these people are that are talking, you know? But they’re like, oh well and then to doesn’t here’s their article and you should really do this. So those people don’t even necessarily know who we are, but they’re using it to support their argument. And I feel like I don’t need to go into that twitter friends like, hello, I am a me I am in ceo these are all of the reasons why I get to exclaim this. And you know, I don’t I don’t know that. I don’t know that the campaign, like so many other campaigns is trying to say that the exclusive use of that hashtag are the eight collaborators on that website, right that like anyone can go appeal to folks that are sharing their salary and ask them to do it. You know that it’s it’s about the message. It’s not about the people who have the capacity to build the website and get it out

[00:34:29.54] spk_1:
there. It is. Yeah. As I said, they have six or eight reasons why you should should show the salary. Um All right. Maybe I’m just more traditionalist, but you know, secretiveness breeds suspicion for me. I would like to see a couple of

[00:34:31.27] spk_0:
names that

[00:34:32.06] spk_1:
Uh and then but then you say, you know, but in that case where you were citing, you know, in 10 gets broke. So other folks brought you in. So you’re they presume your credibility

[00:34:42.94] spk_0:
well. But I think it’s the same way where people that aren’t who I’m just saying that because that’s a random number of people, but like whoever was the friends who created that website, like people don’t need to know them in order to use the hashtag show the salary for saying, you

[00:35:00.54] spk_1:
know, and and to agree with the six or 8 reasons that they

[00:35:03.08] spk_0:
have, which

[00:35:07.04] spk_1:
is you’re all very cogent to me. I just I would like them to go a step further.

[00:35:11.34] spk_0:
Yeah. Ok. I hear your concern. I have nothing to do with them. So I can I will not pass this feedback to anyone. But

[00:36:01.33] spk_1:
you don’t know anybody. I don’t know. It’s like people say this is in confidence. I always say, well, I don’t know anybody to tell. Right? And a few people I do know that nobody listens to me anyway. So, so your your confidence is well kept with me. Don’t worry. Don’t worry about that. Yeah. Yeah, sure. You got my confidence. Absolutely. This isn’t confidence. Absolutely. Okay. Um bringing a little more down to uh, some actionable steps or if the if not actionable, at least, things that folks can consider. And I’m always grateful to you that we can use N 10 as an example. You have, you have the N 10 Equity Guide for nonprofit technology which is at N 10 dot org. And my suggestion after that was just search for Equity guide for nonprofit technology in

[00:36:05.24] spk_0:
your or its underneath the resources either way. Okay.

[00:36:29.53] spk_1:
It’s called the Equity guide for nonprofit technology and you have some things that you recommend there and I’m sure that intend abides by or at least tries to abide by as best as you can. Um, and the first one is that is sort of what we were talking about earlier. Don’t assume expertise in technology radio

[00:38:52.12] spk_0:
and I think that this gets a little bit confusing for folks because they are hiring for a position where whomever is hired saying is you tony I hire you. I know that so much of your day is going to be using these couple systems and I think I’m doing doing a favor to everybody by saying, okay, we really want somebody who already knows how to use these things, right. But it is unlikely that the way you use that database or the way you have set up your website or the way you use white books, you know, whatever it is, is exactly the same organization to organization. Um kind of what we were saying before, you want somebody who’s interested in ready to learn how you use your database and maybe you want somebody who is familiar with what databases do and are and has ever used a database. But the idea that it’s really important to hire someone who’s used that exact same suite of tools, it doesn’t, it’s just not realistic. They have not been customized the way your organization is customized people are using Salesforce in a way that is unrecognizable, Salesforce. That doesn’t mean that because they use Salesforce somewhere else, they automatically know how you’re using it. And all of those things, just as you said at the beginning or a teacher, we should be invested in teaching all staff, all of the technical things they need always, not just in their orientation, right? But technology training is all the time because technology is changing. And when we remove those pieces of focus from the job description, it allows us to really focus on what matters more. That’s less tradable, less teachable. And that is, you know, are you solutions minded? Are you interested in leadership and responsibility? Do you have experience with community engagement? Do you come from this community that we serve? I don’t know what things might be specific to the job that we’re all raised from in here in this example. But getting to elevate those other pieces that are maybe more about what somebody wants to do or has a natural inclination towards, instead of Can you click a mouse on the screen? Like we will teach you how to do that part, you know? But if you don’t like working with people, maybe that’s not the job because they’re clicking the button so that they can talk to people right? Like there’s something else happening in that job and focus on that instead

