Tag Archives: technology

Nonprofit Radio for January 17, 2022: Legal Outlook For 2022

Gene Takagi: Legal Outlook For 2022

Gene Takagi

Gene Takagi returns for a mix of checklist items and emerging trends. It’s a good time to look big picture at your HR investments, corporate docs and financials. Also, what to look out for in crowdfunding, donor disclosure, data protection, and more. Gene is principal of the Nonprofit & Exempt Organizations Law Group (NEO) and our legal contributor.

 

Listen to the podcast

Get Nonprofit Radio insider alerts!

 

Apple Podcast button

 

 

 

I love our sponsor!

Turn Two Communications: PR and content for nonprofits. Your story is our mission.

 

We’re the #1 Podcast for Nonprofits, With 13,000+ Weekly Listeners

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.

View Full Transcript
Transcript for 574_tony_martignetti_nonprofit_radio_20220117.mp3

Processed on: 2022-01-17T01:38:56.677Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2022…01…574_tony_martignetti_nonprofit_radio_20220117.mp3.559147057.json
Path to text: transcripts/2022/01/574_tony_martignetti_nonprofit_radio_20220117.txt

[00:02:10.34] spk_0:
Hello and welcome to Tony-Martignetti non profit radio big nonprofit ideas for the other 95%. I’m your aptly named host of your favorite abdominal podcast. Oh, I’m glad you’re with me. I’d bear the pain of proto psychosis if you infected me with the idea that you missed this week’s show Legal Outlook for 2022, Gene Takagi returns for a mix of checklist items and emerging trends. It’s a good time to look at big picture items like your HR investments, corporate docs and financials also though what to look out for in crowdfunding donor disclosure, data protection and more, jean is principal of the nonprofit and exempt organizations law group Neo and our legal contributor On Tony’s take two 50% off planned giving accelerator. We’re sponsored by turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot c o. It’s always my pleasure to welcome back Gene Takagi to the show. You know who he is. It’s almost it’s almost superfluous for me for me to do the intro. But but jeanne deserves it. He’s well credentialed and I want to make sure that he gets his due introduction. Gene Takagi are legal contributor and managing attorney of Neo, the nonprofit and exempt organizations law group in saN Francisco. He edits that wildly popular nonprofit law blog dot com, which you should be following and he is a part time lecturer at Columbia University. The firm is at neo law group dot com and he’s at jeanne, Welcome back.

[00:02:11.94] spk_1:
Great to be back. tony how are you?

[00:02:13.98] spk_0:
It’s always a pleasure. Thank you. I’m well happy New Year.

[00:02:17.99] spk_1:
Happy New Year.

[00:03:05.74] spk_0:
Thank you. And let’s, so let’s let’s talk about the new year. Um and just before we do I want to remind folks that not too long ago we have genes one, our legal audit which you might want to look back at. That was a sort of a condensed version of some of what we’re gonna talk about today. Although we have lots of new subjects to talk about today too. But there was the one our legal audit and also with jean recently Risk management Part one and then a different show. Risk Management Part two. So those are resources that you can look back at just from a couple of months ago and we’ll go into and and those go into more detail on some of what we’re gonna talk about today jean. Uh where would you like to start for the new year, throw it open, throw it, I throw it open to you. What would you like to start with?

[00:03:58.64] spk_1:
So it does seem like kind of this chance that restarting, getting reenergized and thinking about our organizations and where we wanted to go. Um Yes, we have to keep in mind some of those um risks that we talked about in previous shows but we also have to think about kind of where we want to go. What of our, what our dreams are um what our vision is for the organization? Had we properly captured it? Um, what is our mission? Is that sort of properly captured? Is everything because our environment seems to be changing week by week. It seems to be new stuff that comes up that we have to consider. Are we still on track with where we want to go? So having these sort of broader discussions. I like sending those organizational priorities for the new year.

[00:04:06.64] spk_0:
Okay. Okay. Um, what would you, what what priority would you like to start with?

[00:06:07.94] spk_1:
Sure. So, um, being the lawyer, I say, okay, let’s talk about legal compliance just to make sure we’ve got some systems in place, mission and values, which we’ve frequently emphasized them when we’ve had discussions about not just existing to further your mission, but to do it in a way that advances your values and if equity and inclusion of part of those values, then, you know, that’s something you should be thinking about as well, definitely considering some of the trends that are out there. And I know we’ll get into that a little bit later in the show, but also including kind of the times that we’re we live in and acknowledging that yes, we’re under the impact of Covid, which seems to be shifting constantly in both how it’s affecting us and how we might need to respond to it. The great resignation, which certainly isn’t completely unrelated to the Covid, but that is a huge trend and movement as we’re trying to figure out how do we keep our workers, are we burning them out? The mental health issues that are, you know, hitting pretty much all of us, um, from the isolation, remote, working from the uncertainties of health, from sick family members and loved ones and all of that and saying, well, are we going to be able to keep our team together? Should we be keeping our team together the way we’re working now? Do we need to shift our work practices? Do we need to shift what type of benefits for giving to them? All of those things have got to be sort of raised? And I would say raise at the board level, you know, together with the executives and senior management team. Let’s talk about it. Let’s brainstorm think about this and get what our organizational priorities are this year, because things can change rapidly and rapid change if you don’t have any plans um, to anticipate some of them don’t have contingency plans can force you into very, very stressful times where immediate actions are necessary and you can sometimes make bad decisions if you’re under that type of time stress. So

[00:06:18.63] spk_0:
then it because then it becomes a crisis

[00:06:20.30] spk_1:
right? Exactly.

[00:06:48.64] spk_0:
And and a crisis in staffing, especially knowing how hard it is to hire folks now, you know, you talked about, you know, keeping the team together or should we keep should we keep the team together? But, you know, I’m sure you’re seeing it with your clients. The difficulty in hiring, you know, you want to, that, that, that’s a, that’s a huge factor in, you know, do we have the right team? Well, putting the right team together, it’s gonna take a lot longer than it used to?

[00:08:01.94] spk_1:
Yeah, absolutely. And if you’re talking about retention, you got to figure out what are you going to invest in this? I know you want to, you know, provide as much as you can to your beneficiaries. But if you’re not really considering the team of people in, you know, on your team that are providing those services that are supporting those services, the whole thing can collapse. So just remember where your infrastructure and when your groundwork is and how important the human resources are in your organization to being able to deliver services and provide goods for your charitable missions. So really important not to neglect that. And that requires an investment both on retention and if you aren’t able to retain everybody and you need to recruit, you’re gonna have to be able to show what you’re going to invest in those new employees and give them time to learn. You can’t expect them to perform like experience people have, um, in the past. So it’s, you know, some patients, um, and definitely investment in education and training and orientation, um, and all the rest and again, um, to the extent that your executive is probably also overwhelmed with everything else going on. The board is really pivotal in trying to be able to come up with plans that help invest in their teams.

[00:08:10.44] spk_0:
This goes to legal audit the conversation we had a few months ago. You’d like to see a review of governing documents to.

[00:09:31.74] spk_1:
Yeah, I I always think that that’s a great thing to check out in the new year. Just even if you have somebody, you know, a higher up kind of a board member or where your executive or senior manager take a look At your articles and bylaws, even spending 30 minutes on it and saying is our mission really reflected in these documents or have we evolved into something else? And these documents are like stale and old and outdated now in that case those documents still rule. So if you have the I. R. S. Or a state regulator coming in audit you, if you’re not performing within that mission statement in your articles and bylaws, you could be acting completely out of compliance and worst case scenario, you can really threaten the organization through penalties, etcetera. So that’s something to take a look at. Also just take a look at a lot of organizations. I find out their their boards, they’re like, oh, you know, we forgot to elect them. You know, we, we, you know, we’ve had terms, you know of two years but they’ve been on for like 10 years and we’re happy with them. So we just don’t do elections that can be really, really harmful as well for multiple reasons. But you know, sit back, see what you’re doing and what you’re not doing consistent with your articles and bylaws. And if you need to change things determine that you have to change. And if you need the help of a lawyer, try to find somebody that can help you with that. And there are some good resources on the web as well.

[00:09:48.64] spk_0:
What’s, what’s one of the good resources?

[00:10:15.04] spk_1:
A little bit of a self plug because I’m a board member, but board source has excellent resources on board of directors, governance things of that nature. Stanford University also has excellent resources in terms of sort of template documents that are just a guide for nonprofits. It’s not one size fits all, but it just gives you a general idea about how some things operate. Um, so those are just too good resources to look at.

[00:10:18.35] spk_0:
And, and again, we, we talked about this extensively in the show called your one

[00:10:24.34] spk_1:
hour legal audit.

[00:10:30.14] spk_0:
You have some last one. You have some financial performance advice for the new year.

[00:13:04.74] spk_1:
Yeah. Well I think probably, um, most people take a look at their financials throughout the year on the board level and on the executive level. Um, but the new year, you’ve actually sort of completed your financials and they might not be, um, in final form yet, but you might have what some people call it pro form, a set of financials, um, sort of close to final, where you get to assess what you’ve done in the year, you know, for, for most organizations, this goes without saying, but you want to make sure that you’re performing in a way that you’re not becoming insolvent. So you want to make sure what your balance sheet looks like and whether you have net assets, um, if you don’t have net assets, that means that you are either insolvent or, you know, in the zone of insolvency, you have to think about how you’re going to address that very serious issue. And I would say you don’t have internal expertise on dealing with it, get outside help right away if that’s the case. But your, your statement of revenues and expenses as well, are you sort of operating what people call in the black so that there is, you know, some net income in there or are you operating in the red where you’re very concerned because you’re losing money, timing is always important. So it’s misleading to look at one year in isolation because sometimes grants are given in one year, but they’re actually uh received in another year. So the timing issue can pose different challenges about reading financials. So you want to be able to read it sort of collectively through a multi year period just to know where you stand. And again, if board members aren’t able to help an executive and the executive feels like they need some help with understanding financials, to reading financials invest in everybody’s training in this area and there are a lot of people, even pro bono, that, that are offering this training pro bono and a lot of resources on the web. So make sure you understand your financials and what they’re indicating. You don’t need to know every single financial ratio that you know, business people use, but just generally no. Are you healthy financially or are you trending bad? And if you have several years where you’re in the red, where you, where you’re not making money, it looks like you’re bleeding money, then that might be indicative of some change that’s necessary in order to make your organization sustainable on an ongoing basis. So again, you don’t want to hit crisis mode financially. So this is a good chance, take a look at your financials, not just last year, but over a multiyear period and see where you are, get help if you need it.

[00:15:08.54] spk_0:
We have a show that I replayed, oh, I think within the past six months, uh, the guest was Andy Robinson. So you could go to tony-martignetti dot com and just search his name Andy Robinson, but it was something like teaching your board basic financials and he wrote a book, I’m pretty sure it was published by charity channel, uh, with, with a title similar to that. So if you, and the show is a few years old, but reading financial statements and and balance sheets hasn’t changed much in probably 100 years. Um, so it’s just all in and out now now, it’s all in Excel. But uh, so if you’d like some help with that, there is a, there is a show where Andy Robinson was the guest talking about, you’re improving your boards, financial literacy. It’s time for a break. Turn to communications, your 2022 communications plan. Does it have lots of projects? Lots of writing projects? You can get the biggest projects off your plate and outsource them. Free up staff time to devote to the work that it’s not feasible to have others doing for you. Like the annual report, just because it’s been done in house in the past, doesn’t mean it has to be done in house this year. What about research reports, White papers, your other heavy lift pieces. Do you need help with writing projects in 2022, Turn to communications, your story is their mission turn hyphen two dot c o. Now, back to legal outlook for 2022 with Gene Takagi. Okay, so let’s talk about some trends then, jean, you have a, you have a case we haven’t talked about, we haven’t talked about an actual case for a while. Americans for prosperity.