[00:39:10.22] spk_1:
related to that making training accessible. Uh, so, you know, I mean, to me there, those really go hand and glove. I mean, don’t assume a certain type of expertise and then you need to make the training accessible. And as you just said, you know, throughout, because technology is changing, it’s not

[00:40:45.21] spk_0:
just not everybody learns in the same way orientation. Uh just saying like, oh yeah, we made this internal wiggy and there’s a bunch of pages, How about it? Like not everyone can just go look at this wiki. They didn’t make themselves and learn from it. So know that however you’re going to invest in training, its investing in different types of opportunities to learn the same, maybe core functions so that people can engage the way that that works for them. And then take, for example, the way that we do this is we like to, you know, document things so that it is written down for people that like to have the guide of, okay, step one step to do some uh recorded a recorded screen where someone is clicking through doing the thing right? And then everybody brings their computer to a meeting and we all do it out loud together at the same time so that somebody can say I did a practice one of these before the meeting and now it’s showing me the screen and then everybody can look and you’re like, oh my screen looks like this, your screen looks like this. Let’s all learn what this error is, you know? Um and it means that of course it normalizes that everyone needs to learn these things and it isn’t just, you know, one person’s job, but it also creates this opportunity for really deep learning because we engaged in that so many different ways, you know, as a team,

[00:41:04.01] spk_1:
community learning right together. Yeah. Um you know, requiring equitable equipment policies and and that’s related to bring your own device,

[00:42:27.50] spk_0:
bring your own device, something we saw at the start of the pandemic, even beyond, Bring your own device was, you know, in an organization where there’s uh in use a very traditional hierarchy, people that were directors or above got to have Apple laptops. So when they said, okay, work from home, they were ready to go. The managers and below had desktop computers, so they were not ready to go, you know, um, and there wasn’t uh, acknowledgment of the inequity there. And I think that’s a very easy case in point where you can think about that. But we’ve received so many questions over the last 16 months of people saying, okay, well, now that our organization is convinced, then we can kind of kind of maintain a hybrid model going forward. They still haven’t changed the policies that say directors get a new computer every two years and everybody else gets one every six years, but my computer is dying, you know, and I don’t qualify. So the option I’m being told by my own or use my own, which of course isn’t, isn’t equitable is not a fair expectation, but it also creates all these other security vulnerabilities were now working off of machines that are part of the organization’s college.

[00:42:46.30] spk_1:
It goes yes, it is inequitable. It’s also high risk. Right? So, so the employee buys their own now, how do you know what else they have on it? It belongs to them. They are welcome to their privileged and entitled to put whatever they want on it. And how do you know? And what? So now what kind of devices, your data being stored on?

[00:43:22.50] spk_0:
Right. Exactly. And where are people accessing it from? You know, a number of organizations often try to address some level of security vulnerability by making sure that all of the staff laptops have a VPN and they know how to turn the VPN on, but then when they start using their tablet or their own personal computer to do that work in a different way, they’re not going through the VPN. So there’s just so many places where it undermines other efforts you have actually invested in because you are not thinking about what it needs to have devices for everybody that works for them.

[00:44:29.89] spk_1:
Yeah, yeah. And let’s wrap up with, and there’s, there’s many more, there’s probably a dozen different, if again, if not action, actionable items, at least items for you to think about and discuss all throughout the, uh, in this, in the intent equity guide for nonprofit technology. There’s a lot more than what we’re just the couple that I’m that I’m raising with Amy, that we’re talking about supporting remote work obviously, very timely, uh, enormously, you know, but um, everybody doesn’t have, uh, there’s not the same level of, of broadband access. We know this, I mean, you’ve been you’ve been active for years on the broadband equity. Um and now it’s part of biden’s infrastructure proposal. Well, how much of that will get past? Very uncertain, right? Some people only define infrastructure as macadam and concrete and bricks and mortar and beyond that, you know, they don’t want to know about infrastructure. So, you know, you can’t even assume the simplest things that so many of us take for granted exist among all your among all your staff.