[00:19:16.54] spk_1:
Yeah. So um that was a huge U. S. Supreme Court case at least huge for the nonprofit sector. Um, but with deeper implications for if I if I’m not over hyping it for democracy itself. So um so americans for prosperity, Foundation versus Banta, who was the California Attorney general basically it was about the schedule be disclosure of donors who donated more than $5000. So for nonprofits who know how to prepare their form 19 nineties, you’ll know that on schedule B of your form 1990. Eur actually disclosing to the I. R. S. It’s not public information. Um But it’s to the I. R. S. The name and address of your donors who donated more than $5000. Now that hasn’t changed, you still have to disclose it to the I. R. S. But certain states, including California where volunteers from as the attorney general um New york I believe New Jersey I believe Hawaii also included Um all asked for a copy of the 990 including an unredacted schedule B to be given to the state regulator because they also want to look at that information for state law compliance purposes. A lot of them are concerned about donors who give money but get something back in return that’s not being disclosed. So if they ever have to have an investigation of that, that information turns out to be very helpful to the state to be able to say ah they were giving money but they also took in this huge benefit, this huge contract for example, which you know, reap them millions of dollars. Um So there was a legal case um that went up through the courts um finally hit the U. S. Supreme Court and the A. G. Lost here, The California G. Um So the court decided and we know the court’s composition is fairly conservative right now. The court decided that uh the states don’t have this right. Um It was based on the fact finding of the lower courts which is a little bit unfortunate because if the higher court could have considered more facts, then it might have been decided a different way but based on kind of how how our legal system works and and and how the Supreme Court works and the composition of the Supreme Court. They held that, hey this is not disclosed able to the states essentially that’s the impact of it. The broader impact on why I said democracy might be uh issue here is because well what about sort of campaign finance disclosures? And what about the I. R. S. Should they be entitled to that information as well? So it’s really helpful in compliance. But the counter argument and why some organizations charities, we’re also um not in favor of the disclosures is because of the protection of the donor. And the old case cited um in this part of the argument was an N double A cp case that said, well, if we disclose our donors, the KKK had threatened to kill all of them. Um And you can see why privacy was important in that issue and this issue, it was nothing like this. I think it’s a Koch brothers, um, kind of funded charity. They wanted really to keep their identity, um, more hidden because they have desires to influence politics in many ways. And if it always gets associated with them, then the impact lessons. So if they can look like they’re ground swells of movements that are funding these things rather than individual donors, um, it looks better for for what they’re trying to do. So that’s, you know, that’s what’s at stake here is not only are the state’s not allowed to get this information that would really help them in state law enforcement of whether there’s diversion of charitable assets that benefit

[00:19:29.74] spk_0:
donors. But

[00:19:30.15] spk_1:
in the broader sense, are we going to allow more dark money to enter into our political systems without knowing that there are donors, heavy donors that back these, you know, politicians or political parties or political movements. So that’s the scary part about this decision.

[00:19:57.94] spk_0:
What’s the, I think infamous Supreme Court case that that allowed the allowed the dark money into, uh, into politics. United

[00:20:02.73] spk_1:
Citizens. United

[00:20:27.54] spk_0:
United. Yeah. Um, All right. All right. And so I just want to repeat this. So this case that Gene was just talking about is americans for prosperity Foundation V. Banta B. O. N. T. A. What about crowdfunding you, you point out that there’s a new crowdfunding law. Hope is this a little more optimistic? I hope?

[00:21:22.54] spk_1:
Uh, well, depending upon how you look at it. And I think in one sense it’s inevitable. Um, a lot of our laws that are developed regarding fundraising, um, don’t even, and never anticipated the internet, right, johnny. So, uh, you know, now crowdfunding platform is, you know, not just the internet, the use of the internet, but it’s a lot of different for profit companies getting involved, um, to enable charities and organizations and people who are not charities to raise funds that look like they could be for charitable purposes, Right? So you want to help victims of a fire, but you want to help them directly, because some individuals said, I want to start a Go fund Me campaign, right? And say, well, you know, chip in 50 bucks and let’s try to get these people some help doesn’t, that doesn’t go through a charity. Often it just goes to this person, right, who promises to give these other people money

[00:21:35.90] spk_0:
and go funding the person’s goodwill. Honestly, yeah,

[00:21:58.14] spk_1:
Go fund Me is, you know, reacted to this and they’re probably the biggest crowdfunding platforms. So they’ve reacted to this in terms of having their own internal policies to help prevent a check. But overall, there’s, you know, hundreds, if not thousands of crowdfunding platforms out there that do this to make a profit. Um, and they may not have those types of controls or checks to not to just, you know, prevent somebody from saying, let’s raise money to help fire victims and then just keeping it. Um, so,

[00:22:11.97] spk_0:
what, what, what is the import of the law for, for us?

[00:23:21.34] spk_1:
So I think the import of the law is, if you’re going to get on and decide, hey, we want to do crowdfunding, um, you’ve got to select your platform provider carefully and this law, which is in California, but is likely to spread across different states in various forms, says, well now, if you’re gonna do that, you’ve got to make sure that this crowdfunding platform is registered. Um, and they’re reporting and there are all sorts of rules involved. So if you have a contract with them, it should be subject to these rules that might say things like, well, if they collect money, they have to give the money to the charity within a certain time period. Right? So they couldn’t say, well, it takes this administration, so maybe a couple of years before you get that, you know, nobody’s gonna be happy with that, but without rules, why not? Um, so these are, this is why it’s important for charities to have rules. The actual details of the rules. So I can see why some people have some, some issue with them. And we haven’t had all of the regulations yet, they’re still in discussion. So this is very, Still very trending, but the crowdfunding law, the law, the general law that’s in place now will become effective in California in 2023, and the regulations are being developed right now,

[00:23:58.04] spk_0:
let’s turn to remote work, which is obviously so much more common now. Hybrid work, you know, return to work dates are being pushed off and off. Um What what are what are what are what trends are you seeing? What should be on, will you be on the lookout for with respect to uh remote work and employment law issues?

[00:25:10.84] spk_1:
Yeah, it’s, you know, this is a really tricky area. Um you know, for sure, Covid where people were suddenly not permitted to to go indoors in some cases for months. Um and who knows if, you know, we’re going to return to some of those scenarios with the omicron variant out there, We’re hoping that it’s less um severe in terms of its impact, even if it might be a more transmissible, but if we if we keep worrying about this and saying, you know, our workers aren’t comfortable coming to work, even if the law allows them to come to work. Um Maybe we’re going to let people work remotely, and many of us have gone full remote, some of us have gone back to partial returns, some have gone back to full returns and then gone back, you know out the other way and said, okay, you know, it’s at the workers discretion whether they want to come in or not. So what makes us a little bit tricky. Um is that you don’t control the work environment as the employer, if they’re working at home, right? Um but that becomes the work environment, if they’re doing work from home, that’s their work environment, and, you know, the employer is responsible for the work environment if they should get hurt, for example,

[00:25:22.94] spk_0:
um

[00:26:56.24] spk_1:
So it becomes a little bit tricky about, well, how do you, how do you handle that for workers comp reasons, for safety reasons, for OSHA reasons? Um and I think there’s an understanding by regulators that, you know, this is out of control of most small businesses, small charities and, you know, to to that extent, we’re not really gonna look to enforce things on that level, but there are other things that, that are also concerning, because not everybody goes when, when they decide to work remote, we work in the same city or in the same state, right. A lot of us um have decided to, you know, maybe move back with family, which might be in another state. In some cases it could be another country, or some of us have decided to travel and spend a little bit of time, you know, in different places. Um So how does allow treat that? And basically, you know, the old rules, which are the rules, many of us are stuck with. Um the old rules are, well, you have to comply with the laws where the worker is doing the work, so if you have a worker in new york who’s now working remotely and came out to florida, well, then all the employment rules regarding worker safety and wage and hour laws and salary, overtime, sick pay benefits, all the florida laws apply to that worker now. Um, and so now it’s like, well, you’ve got to work in florida, you’ve got to think about, are you qualified to do business in

[00:27:00.21] spk_0:
florida,

[00:27:36.94] spk_1:
charity registration in florida? Um, and you may have had no connection to florida before, but all of a sudden you have a worker working there. Um, so a few states, um, and they’re not very many, but a few states that said, well, you know, during covid, we’ve got these temporary rules where we’re relaxed, where you don’t have to do that. And there’s also state tax issues, right? State payroll taxes, and, and other times, all of those things, some states said, you don’t have to worry about it. A lot of organizations are simply not complying with, But,

[00:27:37.49] spk_0:
but you said it’s only a handful of states that said, we’re we’re we’re not enforcing

[00:27:42.14] spk_1:
right. Exactly.

[00:27:43.33] spk_0:
The majority of

[00:29:01.34] spk_1:
states are, Yeah, well, I shouldn’t say they’re enforcing, but they haven’t the old laws or the existing laws still apply. There are no transition laws, so you’re out of compliance. And if they do enforce, which might not be like a, you know, a regulator coming out to you and saying you haven’t done this, it may be your employee is unhappy with something you’ve done, who’s working there and said, hey florida law applies and you haven’t been complying with the florida sort of benefits laws that, that apply. And maybe I could give you more specific example because san Francisco, if you came out to California, your remote employee came out to California, san Francisco has mandatory six hours and not a lot, a lot of states don’t have sick our pay. Um, but all of a sudden if you’re not paying them and they get wind of that, hey, you were supposed to pay me for this and you haven’t been, it’s the employee who could launch the complaint. Um, so it’s just to be careful of these things and, and just as your strategy for charity registration, tony when you’re sort of fundraising all over the country to, to, you’re not going to be able to maybe do all 50 states at once, but just to make sure you’ve got a plan to attack this kind of the same thing here. Um, check out where your employees are, you should know exactly where they are and check each state in terms of how strictly, maybe in terms of enforcing this and start to slowly comply

[00:30:12.74] spk_0:
the implications of state law. Yeah. What about the technology remote work? I don’t know if that’s all been figured out yet and maybe there were, maybe there were stopgap measures during the, during the, the darkest part of the pandemic, but but going forward, you know, tech technology has to be, has to be upgraded. You know, are we gonna, we’re gonna continue providing work phones? Are we going to provide work laptops? What about paying for internet access over the long term? I mean, you know, the internet access can be costly. And if if work is taking up a lot of the bandwidth, isn’t it appropriate for an employer to be paying a portion? And then how do then how does the, how does the, what’s the mechanism for the employee verifying how much they pay and you know, and then what percentage are we gonna cover of that, all the all the technology issues around, around remote work.

[00:30:58.44] spk_1:
Yeah, def definitely. And and as an as an employer, I would say, beyond sort of any legal compliance issues, um, you’ve got a, I think an ethical issue to make sure you’re providing your employees with the tools to do their job. And if you’re allowing remote work, you should make sure that they have the tools. So if they need a computer to be able to access it, so they’re not, they’re not using their personal computer. Um then you should make sure that happens same thing with the telephone. And if, you know, if those are going to be dedicated to work, um it should be explicitly written out that way. But if you force them to use their personal things, there are some states that actually do have laws that say you must reimburse your your employees if they’re using the tools that they need um for for remote work, but just ethically. Yeah.

[00:31:18.74] spk_0:
But then that’s then that raises security issues too. Absolutely. They have any kind of HIPPA protected information on their personal laptop. That’s gonna be a big problem. That that’s I think that’s probably a mistake if you’re dealing with that kind of data. But um

[00:32:01.74] spk_1:
and don’t we probably all have that type of stuff on our personal computers, right? You know, sort of HIPPA protected? We may have had emails like that are saved onto our computers. Um Right. So if if the computer is also being used for work and there’s a work issue that causes that data to be taken or corrupted, like, you know, what’s the employer’s responsibility if they hadn’t provided an alternative, it’s a great point

[00:32:50.94] spk_0:
and and it’s not only hip hop data, but other other personalized data that that maybe on now the personals, the employee’s personal computer, desktop or laptop or phone, you know, how is that? How is that private private data protected? Do they have malware prevention on their on their personal devices so that so that company emails that they’re that they’re using on their personal device aren’t potentially compromised. I mean, the use of the personal equipment raises a lot of technology and and Legal privacy and ethical issues to your right. I mean, if the person is eight or 10 hours a day, they’re using their personal laptop, shouldn’t there be some compensation for that?

[00:34:46.94] spk_1:
Yeah. And I think minimally because no matter you know how much we encourage people to have sort of work dedicated computers provided by the workplace, people are going to use their personal phones. I mean we can go back to the politicians who have all been using their personal funds. So we know it happens regardless of what the best practices. But what can the employer do, they can pay for all of that data protection stuff that that computer should have. Right, tony because now it has much more sensitive information on there and the employer is partly responsible for some of the other information that could be on there and hack. So yeah, employers should help. And that kind of leads us to the whole data security issue as well that everybody’s got to be paying attention to now is really um nonprofits have important data in their system. Some of it is, you know, hipaa protected some of it is other privacy information. You may have employment reviews on there that you don’t want going out into the real world or client, you know, feedback which might be positive. Some of it might be negative sensitive communications, all sorts of stuff that you might find on a work computer and if it gets hacked and if that data gets stolen or if somebody holds the system which might run your programs or aspects of your programs if they cause your system to crash and say that they will only sort of fix it because they’ve hacked and caused the crash. If you pay a ransom, you’ve got all sorts of problems. Uh and maybe some of that may have been mitigated with some basic steps like you mean you’re not going to be, well even the U. S. Government can’t prevent all hackers. I think we we know that, but you can take reasonable steps based on your budget, whatever that might be to to control some of this. So it really is important to have some safeguards.

[00:34:55.74] spk_0:
Another potential category of data is the G. D. P. R. Data. If if if your nonprofit is implicated at all in in that european common law law then or the yeah then then you’ve got those concerns as well.

[00:35:08.94] spk_1:
Yeah, absolutely. So if you have european donors or you’re doing business with any european entities and you have data from those entities or persons be careful and again, remote working can trigger some of that. So if if they decided to, you know their home or or they want to travel to europe and do their work from there.

[00:35:28.74] spk_0:
Um,

[00:35:29.74] spk_1:
all sorts of implications.

[00:37:44.03] spk_0:
Yeah. Absolutely right. People very good point where where people are sitting and where they’re planted when they’re working, It’s time for Tony Take two We’ve got 50% off the tuition for planned giving accelerator. That’s because just last week A donor stepped up someone who believes very deeply in planned giving accelerator and he is offering to pay 50% of the tuition For the 1st 10 nonprofits that take him up on his offer. A couple have already done it as of the time I’m recording, but there are several spots left. So if you’ve been toying with the idea of planned giving accelerator, it’s never going to be cheaper than 50% off. What the way this will work is. You’ll pay the tuition in full, which is $1195 for the six month course. This donor will then make a gift to you of half of that. So you’ll have a new donor, he’ll pay half your tuition. So it ends up being 50% off the full tuition cost. I know the donor, it’s someone I trust you have my word. Your final cost will be half of the full tuition if you’d like to jump on this and be one of the members of what is now our february class. I want to give people enough time for this because it, it just came in last week. So I’m extending, we’re, we’re not gonna start the class until february if you’d like to be part of that february class At 50% off email and we’ll, we’ll talk about planned giving accelerator and whether it can help you launch your planned giving program. Mhm. tony at tony-martignetti dot com. That’s me. That is Tony’s take two, We’ve got boo koo but loads more time for legal outlook for 2022

[00:38:01.22] spk_1:
one and one of the tools to think about and I’m a little bit guilty of this as well um is be careful of public wifi um because that often is an entryway for a

[00:38:03.83] spk_0:
hacker. Yeah, that’s totally unsecured airports, airplanes,

[00:38:09.89] spk_1:
coffee shops,

[00:38:13.42] spk_0:
coffee shops, Starbucks, wherever those are, all unsecured networks.

[00:38:29.32] spk_1:
Right? Meaning that there is the potential for somebody in there who has some malicious intent if they want to be able to hack into to your computer through that public wifi. Unsecured wifi. And there are different systems um but maybe one of the simplest for for those of us who have smartphones, which I think is most of us is you could actually create a sort of a private wifi just

[00:38:52.92] spk_0:
for your smartphone, right? Hotspot? Hotspot and don’t use the unsecured wifi to connect to, you know, use the uh the four G or five G or the five GHZ et cetera.

[00:38:56.17] spk_1:
Right? And that’s something an employer could pay to make sure that the employee has significant data and data plan that can incorporate all the additional data that they may need in their plan because of the work. So again, that would be reasonable and and ethical for the nonprofit employer to pay for their employees to have a higher data plan. Um, if they’re going to to use that and insist as a policy that they do not use public wifi. If they’re using a work computer or a computer that contains work and sensitive information,

[00:39:36.52] spk_0:
all you need is to transmit an email on, on an unsecured wifi that that has a donors credit card number, maybe

[00:39:38.77] spk_1:
native

[00:39:58.12] spk_0:
birth address, name any, any two of those things together, uh, hacked could be very detrimental to that donor. And you know, whether it ever gets traced back to you is is uncertain, but you’ve, you’ve put your donors privacy at risk in a simple email that has any two of those pieces of information.

[00:40:04.31] spk_1:
And it appears to be a myth, um, when people have relied on, they’re not going to go after us because we’re nonprofits, people don’t go

[00:40:12.29] spk_0:
after. Oh, that’s bullshit. Oh, that’s ridiculous.

[00:40:14.57] spk_1:
Right?

[00:40:22.61] spk_0:
I’m working with a client now that, that is a, is in new york city that’s, that’s, um, victim of, of a malware, uh, ransomware, so brought me a ransomware attack.

[00:40:27.61] spk_1:
Yeah.

[00:40:40.41] spk_0:
And they’re keeping it quiet so I’m not permitted to say who it is. But um, yeah, they’ve, they’ve been, they’ve been hindered for weeks and weeks with data accessibility issues.

[00:40:42.71] spk_1:
Yeah. And it’s much more common than we think because organizations do want to keep it quiet because if there is a vulnerability, they don’t want to come and say other hackers come come and attack us, we’re vulnerable. So it may be much more pervasive than we think

[00:40:57.61] spk_0:
and that myth also breaks down along ideological

[00:41:00.04] spk_1:
lines.

[00:41:21.61] spk_0:
Some some person on the left may may attack an organization on the right. Some person on the right may attack an organization on the left just because of where the organization stands with respect to the person’s political and ideological beliefs that that that’s enough. It doesn’t matter that you’re a nonprofit. It’s it’s your ideology and your mission. It has nothing to do with your tax exempt status as to why somebody would or wouldn’t go after you.

[00:41:28.41] spk_1:
Yeah and um in these times that those ideological differences have been very um pronounced and. Yeah.

[00:41:41.11] spk_0:
Alright where else should we go? Gene with trends, trends for the new year. Come on.

[00:44:24.69] spk_1:
Um Let’s talk a little bit since we’re talking about technology and data security. Let’s talk a little bit about crypto currency because I find that pretty fascinating. Um There was an organization that came together and bid $40 million on a copy of the U. S. Constitution just a few weeks ago. Um That money the $40 million plus more I think about 47 or $48 million was raised for that purpose in less than two weeks. Um So um Cryptocurrency donors um often have made a ton of money because of the appreciation of cryptocurrencies like. Bitcoin for for those who aren’t super familiar with it. Um And if you donate Cryptocurrency, it’s like donating a non cash asset, meaning that if You bought crypto currency for $1,000 10 years ago and it’s worth now several million dollars, which if you bought the red Cryptocurrency, that might be the case if you sold it, uh you would have a lot of taxes to pay on that appreciation right? The several million dollars of appreciated income that would be subject to capital gains tax. Um So if you sold it and donated some of the proceeds, that would not be a very tax efficient way to donate. When if you donated the Cryptocurrency itself, what you do is you get to take a fair market value deduction of the several million dollars. So you gave several million. So potentially you could deduct that is a charitable contribution and pay no capital gains tax because he never sold it. Um So very tax efficient way of giving um And Cryptocurrency people, wealthy millionaires and others who decided that they wanted see some positive impact um from giving these gifts are are making gifts of Cryptocurrency now and that’s that’s partly why I am so many gathered together to say hey we’d like to fund a charity to buy a copy of the U. S. Constitution so that we can ensure that this constitution is always for the public’s benefit and on public viewership and not sitting in somebody’s house, you know for for their own prestige. Um But that really opens it up, cherish. Think about there’s a lot of these people who made quite a bit of money on Cryptocurrency and a lot of younger people are investing barely heavily in Cryptocurrency now. So it’s something to not sort of blow away if we’re um kind of our age or older, tony to say, Cryptocurrency, what is that? It’s it’s something to really embrace now because it’s it’s not just this exotic tool now, it’s part of regular investment portfolios.

[00:45:56.79] spk_0:
Absolutely, it’s it’s it’s coming and and jean this dovetails perfectly with Our November 15 show of 2021 Bitcoin in the future of fundraising with my guests who are an Connolly and Jason shim who wrote a book Bitcoin in the future of fundraising. So, um it’s do you it’s just more, more sage advice that crypto donations are coming. It’s not a matter of if it’s just when are you gonna get on board now or you’re gonna wait two more years and potentially be behind the curve. Um and as an and Jason pointed out today, there are so few organizations accepting crypto that a lot of people are just searching for. Where can I donate? Cryptocurrency and probably largely, Gene for the reasons you’re describing there, They’re looking for a direct crypto donation to help them with substantial capital gains. Are there specific legal implications of crypto donations that that we need to be aware of or or is it just, you know, you just want folks to know that this trend is, it’s in the middle, it’s happening right now.

[00:48:15.97] spk_1:
So I think, you know, one of the reasons why charities are afraid to take Kryptos because they don’t know what laws apply when they receive the crypto. They’re like, what do we do with this? Um, and there are ways to easily cash that out and turn it into us cash. And in fact, most charities that accept crypto and they’re not a lot, you’re right, tony but most carriers that accept them liquidate them immediately turned them into cash and deposited into fiat currency, like regular paper currency, um, in their bank accounts. Um, So they’re not holding onto the crypto very long at all. One of the reasons why that’s, that can be very important is because there are prudent investor rules for charities that don’t apply to for profits that basically say if you’ve got investment assets, charities, this is not just endowments, but just any sort of investment assets for reserves or for a capital fund or anything you can’t invest. It speculatively, you couldn’t just throw it all in like Apple stock, um that would be too speculative. You have to look at it, uh, through what financial professionals, investment professionals called portfolio theory, are you sufficiently um, have an investment portfolio diversified across several different asset classes? So if one bombs, you haven’t tanked all of your money. Um, and the board of directors have a fiduciary duty to live up to the prudent investment laws that also sort of follow this portfolio theory of how how have you actually divest? Sorry? Um diversify Yeah. Um your your funds across different investment classes to protect yourself and there are different considerations that go along with that. Um But that is one reason why you don’t want to get stuck with all of your investments being in crypto because crypto maybe one of the most volatile type of investments where it can double in a matter of days and it could tank and disappear in a matter of days as well. So depending upon what type of Cryptocurrency you have and there are hundreds if not thousands of crypto types of Cryptocurrency um that have evolved in a lot of people and organizations that are making new coins all the time. So new new forms of Cryptocurrency arising and while we talked about crypto as being a part of more investment portfolios as a normal part of of investments. Now it’s not every Cryptocurrency that would be in that it’s certainly one

[00:48:47.07] spk_0:
1000 right? Some of these thousands trade for thousands of pennies, Thousands Yeah thousands of pennies even you know .0001 three zeros and a one is you know is the value of the currency. Um So. Alright that’s perfect as I said, perfect dovetail to that to that uh that november show because you’re you’re raising the prudent investor rule and and uh portfolio theory.