[00:45:49.19] spk_0:
And, you know, I think what’s just so confounding to me is the number of organizations who last March said, oh my gosh, we have to work from home. So they didn’t, they worked from home, they work from home for over a year, and now they’re saying you have to be in the office to work, which what I hear when someone says that is that You do not believe work happened for the last 16 months, and I’m pretty sure that work did have, and it probably happened in ways that were better for each individual staff person managing their day and their needs and what else they had going on in their life. So if if folks have to be in the office, sitting at that desk in front of the screen to be quote unquote work came to me that says, you don’t think what can happen unless they are being surveilled while they do it, right? That realizing you’re stuck and you are definitely not working on this article you need to work on. So you’re gonna get up and like make a big fresh pot of tea that that’s not a part of your human management of your

[00:45:53.61] spk_1:
valuable to you.

[00:46:50.98] spk_0:
Right. Right. So, I think organizations that are pushing for this kind of return to in person are really hurting their staff. There are staff. We’ve already seen articles about staff are leaving on mass instead of returning because that’s not it’s the bar, right? Like we have said, the bar is I should be able to be a human that can be trusted to do my job and also live my life. And organizations that can’t respect that I think are not going to have the kind of, you know, talent and diversity that they may say they want. Um, and what I think is important to also acknowledges, there are people for whom working in the office is ideal for them because they can’t focus at home or at home. There are too many other demands on their time from family members or, or whatever else. But That one person working best in the office doesn’t mean everyone else has to be there. Exactly 9-5 with them, right. There should still be a way to support folks who are really great staff and just can’t be in the office, you know?

[00:47:26.88] spk_1:
Yeah. There are folks who want to be nomads now. You know, we, we can’t ignore what, what we learned over the past 16 months and what people have learned about themselves as well as what hopefully organizations learned about themselves and their people. These lessons, you know, these lessons are with us now for generations, right?

[00:47:31.78] spk_0:
And that’s our opportunity to learn from them and get better and grow versus hold on to an idea of something that also wasn’t working before the pandemic,

[00:48:23.97] spk_1:
right? But we just very few people have the courage. Very few organizations have the courage to attempt something different, okay. And they got forced into it to marches ago and we can’t ignore the lessons that we’ve learned and people are not, people are not going to be willing to take a step back. So yeah, if your organization is insisting, I would say especially now during the summer, I mean, if it’s maddening, I mean, uh, you know, I’ve had folks tell me that their offices go, they’re going back to the office starting in like mid june or july. It’s the summer for Pete’s sake. Nobody had any any summer in 2020. So if, if you have any humanity at all, at least wait until september or maybe even october. But even beyond then, right, you know, we’ve learned so much and people are not going to be willing to go backwards. And if you want, if you want to retain the best people, you know, some of them are going to want to be nomads. Now, some of them,

[00:48:33.52] spk_0:
you’re going to want to be able to be at home when their kid is sick and not have to take off work. Yeah.

[00:48:49.67] spk_1:
Okay. It’s, it’s equity, it’s tech, it’s hiring, its, its retention, it’s good policies

[00:49:01.37] spk_0:
and I think part of how we ended up going all over the place of this conversation is just a reflection of how interconnected all these things are and kind of directional. If you, if you can’t share your salary on your job description, you’re probably, what else are you hiding from people? Oh, now they’re hired. They probably don’t get to have a great computer that they choose, right? Like it’s all part of the same mess.

[00:49:32.17] spk_1:
Yeah, yeah. We only contribute 25% of health care premiums. Yeah, exactly. All right. All right. Thank you. Amy Amy sample award ceo of intent. Our technology and social media contributor. Uh, you’ll find her at AMY sample ward dot org and at Amy R. S Ward. Thank you for fun. Provocative, interesting conversation. Thank you.

[00:49:41.35] spk_0:
Thank you. As always.

[00:51:25.96] spk_1:
Next week it’s Jean Takagi returns. It’s Jean Takagi. Next week Jean Takagi returns with your one hour legal audit. Who writes this copy this middling lackluster coup. This is why I need an intern. I haven’t put the word out for interns lately, oddly nobody ever applies, but I need an intern to blame for this middling copy. So if you know someone who wants to be blamed, introduce them to me. If you missed any part of this week’s show, I beseech you find it at tony-martignetti dot com. Were sponsored by turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot c o. And by sending Blue the only all in one digital marketing platform empowering non profits to grow. tony-dot-M.A.-slash-Pursuant End in Blue. Creative Producer is Claire Meyerhoff shows, social media is by Susan Chavez. Mark Silverman is our Web guy and this music is by scott. Stein. Thank you for that. Affirmation scotty Be with me next week for nonprofit radio big non profit ideas for the other 95 go out and be great. Yeah. What?