[00:50:07.66] spk_1:
One more thing on this, tony the forms the I. R. S. Forms for when you get Non cash contributions of more than $500. And how quickly you sell them. Um Also applies to form 82 83 is what the donor needs to sign when they give a non cash contribution of over $500 of over $500. And if it’s over $5000 which many crypto gifts are, they have to get a qualified appraisal for this. So that’s really important. And the Dhoni which is the charity has to sign that form for the donor. And then if the donor the Dhoni, I’m sorry the charity sells it within three years, they have to sign a form 80 to 82. Yeah so that’s again it’s not terribly hard. It sounds like a lot of just legalese I’m blabbing out but it’s not too hard but just take a quick look at those. If you decide that you want to start getting Cryptocurrency and at worst you might ask your donor to find a donor advised fund that takes crypto turns it into cash and then disperses it to the charity. So there are donor advised funds that do that

[00:50:15.76] spk_0:
interesting. Okay so so a Cryptocurrency donation is a non cash donation

[00:50:19.90] spk_1:
correct?

[00:50:58.76] spk_0:
Okay and for non cash donations of $500 or more, That’s where your your donor has the implication of i. r. s. Form 82 83. And you as the charity if you sell it within three years which your advice is that they do because it’s of its volatility Then you’ve got the implication of i. r. s. Form 80 – 82. I always thought those were backwards. The donors should have 80 to 82 because that comes first. Then comes 82 83 from the don’t to the Dhoni first the donor has it. Then the charity should be 80 to 82 82 83. But it’s not It’s 82 83 for your donor and 80 – 82 for you.

[00:51:06.16] spk_1:
That sounds like larry david logic. But that’s how I think as well.

[00:51:10.58] spk_0:
Yeah. I’ve been accused of being larry David in lots of ways. Including my my hair when it’s long like it is

[00:51:16.23] spk_1:
now. I’ve

[00:51:33.46] spk_0:
been accused of looking like Larry David. But we’re not complaining, we’re helping. That’s all right. Um Alright let’s leave us with something else. Another trend for the new year that you want us to be thinking about gene. Um

[00:51:36.96] spk_1:
Let me talk a little bit about diversity equity and inclusion. Since we’ve we’ve talked about that in the

[00:51:42.21] spk_0:
past. You could search jean and I have talked about D. I a bunch of times. But

[00:53:46.05] spk_1:
yeah please. You know I think in combination when we talk about the great migration and how the pandemic might be affecting different populations in different ways that we start to think again about kind of? Well if our charity is doing some some mission and we might not think of that mission as being really reflective of of specific races or or anything like that. Um But could D. E. I. B. Important anyway. And I think that’s where we get to think about. Well if we had more perspectives in our organization, if if we’re lacking some of those perspectives now, for example not having a lot of latin thinks Hispanics or blacks or asian americans on the board or in the leadership group, maybe we’re not really thinking about how our services that we’re delivering are affecting different populations differently. Maybe we’re just sort of providing services but we’re focused on urban centers or urban centers where if we’re center based, our center based is in neighborhoods that are much more accessible to uh white populations versus other populations. So getting different perspectives, even if we think of ourselves as being race neutral, which is kind of a charged term. But I’ll just use it for for these purposes. If we think some of us think of ourselves as race neutral and therefore we don’t have to get involved in the D. E. I work. We want to say, well don’t we care about serving our population in a way that’s kind of fair and not just favoring one segment over other segments or just totally neglecting certain segments of the population because they don’t have the same type of access. Have we ever thought about those things and having diversity can help us think about those things. Um, but it has to be done obviously in an inclusive way, which we’ve talked about and I know we just have a few minutes here, but it’s

[00:54:03.34] spk_0:
sort of it’s touching on, you know, not knowing what you don’t know without without having the perspective of diverse populations on your board, in your leadership, then you don’t know how you’re not serving other non white populations. Yeah. And even when we were perceived by other by by non white populations.

[00:55:32.64] spk_1:
Yeah, exactly. And even when we say, well when we look at a group of people and we say diversity, you know, that has one meaning. But sometimes when we just look in our inside our own heads, uh, and when people go unconscious bias, for example, try to think about what that is. It’s like, well if we don’t have the benefit of having different perspectives are being exposed to that all of our lives and none of us have all of the perspectives in our lives. So we were all going to be guilty of some sort of unconscious bias because we just don’t know any better. We we haven’t had other information that would have help develop a sensitivity or understanding or just knowledge of some of the disparities that are out there. So, and and how our organization can be either helping those disparities or hindering them. So just getting a sense of where we’d like to go. I think that can improve employee retention. It can lead us to new areas of employee recruitment and it can make us more relevant as organizations in the future, where if we’re not addressing some of these things, we could find ourselves becoming irrelevant less attractive to future donors, especially younger donors who this is very important to. Um, and so that’s my, my closing thought. Mhm.

[00:55:48.24] spk_0:
All good thoughts for uh, for the new year for 2022, Gene Takagi are legal, legal contributor, Managing attorney of Neo. You’ll find him at nonprofit law blog dot com. He’s also at G attack and you’ll find the firm at neo law group dot com. Gene again, thank you very much. Happy New Year.

[00:55:57.39] spk_1:
Happy New Year. tony

[00:56:47.13] spk_0:
next week. I’m working on it very diligently. If you missed any part of this week’s show, I beseech you find it at tony-martignetti dot com. We’re sponsored by Turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot c o. Do you need help with any of those ready projects in 2022? Get them off your plate. A creative producer is claire Meyerhoff. The shows social media is by Susan Chavez Marc Silverman is our web guy and this music is by scott stein. Mm hmm, thank you for that affirmation scotty Be with me next week for nonprofit radio big nonprofit ideas for the other 95%. Go out and be great.

Nonprofit Radio for January 10, 2022: Nonprofit Software Vulnerability With log4j

My Guest:

Joshua Peskay: Nonprofit Software Vulnerability With log4j

Happy New Year! There’s a software risk gaining attention and there’s a good chance you’ll need help diagnosing and repairing it. You don’t need to horde gas, cash and toilet paper. Just be aware and do the repair. Joshua Peskay, from RoundTable Technology, sorts it out.

 

 

 

 

 

 

 

 

 

Listen to the podcast

Get Nonprofit Radio insider alerts!

 

 

Apple Podcast button

 

 

 

I love our sponsor!

Turn Two Communications: PR and content for nonprofits. Your story is our mission.

 

We’re the #1 Podcast for Nonprofits, With 13,000+ Weekly Listeners

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.
View Full Transcript

Transcript for 573_tony_martignetti_nonprofit_radio_20220110.mp3

Processed on: 2022-01-07T15:56:41.833Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2022…01…573_tony_martignetti_nonprofit_radio_20220110.mp3.687498576.json
Path to text: transcripts/2022/01/573_tony_martignetti_nonprofit_radio_20220110.txt

[00:00:10.04] spk_0:
Hello and welcome to tony-martignetti non profit radio

[00:01:11.84] spk_1:
Big nonprofit ideas for the other 95%. I’m your aptly named host of your favorite abdominal podcast. Oh, I’m glad you’re with me. I’d suffer with Producto Sigmoid itis if you inflamed me with the idea that you missed this week’s show, non profit software vulnerability with log four J Happy New Year. There’s a software risk gaining attention and there’s a good chance you’ll need help diagnosing and repairing it. You don’t need to hoard gas, cash and toilet paper, just be aware and do the repair Joshua pesky from roundtable technology, sorts it out And Tony’s take two. Thank you jean and Amy sponsored by turn to communications. Pr and content for nonprofits. Your story is their mission turn hyphen two dot c o.

[00:01:45.14] spk_2:
It’s a pleasure to welcome back Joshua pesky eh he has spent nearly three decades leading technology change for over 1000 nonprofits. It’s especially dedicated to improving cybersecurity in the nonprofit sector and works regularly with at risk organizations to address digital security challenges. He regularly presents and teachers on topics including technology strategy, cybersecurity project and Change management. You’ll find him at Joshua pesky a and the company is roundtable technology, Joshua. Welcome back to nonprofit

[00:01:54.14] spk_3:
radio It is an absolute pleasure to be here. tony Thank you so much for having me on.

[00:01:58.17] spk_2:
Oh, it’s it’s my pleasure to and it’s been the three years or some since, since 18. NTCC

[00:02:05.47] spk_3:
when you were Yeah, which was that the no that was the second to last in person in TC they did the 2019 1 and then it’s been virtual since Yeah,

[00:02:14.24] spk_2:
2nd the last yes

[00:02:16.74] spk_3:
and Happy New Year. Happy New Year to you as well. Happy holidays to you and all your listeners as well.

[00:02:26.24] spk_2:
They’re our listeners today. Not my listen, they’re ours share and share. That’s fair. Our listeners.

[00:02:30.24] spk_1:
Um all right.

[00:02:42.74] spk_2:
Log four J potential security vulnerability that uh, well it is a security vulnerability that nonprofits potentially have give us the, the the 30,000 ft view before we dive in. What, what is this log for? J?

[00:05:43.74] spk_3:
Yeah. So log four J. First of all, on a technical level is a java based, that means the programming language that it’s written in his java and it’s a logging utility that is used predominantly on servers on what are known as Apache servers which run just a huge amount of the things that run on the internet. And this logging utility um, is a little bit of code that developers used to log things that happen on the server and then generate reports or create actions to help them identify bugs or other things that would go on. So that’s what log four J is and it’s very, very widely used. Um, and unfortunately it was disclosed, I think around December 10 was when it became public knowledge that there’s a pretty rough vulnerability in it that allows an attacker to essentially take control of a server that is running log for J in an incredibly simple way. And the organizations like the center for Information security um and the cybersecurity and infrastructure security agency or cisa um they use this um terminology called si ves which is common vulnerabilities and exposures I think um I always forget what that stands for. Um yeah, common vulnerabilities and exposures are cbe, they have ratings of like 0 to 10 for how bad it is. So zero is like that’s not too bad. 10 is this is Armageddon and this is a 10 and the reason it’s a 10 okay, is twofold in the most simple way. One is that it’s a actually, I’ll say three. Okay, there’s three reasons. One is that it the vulnerability is the most, the worst thing possible that the exploit of the vulnerability allows complete takeover of the system that is exploited. So if your server is running this log four J utility and I can send it a single packet of data, I can take it over and now do anything I want on that system. So it’s really bad. Second is that at a rough estimate, uh this is running on something on the order of three billion devices um that are connected to the internet in some way. So it’s running on everything. And the third thing is that doing the exploit is incredibly easy. So a 12 year old can go download a little bit of code off the Internet and automate it and go out and find servers that are running along for J and take them over. So incredibly easy to exploit. And the combination of those three things is why all the security experts around the world started freaking out To varying degrees around December 10.

[00:05:55.54] spk_2:
Okay. And and sister calls it a 10 out of 10. Yeah, this is all very interesting. I just saw the movie. Don’t look up with Leonardo Dicaprio jennifer Adams, Meryl Streep.

[00:06:00.49] spk_3:
Someone was just telling you about this movie. I have not seen it yet, but mixed things about it. But yeah,

[00:07:24.24] spk_2:
a comment is coming to earth. Uh, they this comment is categorized as a planet killer. Uh, and the President Meryl Streep is uh, not initially focused, you know, and she, in the first meeting with the two folks who have identified this comment and its trajectory right toward Earth. You know, she decides to sit tight and assess and, and their estimate is that the comment is gonna hit Earth within six months. And it’s a it’s a planet killer. It’ll it’ll make us extinct. But she takes a sit sit tight and assess approach. Yeah. Right. So, so I’m I’m tempted. Um, No, but I don’t wanna I don’t wanna be that like physical about it. Um, but I want to keep things in perspective too. So, but 10 out of 10, you know, from sister. That’s that’s significant that obviously. So. All right. And thank you for explaining why it’s called log four J and what a logging application is. I’ve I’ve sometimes looked at logs and it’s just thousands of lines of activity that could be incremental, like every every couple of seconds or something depending on what the, what the, what the, what the activity is that the log is logging. Um it mean it means nothing to me but

[00:08:14.94] spk_3:
to write essentially a bit of code that runs on servers. Um there’s a really funny XK C D cartoon. I can, I can send you if you want to include in the show notes. Um XK C D is a cartoon by a cartoonist named Randall munroe. And he created this cartoon like two years ago. That’s like uh you know, the entire internet infrastructure. And it’s like this giant kind of house of cards thing, you know that everything is on top of. And then at the very bottom there’s like this one thing that’s holding the whole thing up and it’s like, this is a bit of code written for free and maintained for free by some developer in a small town in Nebraska. And this was like two or three years ago that he wrote this because he’s kind of like noting how so much of the critical infrastructure of the internet are just open source free projects that people maintain in their free time. And this is, this is almost literally that like this is just a utility that someone made a long time ago that no one pays for that’s free to use that was useful and everybody used it. And then it was like, oh, this has a vulnerability. We we now have to fix it and it’s everywhere.

[00:08:29.53] spk_2:
Send me a link to that that drawing because I know the one you’re talking. Another one you’re talking about. I think I saw it on your linkedin.

[00:08:35.54] spk_3:
Yes, Yeah, yeah, yeah.

[00:08:37.35] spk_2:
But I want to include it. I’m gonna put it next

[00:08:39.11] spk_3:
to your headshot show in our show notes. Yes.

[00:09:35.04] spk_1:
It’s time for a break. Turn to communications Your 2022 communications plan, lots of projects on their, lots of writing. You can take the biggest projects off your plate and outsource them. Free up staff time to devote to the work. It’s not feasible to outsource the annual report does not need to be done in house just because it always has been, doesn’t mean it has to be. How about research reports, white papers, this stuff can be outsourced. Do you need help with your writing projects in 2022? Turn to communications, your story is their mission turn hyphen two dot c o Now back to nonprofit software vulnerability with Log four J and Joshua Pesky EH

[00:09:44.04] spk_2:
And you also said it’s on three billion devices now, potentially. So it’s not just server level. Right? This could be an

[00:12:36.74] spk_3:
individual works problem. Yeah. And so, so here’s where everybody’s gonna start panicking, right? Which is, they’re like, well, if there’s three billion devices go ahead. Yeah well we don’t wanna panic. Right. Right so so people are thinking oh gosh I must have one of those devices or or more more of them in my home. And so the first thing is just you know calm down take a breath. Um But it it’s the most critical things are you know from a prioritization standpoint are things that accept input from the internet. Now this might be something that non technical people would would have difficulty understanding. But the average computer that you’re using or the printer in your home most likely is not accepting input from the internet meaning someone from the internet can’t just go and communicate with your printer or your coffee maker or your amazon Alexa. Right? Because it’s not accepting input from the internet. The way most devices on most networks and in most homes work is it’s a kind of one way invitation traffic rule. So your computer can get data from the internet and in that respect accepts input because the data comes in. But the only way data comes in is when you request it. So when you type google dot com in your web browser your computer is essentially making a request out to the internet and saying I’d like this information sent to me and then the internet sends it. But the internet can’t on its own. No one out of the internet on their own can send data to your computer without you requesting it. Okay that’s most cases, most people wouldn’t know whether their network or their devices are set up to receive input from the internet or not. But mostly they wouldn’t be they would have to have done something specifically to put themselves in a state where their home devices would be accepting data from the internet. But if you have a server that you’re using for any reason in your organization that accepts input from the internet then that server is if that server has this vulnerability on it by the time you’re hearing this podcast, it’s probably compromised already. And the term that cisa and C. I. S. And other security agencies uses assume compromise and that’s the stance they’ve had for several weeks. Now we’re recording this in december 28th. If you’re listening to this, let’s say january 15th. You know you’re and you have a server or more servers that are X. That are accepting input from the internet that have this vulnerability and you’ve done nothing about it at this point. You would assume compromise and that means um you need help. You need someone who knows how to go look at your server and look for indications of compromise and remediate them meaning fix them and undo them so that your server is not compromised. Um You’ll need help at that point. Okay

[00:13:04.94] spk_2:
let’s start with the first of all, thank you for being a calm voice and and explaining things. So you keep yourself out of jargon jail, which I appreciate our listeners appreciate. I I hate to slap you into jargon jail so

[00:13:09.83] spk_3:
but keep me keep me honest on it, tony If I, if I say stuff that’s like, you know, if I’m either being condescending or you know, you know, saying things that you are not, you know, the folks aren’t gonna understand. Call me out all the time. I

[00:13:53.94] spk_2:
will well condescending, I’ll just shut off your mic and we’ll just end perfect. I don’t I don’t tolerate condescension but jargon that’s recoverable. So let’s start with the case. Uh, you know, our listeners are small and midsize nonprofits. Let’s start with the nonprofit that does not have a person devoted to I. T. Let alone a team or you know, doesn’t have a devoted consultant. Do they need a consultant? Can they what what what should the non I. T. Affiliated nonprofit?

[00:17:13.64] spk_3:
Sure. So let’s say you’re you know f 5 to 50 person nonprofit. Maybe even up to 100 staff. Okay. And you have no dedicated I. T. Person, maybe you have an accidental Tuckey maybe of like a you know joe or jane laptop that helps you out with stuff, you know, as a consultant or maybe you work with a small managed service provider. Um someone who helps you with your technical, but let’s say you don’t have any dedicated resource. Okay. Whether you’ll need help or not, depends on whether the directions that I’m going to give you now are something you could do or you have someone in your organization who could do this. So what you would need to do okay is I’m gonna use two big words and then I’ll explain them. Enumerate and remediate. Okay. These are the two most important things to do in order. Enumerate. All right. Or enumeration is the act of figuring out what are all the things we have that may be vulnerable to this exploit. Okay. So I’ll give you just a simple example. We know uh and there’s a link will give you in the resource because again, C I s has a resource of all of the software applications, products, devices that are known to have a log for j vulnerability in that. So let’s say for example, I’m a typical nonprofit and we’re we have out of our 10 staff. We have five of them that use tableau desktop because we purchased it from tech soup and we used Tableau to do some data visualizations. That’s a really common application that lots of nonprofits would have running on their desktop. They probably aren’t updating it that regularly. Could be an older version Tableau which is now owned by Salesforce. So it shows up under Salesforce is listed in this directory of all the vulnerable applications. So you need to if you know that I have Tableau, I need to go to this list I need to search for Tableau and then I need to follow the links to see if the versions of Tableau that I have are in fact vulnerable and if so what I’m supposed to do about that, which is usually going to be to run some patch that updates it. So you need to do that for everything that you have. So the enumeration part is figuring out what’s all the software and devices that we have. Our firewalls are wireless access points are the operating systems that run on our computers, the software that runs in our computers and for many organizations, you’re already saying we have no idea about any of those things. We don’t have that written down anywhere. We don’t and that’s a real problem. And that that problem, you know, when, when you go to best practices about how to govern technology, they’ll say have an inventory, have it current, you know, having automated, so you can just go look online and right, this is why this is one of the reasons why that’s really important. If you don’t have that, this job at this time becomes extremely difficult for you. But if you don’t do it, You have no idea what vulnerabilities you have. It’s like not going in to get a physical in your doctor’s office for 20 years. You know, when you finally do go in, you’re probably gonna find a bunch of things that you maybe would have wished you found out earlier.

[00:17:20.14] spk_2:
Alright. So even before we get to remediation. Enumeration sounds overwhelming.

[00:17:47.04] spk_3:
If that sounds overwhelming then you need help. If there’s some if you have your accidental tech in your organization, you play them that part of this interview and you asked them could you do that? Apologize for sirens coming by? I don’t know how my Yeah, sorry about that. But if that person listens to it and says yes, I can do that. Give me a day or two. I’m pretty sure I can do that. Hey then you can do it if you have them listen to that and they’re like, I absolutely can’t do that. That sounds totally. Then you need help.

[00:18:01.14] spk_2:
Okay, let’s go to remediation then. So once you found out where your potential vulnerabilities are,

[00:18:07.04] spk_3:
yes, we do this

[00:18:08.04] spk_2:
patching. It sounds like in

[00:19:46.94] spk_3:
most cases exactly. So we’re saying okay, we’ve got five people running Tableau desktop, this is the remediation that we need. This is the software that needs to be updated. This is the setting that needs to be changed. I just whatever the instruction says, I need to go do it and check it off my list. So let’s say we have a sonic wall firewall that’s in our office network and that’s still running and we still have people coming to the office. So we need that to work. I need to go to the C. I. S for the enumeration piece um go see if the model of Sonic wall and the software version that we have on it. That’s our firewall. Is that listed here? If it’s not? Yeah. See we’re good. I can check that off the list if it is listed now. I need to follow the link through and see what is the remediation that I’m supposed to do to fix the vulnerability. Right. The enumeration part is I now know it’s vulnerable because it showed up on the list and then I verified it’s and it’s part of why this is hard for non technical people is you know, sonic wall has I don’t know 100 different firewalls that are out there in the world. Maybe more than that. And they’re at all different software versions. Right? And firmware versions. Firmware is like software that sits on a hardware device so it’s typically called firmware. Alright? But it’s just like software, you update it just like any other software and so I need to both see what model of sonic while I have the software or form firmware version that I’m running on it verify whether that sonic wall and that software version are vulnerable. And if so what I need to do to remediated and I need to do that for everything that I have. All right.

[00:19:56.94] spk_2:
Let’s just let’s let’s just get help. You’re just gonna have to if you don’t have someone devoted who can do this like like Joshua said play it back for them. It sounds it sounds as far into them as it does to me. You need you need you need help. You need help. Alright.

[00:21:38.64] spk_3:
And the urgency is like if if you have again public internet facing stuff, if you have if you know or think you have a server that accepts input from the internet, right? Again, if you don’t understand how to even know that, then you need help. If you have no organization that can help you understand that. But if you do know that that is by far your top priority and again, by the time you’re listening to this, if you haven’t done it, assume compromise. It’s it’s probably it’s not that it’s too late but it’s but you’ve probably been compromised already. And so the question is what do we do from that point? Um and what you’d like to do is learn about it before you learn about it from a ransomware demand. Right? Because what’s what you’re worried about is that that compromise will eventually be exploited by what what Attackers are doing is exploiting systems and then putting in persistence meaning a way for them to stay connected to the environment. Once this vulnerability is patched. So if they’ve done that, once you patch the vulnerability, it doesn’t matter because their persistence is already there on the system. Right? So the next thing they do is exploit you by doing a ransomware attack or installing crypto miner software on your server or doing any of a dozen other things to leverage the resource that they have taken over and what you’d like to do is find out that they’re there and remove them before they notify you by sending you a ransom or notice.

[00:21:47.94] spk_2:
Okay, we need help.

[00:22:04.04] spk_1:
It’s time for Tony’s take two. Thank you. Gene Takagi and Amy sample Ward our contributors, you know them, I barely I don’t even have to say it right. You know, I have to honor them

[00:22:05.94] spk_2:
to give them tribute,

[00:22:20.34] spk_1:
but you don’t really need me to introduce them. You know that Jean is our legal contributor and that AMY is our technology and social media contributor, you know this and longstanding to boot

[00:22:22.64] spk_2:
jean.

[00:22:36.94] spk_1:
Gene has been with nonprofit radio and me Since the first several shows, it was 2010 kicked off the show in July 2010. And jean was on very soon

[00:22:40.44] spk_2:
after the very first show

[00:24:03.14] spk_1:
early, early early days, AMy sample ward joined at the 100th show. So that would have been July of 2012 50 shows a year. Mhm I’m grateful. You know, they take time each time they’re coming on. You know, they come up with the topics we we exchange messages about them talk a little bit sometimes, but you know, they’re doing the lion’s share of the work and then of course, you know, thinking about how best to explain it and then spending the time to explain it all valuable for you all great value for you. So I am grateful to them for so many years of contributing to nonprofit radio and helping you listeners. Our listeners thank you jean thank you amy That is Tony’s take two. We’ve got barely a butt load more time for nonprofit software vulnerability with Log four J. This week is short less time to get aware, more time to do the repair. And I’m gonna I’m gonna keep pushing this rhyme until I can’t stand to hear it anymore. Let’s continue.

[00:24:15.94] spk_2:
If you have an I. T. Devoted team, then certainly by the time that I’m playing this that that team must know that otherwise you need to fire your team and and get a new

[00:24:30.94] spk_3:
team if you have a if you have a cybersecurity, if you have someone who purports to be a professional information technology provider, right? Whether they are your own staff or whether they are an outsourced provider And they haven’t talked to you about log 4J. And what they’re doing about it then. I don’t believe that they’re serving you very well. I think that’s fair to say,

[00:24:40.54] spk_2:
okay, well we’ll leave it at that. Well let the ceo and executive directors deal with their C.

[00:24:47.85] spk_3:
IOS and

[00:25:13.64] spk_2:
uh I. T. I. T. Managers. Okay now I looked at the uh the cisa cisa again as the cybersecurity and infrastructure security agency. Um just for context. That’s that that’s the agency that Christopher Krebs came out of in the trump administration and said that 2020 presidential election was the most secure election in the nation’s history. That’s that’s

[00:25:16.31] spk_3:
system the cyber summarily fired but that’s a separate

[00:25:20.66] spk_2:
Yes, he was he was fired but he said yes,

[00:25:24.22] spk_1:
I’m trying to stay away from

[00:25:25.78] spk_3:
I’m a huge fan of So this is

[00:25:29.20] spk_2:
offered not for political purpose. This is offered for context.

[00:25:32.74] spk_3:
Yeah, for context. That is that is set to and there there I believe part of homeland security.

[00:26:13.94] spk_2:
Yes, they are part of the homeland Security agency. Yes. And they, you know, they’re the ones who said 10 out of 10. And in at a press release they said quote, this vulnerability poses a severe risk. They called it a severe risk, end quote. So you can go there, you can go to assistant dot gov and they have a page called Apache log four J vulnerability guidance. You can search that system dot gov. Apache log four J vulnerability guidance. Without me giving you full U R. L. Of the page. Just just search that and they have a couple of valuable links as

[00:26:16.37] spk_3:
well. And and we have links to all that from our website. So if you want to start at round table, just go to our website, search log four J. You’ll find our our blog which we update as we have updates and that has all the links in it as well

[00:26:34.34] spk_2:
and that is roundtable technology dot com if you want to follow Joshua, Joshua pes K.

[00:27:00.44] spk_3:
A. Y. Yeah. Although you’re better off following at round table I. T. I’m I’m not on social as a rule like a little thing but I really don’t touch twitter or facebook really. Ever so twitter or roundtables, twitter is at round table I. T. Um And that’s a better place to follow. That’s where you’ll that’s where you’ll get updates of things. You won’t get anything from following me because I don’t post to twitter hardly hell with Joshua pesky.

[00:27:03.63] spk_2:
Don’t follow at Joshua follow at round table I. T. If you’re following Joshua pesky unfollowed, you’re wasting your you’re hurting your follower,

[00:27:13.44] spk_3:
It’s a follower following it. And uh and I don’t I don’t even know if I get notifications if you try to dm me like that, you know if you want to contact me. It’s Joshua roundtable technology dot com. It’s very easy to find me that way.

[00:27:25.94] spk_2:
Alright. Don’t use twitter, you’re hurting your ratios unfollowed

[00:27:29.49] spk_3:
him. If you ever our apologies to all you social folks, I’m just not a social guy in that regard

[00:27:35.44] spk_2:
now you sound very sociable otherwise just

[00:27:37.52] spk_3:
not really. Yeah. In person on zoom over the phone incredibly social online. Unfortunately not so much.

[00:27:44.57] spk_2:
Okay. And humble as well,

[00:27:46.94] spk_1:
let’s go to

[00:27:52.64] spk_2:
Something that you have on January 27. You have a training coming up, tell us about

[00:30:09.64] spk_3:
that. Oh my gosh we have, it’s a mouthful. So I’ll spit it out the sixth, annual, best free one hour cyber security awareness training ever. My colleague Destiny Bowers, who is an absolute delight and also brilliant and who have worked with for a long time. She and I six years ago started doing awareness trainings with the goal of giving nonprofit organizations and small businesses an opportunity to get all of their staff cyber security awareness training at least once a year for free in a way that would be easily accessible for them, would be fun and would give them some incentives to for their staff to attend. So not only is the training free for literally your entire organization to attend, But we offer prizes over the course of our one hour training, so people have an opportunity to win up to $100. We give out typically $100 gift card, $50 gift card, $25 gift card and then we’ll give out other gift cards or, or prizes throughout the training. But at the end we do a quiz that is competitive. And so if you win the quiz, you have an opportunity to win $100. Uh and an amazon gift card is what we typically give out. And so you can tell your staff your, if you’re a nonprofit leader, hey everybody sign up for this, it’s gonna be a fun training Joshua and Destiny will try to make an entertaining, brisk and enjoyable and you have an opportunity to win prizes. And if you sign up with your organizational email, you know, uh, tony at my nonprofit dot org, then roundtable will actually send the organization a list of everybody that attended the training from their organization. So if you have a regulatory requirement that says, we have to train our staff, you know, with awareness training once a year, this can actually satisfy that regulatory requirement. If you’re in new york, new york shield law requires that you provide awareness training to your staff. So you can literally satisfy this regulatory requirement by having all of your staff attend this training, which again, is free and not only free, but you can tell your staff, hey, you can even win prizes by attending

[00:30:14.94] spk_2:
right. Win big prizes, free, epic, best ever training. More, more humility

[00:30:25.64] spk_3:
from Joshua, pesky. Yeah, again, the humility best ever. Yeah. And we say that every year because of course every year is is just a little bit better than the previous year. So it continues to be the best ever training until someone comes to us and says, you know, actually the training you guys did in 2019 was better than this one. So I don’t think this was the best ever, but no one you would, you

[00:30:47.74] spk_2:
would have the best you, they would be saying that you were one upped by yourself, there wouldn’t be any other,

[00:31:00.14] spk_3:
I I can’t conceive that there could possibly be any other training other than ourselves. I really feel like Myspace of best free one hour cyber security awareness training, I feel like we are really are our only competition. I

[00:31:12.04] spk_2:
hope you know what the word means. There’s a nod to, there’s a nod to Princess Bride inconceivable that there could be another another entity offering, offer anything offering anything comparable in cybersecurity. Alright, so where do we go for this damn thing?

[00:31:20.10] spk_3:
It is, I couldn’t make it any easier for you.

[00:31:22.87] spk_2:
It’s very simple.

[00:31:54.44] spk_3:
Go ahead. Best dot r t t as in roundtable technology dot N.Y.C. as in new york city doesn’t mean you have to be in new york city to attend anywhere in the world you can attend? So best dot r t t dot N.Y.C. If you go to that, you are l you’ll go right to our registration page and send it to all your staff again, have all of them sign up and you can all compete together and compete for prizes, have a good time getting awareness training and we, I love doing it, it’s sort of our gift to the nonprofit community to try to provide this training and make it fun and accessible for everybody and we’ve had so much fun, we keep doing it year after year.

[00:32:07.24] spk_2:
Is there a video, If folks cannot attend

[00:32:23.84] spk_3:
On January 27, sign up as with all things, then a recording will be sent to you the day after and you can take that recording and you can add it to your learning management system. If you have one too you know onboard your new staff whatever you want to do but of course you can’t win the prizes unless you attend the live strengthen

[00:32:28.84] spk_2:
you have to be like you have you must be must be present to

[00:32:32.14] spk_3:
win. Yeah

[00:32:32.67] spk_2:
win the big prizes in the in the epic best ever cyber security training. You’ll have to be present on january 27th 2022. At what time

[00:33:04.54] spk_3:
is one p.m. Eastern time? That’ll be 10 AM pacific time. That’ll be noon Central time if there is anyone out there on mountain time I don’t know where you’re at in regards to daylight savings. I forget if you’re on pacific time or Central time now so you figure that one out. If you’re on Mountain time, I’m sorry I wish I knew people

[00:33:12.74] spk_2:
will know people will be able to extrapolate hopefully from the Eastern time disclosure of of one p.m. eastern

[00:33:54.04] spk_3:
and we’ve even had organizations who we know nothing about you know who aren’t clients of ours reach out to us and say you know they found it on Youtube or whatever and they said can we you know use this recording for our on boarding package for our own staff or do we need to pay you or do you have rights or anything and then I’ll answer that question now for all of your listeners tony go ahead. Free take it, it’s yours. So if you sign up, you don’t attend live, you grab the recording, you chop it up and use it to onboard your new staff for the next year. That makes us super happy. Do it with our blessing. Don’t even have to tell us. Thank you. Okay,

[00:34:22.94] spk_2:
we’ve now spent as much time talking about the january 27th training as we have the subject of the podcast and the video, which is the log four j vulnerability for nonprofits. He’s Joshua pesky. They don’t follow him so I’m not going to repeat his, his twitter handle but follow roundtable at round table i. T. The company is at roundtable technology dot com. He’s Joshua pesky eh, thank you very much,

[00:34:23.61] spk_3:
Joshua tony thank you. It’s been an absolute pleasure,

[00:34:26.81] spk_2:
my pleasure as well. Thanks so much.

[00:34:54.64] spk_1:
Next week Legal Outlook for 2022 with our Gene Takagi. If you’re not aware, you cannot repair if you missed any part of this week’s show. I beseech you find it at tony-martignetti dot com. We’re sponsored by turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot C. O. That’s the end of the aware repair rhyme scheme. It’s now ended

[00:35:31.84] spk_0:
our creative producer is Claire Meyerhoff shows social media is by Susan Chavez marc Silverman is our web guy and this music is by scott stein, thank you for that information scotty Be with me next week for nonprofit radio big nonprofit ideas for the other 95%. Go out and be great.

Nonprofit Radio for June 28, 2021: Center Equity & Tech In Your Hiring, Retention & Training

My Guest:

Amy Sample Ward: Center Equity & Tech In Your Hiring, Retention & Training

Amy Sample Ward

Amy Sample Ward returns for a valuable, fun conversation that starts with the #ShowTheSalary campaign and winds into technology strategies for treating your staff like adults and learners. She’s our technology and social media contributor, and CEO of NTEN.

 

 

Listen to the podcast

Get Nonprofit Radio insider alerts!

 

 

I love our sponsors!

Turn Two Communications: PR and content for nonprofits. Your story is our mission.

 

Sendinblue: The only all-in-one digital marketing platform empowering nonprofits to grow.

 

We’re the #1 Podcast for Nonprofits, With 13,000+ Weekly Listeners

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.
View Full Transcript

Transcript for 547_tony_martignetti_nonprofit_radio_20210628.mp3

Processed on: 2021-06-29T12:48:45.958Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2021…06…547_tony_martignetti_nonprofit_radio_20210628.mp3.449627571.json
Path to text: transcripts/2021/06/547_tony_martignetti_nonprofit_radio_20210628.txt

[00:02:04.04] spk_1:
Hello and welcome to Tony-Martignetti non profit radio big non profit ideas for the other 95%. I’m your aptly named host of your favorite abdominal podcast. Oh, I’m glad you’re with me. I’d be forced to endure the pain of para Nicaea if you infected me with the idea that you missed this week’s show center equity and tech in your hiring retention and training. Amy sample Ward returns for a valuable fund conversation that starts with the show the salary campaign and winds into technology strategies for treating your staff like adults and learners. She’s our technology and social media contributor and ceo of N 10 on tony state too. Let’s rejoice, we’re sponsored by turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot C o. And by sending blue the only all in one digital marketing platform empowering non profits to grow. tony-dot-M.A.-slash-Pursuant in blue, let’s get started, shall we, what do you say here is center equity and tech in your hiring retention and training. It’s always a pleasure to welcome back Amy sample ward. You know her, you know who she is, she’s our technology and social media contributor and she’s the Ceo of N 10. Her most recent co authored book is social change anytime everywhere about online multi channel engagement. She’s at a me sample ward dot org and at AMy R. S Ward, Welcome back amy,

[00:02:05.44] spk_0:
it’s been so long.

[00:02:15.34] spk_1:
I know it’s been several months. I didn’t even look back. It’s been too long, but let’s not, let’s not dwell on that. We’ll get, it’s my job to fix it.

[00:02:16.81] spk_0:
So what is time anyway? You

[00:02:19.37] spk_1:
know? Oh, that’s an existential question that we don’t have the time to answer what time is. So, um, you’re well in Oregon. Yes.

[00:03:00.44] spk_0:
Yeah. Doing pretty well hot. We’re hot in Oregon. We’ve got, we’ve got a hot hot keep wave and a hot summer ahead of us, but otherwise doing okay. And you know, I think like a lot of parts of the country, the kind of atmosphere feels like it’s lifting a little bit as, as cities kind of open up more because because it is summer, even if it’s super hot, it’s better to be outside and see other people, You know, I think after a long hard winter, people really just be inside

[00:03:08.12] spk_1:
Last summer, largely the same. Yeah, at least if you were doing the right thing. So yes, it beats the hell out of summer, 2020,

[00:03:15.10] spk_0:
right? Yeah.

[00:03:17.44] spk_1:
Although I’m sorry that climate change has contributed to bad temperatures in Oregon and

[00:03:22.55] spk_0:
yeah, yeah, we’ve already, it’s already fire season here and fire

[00:03:27.78] spk_1:
season is all the year now. Now California just doesn’t even have a fire season anymore. They just have fire fire

[00:04:40.64] spk_0:
thinking about, you know, how many And and 10 has community members all over the us Canada Europe all around the world. Um, and so it’s something we’re always thinking about is, you know, what’s going on and for somebody that might open an email or show up to a court. So being one of our cohort programs where we’re really kind of expecting a lot of you over an extended period of time and, you know, there’s folks in so many different geography, so many different identities, so many different kind of compounding factors where it just might not be a day that you can join of course, you know, and we have done a lot of work, kind of, all of all of 2020 started in 2019 and launched this calendar year with a number of changes to our programs so that people were better able to say, yeah, this isn’t the day that I can join us and that they weren’t kind of like slowly slipping behind or slipping out of any of our programs, that the system was already built for them to be like, yeah, not today. You know, uh again,

[00:05:15.54] spk_1:
we’re gonna talk about that to me that falls under the rubric of tech equity. We’re gonna we’re gonna talk about that. Let’s start with the something I know is on your mind. The show the salary campaign. There was it was a critical piece In the chronicle of philanthropy. Just yesterday, we’re recording on June 23 yesterday. There was a piece by Vincent Robinson, critical of show the salary campaign. Let’s acquaint folks with what show the salary is

[00:06:21.64] spk_0:
for sure. So I think show the salary like hashtag no spaces show the salary is a campaign, but it is not the only movement for there are many, many folks, many different hashtags, many different appeals to the sector at large, whether that’s foundation jobs or nonprofit jobs, whoever to include the salary, whether that’s a hard and fast number or that’s a range in every job hosting from Ceo to to any other position really because of the number of dynamics that come when you don’t show that salary and the privilege that it really wraps itself around, um that it’s not creating an equitable opportunity or access point for all different kinds of folks to apply for that job. And show the show salary is one of these campaigns and efforts to encourage folks whether by asking nicely or shaming whichever direction works to get people to do it

[00:07:41.14] spk_1:
all right. And some of the some of the reasons that showing the salary is important are I know that it gives an advantage to folks who negotiate salary better, which is typically white men. They are more confident in their negotiations. They have better outcomes when they attempt to negotiate. If not even better outcomes, they at least get get a better reaction when they attempt to negotiate. So it gives advantage to the white privileged. Um It’s um it’s disadvantageous in that you might be, I mean this this applies to everybody. You you might spend your time applying for a job that’s beneath your salary requirement. We all got to cover. We all got to cover a monthly nut. And if your salary isn’t gonna do it, you gotta go through a a laborious process to find that out. Maybe a couple of interviews, several hours your research time, you’re spiffing up your resume time, your credentials. So why should I hide it from anybody? Um on the positive side, he promotes transparency and you’d like to hire people who want to work for transparent organizations and people want to work for transparent organization? What am what am I what am I leaving out of the why the advantages, the reasons for showing the salary?

[00:08:32.14] spk_0:
I mean, I think all of those are right. And also all of those are kind of like doorways into an entire, you know, grouping of arguments that are related to them, right? And I think it intend we really um combined when we’re trying to mask or compelled or encourage or convince other organizations to include salaries to us that means compensation and generally make clear what your benefits really are. Don’t say generous benefits because to your point, if someone is um has chronic illness and they know that health care is going to be a really important part of the benefits they get and all that you’ve said is generous benefits. They don’t know how to navigate if that’s going to be worth their time competitive

[00:08:54.34] spk_1:
Really. You know, when you think about these things critically, which, you know, it’s, it’s just uh you know, for me at 59 years old, it’s what I grew up with commensurate salary, salary commenced with the experience and generous benefits. No, but if you do think about that well, it really communicates nothing generous, generous by whose standards commensurate by what type of experience

[00:08:57.34] spk_0:
and with the arbiter of that. Right?

[00:08:59.53] spk_1:
Well who is it? Yeah, who is? Right.

[00:10:24.74] spk_0:
Yeah. I think especially as uh folks are starting to maybe in a token izing way, look to increase the number of black indigenous staff of color, um, L G B T Q I plus like all different, you know, quote unquote diverse metrics for their staff. Those folks want to know that they are going to be evaluated by something they opted into, Right? So seeing something like, oh, it’s commensurate with experience. Well, if you are excited to hire me because I also speak spanish, but you’re not, you’re not giving me a salary because of that, then that’s probably not a great place, right? Like all of those decisions add up to a picture that’s getting painted to potential staff before they even apply, let alone are hired and start there. And if you think about, you know, what is this picture we’re painting? Is it just like murky and you can’t see anything isn’t really clear. We painted a beautiful picture of this land. They could come come join. You know, it isn’t just like what’s in the organization’s interest because you really want to be able to negotiate with someone. I would, I would invite a bit of reflection on why you want to change something, you know, because if you don’t already know how much you can pay, that’s how much you can pay. And if you don’t, then you’re probably not ready to start hiring.

[00:11:23.84] spk_1:
Okay. Uh, Vincent Robinson pushed back against the show the salary campaign. His his main point is that now he is a recruiter. He makes a point of saying that his practice is devoted to expanding diversity and accessibility among job applicant among applicants. Yes. And placements that he makes uh, he says that 90% of the candidates that he places are diverse. Bye bye. Common standards. Alright, So let’s, let’s just assume that that’s all the case. Uh, take him at his word for that. He says that the main problem with the show, the salary campaign is that it actually disadvantages folks. Um what’s this point? Because

[00:11:32.54] spk_0:
I mean, essentially, if I can, can recap it, um, the way that we read it and have discussed, invented is essentially saying that by disclosing that salary, so don’t already make it discouraged, right? Would feel that they wouldn’t go for that job. And

[00:12:22.64] spk_1:
Their if their current as it uses the example of someone whose salary is $60,000 and they feel they’re eminently qualified for a job that posts range, or a salary of $150,000, that they will be discouraged from applying because they feel they’re not worthy of that salary. And he says that he has counseled many people in that situation that they should absolutely apply. What does the I’m not I don’t want to make you a spokesman for the show, the salary campaign. We don’t even know who the members of the show the salary campaign are, which we are going to talk about. The secretive side of that. I’m curious about that. We’ll get to that as an advocate for show the salary. What do you say to Mr Robinson?

[00:15:23.34] spk_0:
Sure, I wouldn’t have nothing to do with the show, the salary campaign. And as far as I understand it, it’s a campaign started by nonprofit staff in the charity sector in the UK. Um wow, she and being in love with their julie and I have nothing to do with it. But there are, you know, folks like Julie and the community centric fundraising community and 10 lots of folks in the us have also been calling for this. I think the idea that someone would see a higher salary and think that they are not qualified. I’m not going to say that doesn’t exist like humans are complicated, dynamic, interesting creatures. And I’m sure there are people for whom they have experienced a lifetime of internalized messages that they are not worthy of that job, right? That is not going to be changed by all organizations continuing to hide the salary. We’re not changing the sectors general attitude that everyone deserves more money by hiding salary. So even if, even if there are individual use cases where people were discouraged because of a high salary, that is not a validation for not disclosing it. And ultimately, by showing those salaries, you’re encouraging peer organizations to equally pay that much for the similar title or scoped positions. Um, You know, I think another perspective, we talked about an intent was, well, if that person is making 60,000 there in an organization that has the full kind of, uh, equate herbal scope to that other position, then they probably shouldn’t be making 60. And the issue is that they are currently making too little, not that they are not qualified for a job that makes twice as much right. That the real issue is, is their current place of employment and that that place they should be able to use that job posting to say, hey, I like a race. I think the dynamic that’s not spoken about in the Chronicle piece that I do think is an important part of the conversation about hiring in the sector is the fact that that articles written by a recruit and I think that I have experienced and seen and coached many people applying for jobs who have a very different uh understanding or expectation or assumptions about what’s going on when they are dealing with a recruiter, then when they are applying directly to the organization. I think there’s a lot of messaging and marketing that recruitment firms are, you know, leadership or C. I. O. C Suite ceo type of jobs. And those feel like they imply a level of corporate nous, maybe certain size of organization, you know, and those are probably more likely the factors that are making folks feel like they don’t want to go for the job than the fact that it pays more money. But

[00:15:43.84] spk_1:
it’s interesting just the existence of a recruiter could be off putting to a lot of folks who internalize messages about their credentials.

[00:15:45.61] spk_0:
Not that I don’t think people should use recruiters, I definitely think they should, but I think that that’s an unspoken reality that is not factored into that article.

[00:16:01.94] spk_1:
Right. Right. Right. Which I’m not sure that he would even acknowledge. Yeah. But okay, I

[00:16:06.74] spk_0:
wanna, can I can I can I steer us back to the question and you always get to steer Can I give

[00:16:10.01] spk_1:
you latitude

[00:17:36.74] spk_0:
well, because you said something that I thought was interesting and we could talk about for a second earlier when you were saying, you know, expertise. Uh and I think that’s also a big part of all of this, is that If you were to take to job listings that you found, that said the salary and they said they were both $60,000 jobs, right? 60,000? Um as your annual salary? Mhm. I cannot imagine that you would find those two jobs, say they’re looking for the same experience or expertise or scope of job, even if they were both in communications are both in in programs, right? So I feel like there’s also an opportunity to be very open and intentional with how we phrase or or position to potential staff, what we were looking for when we hired you, because if it’s just like, you know how to use this database and you know, you know, you know how to do these tactical things, I don’t know how it matters who it is. You hire hire the first person then, right? Like if that’s the thing that’s most important to you, it’s just that they can technically do these things that feels to me like you maybe don’t even need a human. That’s a

[00:17:51.64] spk_1:
pretty, that’s a pretty shallow job description. If it’s just a list of four things that you need to be able to do it, right, then you just hire the first person who can do those four things and it makes no difference who it is,

[00:18:15.74] spk_0:
right? But I see, you know, intent as a dartboard and um see jobs posted in the sector on twitter et cetera all the time. I feel like hiring is kind of picking up now and I see so much of it is like we really want you to have experience with X database or X website platform or you know, and like does any of that matter? Can’t you teach somebody the

[00:18:19.26] spk_1:
database? It’s all trainable, it’s all right, we need somebody who’s trainable

[00:18:49.24] spk_0:
right? Like eager to learn, interested in doing the work that we do, but not that you already know how to do certain things right? That’s not the most compelling. And again back to that idea of like you’re painting a picture for these potential applicants, you’re painting a picture that like what they’re what they’re part of. That magical garden scene is like you have a hammer, you have a shovel, you have some seed like you know, it’s probably looks not as appealing, right? It looks like, oh yes, this is beautiful garden scene and I will sit over here hammering on the bench.

[00:19:26.14] spk_1:
Uh I mean uh I guess what we’re, what we’re talking about though, depends on the level that you’re hiring too. I mean if if an expertise is required in something that’s not that’s not trainable, I mean you so you have I. T. Staff, you have the luxury of having write your own development team. Um

[00:19:26.79] spk_0:
So yes, he does the work of a team. Okay. Okay.

[00:19:32.40] spk_1:
Yes. We’ll shout him out now. Go ahead

[00:19:34.25] spk_0:
dan. Yeah.

[00:20:02.04] spk_1:
So you have the luxury of having a development person, web development person. Um So, you know, he has to have a basic level of skill or or beyond basic in certain things. I don’t know whether it’s C Plus plus or drooping or you know, whatever. I don’t know. Html Well, we’re beyond html That I know. So, you know, at that point you would, you would advertise a fluency with something, wouldn’t you?

[00:20:09.44] spk_0:
Yeah. I mean when we hired for that position, you know, we certainly wanted to say these are the platforms we’re currently using. Um, but okay. And you need to, you

[00:20:15.11] spk_1:
need to be able to support these.

[00:20:58.64] spk_0:
Yeah. Yeah. But that was, you know, that’s more of like, hey, this is the job. So stop reading if you don’t know what wordpress is, Maybe not the posting for you, but the things that we really want our, that you, I want to be part of a team where every person has leadership responsibility. You know, you’re not just going to be told what to do. Like you also have to come up with what to do and uh, you know, we want everybody on the team helps with the Ntc. You’re going to like carry a sign down the hallway, put it somewhere. Like you don’t just get to sit at a computer. You know, like we really want to communicate that working at what working in china is like and make clear that that’s what we’re looking for, right vs. The list is for this salary. You can do these five technical things.

[00:25:18.94] spk_1:
It’s time for a break. Turn to Communications, The Chronicle of philanthropy, the new york Times, Wall Street Journal, UsA Today stanford Social Innovation Review, the Washington post, The Hill Cranes, nonprofit Quarterly Forbes Market Watch. That’s where turned to clients have gotten recent exposure. You want that kind of press turn to has the relationships to make it happen. Turn hyphen two dot c O. Your story is their mission. It’s time for Tony’s take two. Let’s rejoice this summer. We’ve come so far from a year ago from where we were last summer. Let’s take some pleasure in this summer. I hope you can. Yes, there’s a long ways to go to My state. North Carolina is less than 50% vaccinated, but we’re so much further from where we were last summer. Let’s take some pleasure in how far we have come. I hope that you can do that in your own way. I hope you can schedule some time away or some just some time. It doesn’t even have to be time away. I hope you can schedule time for yourself, family, friends, all of which we couldn’t do couldn’t do safely a year ago. So let’s rejoice in how far we have come while at the same time recognizing there’s a good way to go before we’re out of the woods with this pandemic with the delta variant now and other possibilities of variations. Yeah, we’ve come a long way. I hope that you can take the time for yourself, for your family, for friends to do some rejoicing this summer. Have some fun, whatever form fun takes for you, whatever it is. If it’s crocheting, if it’s travel, if it’s stay home, okay if it’s more time with kids, nieces, nephews, grandchildren, whatever form fun takes for you. I hope you can do it. I hope you can because we are so much further along than we were this time last year. That is Tony’s take two sending blue. It’s an all in one digital marketing platform with tools to build end to end digital campaigns that look professional are affordable and keep you organized. They do digital campaign marketing. Most marketing software is designed for big companies and has that enterprise level price tag, tisk, tisk. It’s your life if you’re using one of those, send in blue is priced for nonprofits, easy to use marketing platform that walks you through the steps of building a campaign to try out, sending blue and get a free month. Hit the listener landing page at send in blue. We’ve got boo koo but loads more time for center equity and tech in your hiring retention and training. Very melodic. It’s like, it’s iambic pentameter. Almost. How do you encourage job posters on the N 10 job board, which I know is one of your more popular pages on the areas on the, on the site at n 10 dot org of course. Um, I know you require salary their number or arrange a minimum or arrange I guess. But beyond that, what, what can you or what can other folks do to either encourage it if they have a job board or working in their own job descriptions.

[00:26:06.84] spk_0:
Yeah, it’s interesting. I think a lot of the other work that we do is not very publicly visible. I have had a number of community members over the years since we’ve been requiring salary where they want to post a position. They themselves had already asked their organization, what’s the salary going to be in the organizations that were not posting it? So then they come to me and say like, I don’t have a lot of positional power. But what I could do is like bring you in on a conversation that put some pressure on, you know, and have some conversation that, that does convince them because even if they didn’t want to do it, they’re doing it gradually. I was looking at them so they did it, you know, you know,

[00:26:10.85] spk_1:
you know that,

[00:26:11.79] spk_0:
well, you

[00:26:13.28] spk_1:
Have the leverage of the N- 10 job board and we’re talking about technology if it detects job, the intent job board is like a Seminole place to be.

[00:26:43.74] spk_0:
Right. Right. So I’ve had lots of places where I’ve either helped people come up with their talking points to take to their team or joined email threads or even had phone calls with hiring managers who weren’t convinced, you know, and just spent 10 minutes talking to them about it, um, to get them kind of to the other side. And I think that’s, You know, while it’s kind of maybe not in my job description, those 10 minute calls or helping somebody with their talking points in a Google dog are changing organizations. And I really love between that work, you know,

[00:27:31.84] spk_1:
but that’s using intense influence the same way you do when you, uh, when you sign contracts for, for the NtC that you insist you have, you have certain requirements from, I guess diversity to food to, you know, whatever you use the leverage, use the leverage in that case it’s dollars in hiring case, it’s the N 10 job board you want to be on it. I mean the bottom line is you got to play by our rules. I’m happy to have a conversation with you about why those rules exist and how they contribute to the in 10 values,

[00:27:33.92] spk_0:
How

[00:27:43.54] spk_1:
they flow from the intent values. Maybe more more eloquent, but more appropriate. But in the end, you know, if you want to be on the job board, you gotta, you gotta use our rules if you want. You want the N 10 money, you want the N 10 conference at your center, then we have, we have certain basic requirements that are unyielding.

[00:28:51.64] spk_0:
Yeah, it’s interesting because the intent job board, of course you can post a job, but I think most people think of when they think of a job board, like a part time or full time organization that you are working for overtime. But we also, you can also post gigs or RFP s shorter term project type posts and we require a salary or budget to be listed on those two and that’s actually the place where we get the most push back. Um and folks will say, well we don’t know what our budget is until people reply to our RFP. And while I understand that, could I feel like reality, there is just like a, just like a potential applicant to become an employee. A potential contractor also doesn’t know if this is a project that they should bother trying to take on if they have no idea what your budget. So again, you don’t know what your budget is. You’re not ready to hire. Call for our FPs. You

[00:28:56.38] spk_1:
Need to know whether this is a $10,000 project or $60,000 project. I mean without saying a range of $10-$60,000, which is, which is worthless. People, people do that. Do they say?

[00:29:08.44] spk_0:
Okay, sometimes? Yes.

[00:29:10.03] spk_1:
Alright, well that’s

[00:31:05.24] spk_0:
worth. Sometimes. Yes, we try and catch those and talk to people. But you know, I think that folks, it’s such, it’s also such a privileged position to say like, well, we don’t even know what the budget is, where what I hear in that is whatever people tell us is what we could pay. And I don’t think that most nonprofits have a relationship to their cash flow, where they could say whatever somebody says is what we should pay, right? You you likely do have a discreet budget range And even if you feel like it’s really low and you’re sad that it would look low, it’s better that that’s on the table at the beginning, before a bunch of firms, you know, do a bunch of work. Um, and 10 actually just closed an RFP for our own, like it was on our job board, but it was our own RFP to do a website redesign project. And um, we had talked to, uh, so many firms in the community, but one had kind of expressed a bit of a surprise that we were anticipating 10, maybe 15 Responses to the RFP. That that would be a lot of responses. Well, we got over 40 and what we heard from a lot of people is the reason we got so many is because the RFP was very clear. It said why that was our budget and what what we could do in house, what we needed somebody else to do. So, because we have taken longer than our original timeline was internally to be really clear in the RV, we were able to get so many more potential folks that wanted to work with us. And now of course, I don’t know how long it’s gonna take us to read this many are applications, but um, it’s a better problem to have than than only a few that submit and none of them feel like a good fit. You know, now we’ll be able to choose from a great difficult group of to decide.

[00:31:45.34] spk_1:
So it ends up being worth the internal time that you spent. It was beyond your projected time because you’ve got 433 times the number of applicants, uh, proposals that you were expecting. All right. Right. Um, uh, so let’s talk about the show the salary campaign. Okay. Now you all right. So you said you’re not you’re not a part of it. I didn’t know that had started in the UK for one. I feel like they, um, they suffer some because it’s all it’s all secretive. They don’t reveal.

[00:31:46.69] spk_0:
Doesn’t need to be like,

[00:32:01.04] spk_1:
well, yeah, I mean, I think credibility, I think naming who you are, at least some of whom you are, helps with credibility. You know, purely

[00:32:02.03] spk_0:
seeking. But they do say that there are non profit staff.

[00:32:05.84] spk_1:
Yeah.

[00:32:24.34] spk_0:
And I feel like their appeal isn’t saying we like this one organization, you know, we’d like this one funder to change their grant application and we are previous grantees. So we have a level of knowledge. Like there isn’t any, uh, in my opinion, there isn’t any justification you need to do to say, yeah, I think people should have to show their salaries, you know, they

[00:32:38.34] spk_1:
Have, like six or 8 reasons why the salary should be shown. Uh, you know, it’s secretiveness creates suspicion,

[00:32:44.14] spk_0:
doesn’t I just I just don’t share that feeling. I feel

[00:32:48.15] spk_1:
like,

[00:34:03.44] spk_0:
um not the number of people that, like, for example, we have because we have talked on the website and the job board, we have a blog post about why we want people to to include their salary. Um, it’s common that folks that we don’t know or or we’re not first name basis, like community member, we know who they are will tag us in a tweet thread and include our blog post while they are trying to convince someone else. We weren’t even heard of that. We don’t know who these people are that are talking, you know? But they’re like, oh well and then to doesn’t here’s their article and you should really do this. So those people don’t even necessarily know who we are, but they’re using it to support their argument. And I feel like I don’t need to go into that twitter friends like, hello, I am a me I am in ceo these are all of the reasons why I get to exclaim this. And you know, I don’t I don’t know that. I don’t know that the campaign, like so many other campaigns is trying to say that the exclusive use of that hashtag are the eight collaborators on that website, right that like anyone can go appeal to folks that are sharing their salary and ask them to do it. You know that it’s it’s about the message. It’s not about the people who have the capacity to build the website and get it out

[00:34:29.54] spk_1:
there. It is. Yeah. As I said, they have six or eight reasons why you should should show the salary. Um All right. Maybe I’m just more traditionalist, but you know, secretiveness breeds suspicion for me. I would like to see a couple of

[00:34:31.27] spk_0:
names that

[00:34:32.06] spk_1:
Uh and then but then you say, you know, but in that case where you were citing, you know, in 10 gets broke. So other folks brought you in. So you’re they presume your credibility

[00:34:42.94] spk_0:
well. But I think it’s the same way where people that aren’t who I’m just saying that because that’s a random number of people, but like whoever was the friends who created that website, like people don’t need to know them in order to use the hashtag show the salary for saying, you

[00:35:00.54] spk_1:
know, and and to agree with the six or 8 reasons that they

[00:35:03.08] spk_0:
have, which

[00:35:07.04] spk_1:
is you’re all very cogent to me. I just I would like them to go a step further.

[00:35:11.34] spk_0:
Yeah. Ok. I hear your concern. I have nothing to do with them. So I can I will not pass this feedback to anyone. But

[00:36:01.33] spk_1:
you don’t know anybody. I don’t know. It’s like people say this is in confidence. I always say, well, I don’t know anybody to tell. Right? And a few people I do know that nobody listens to me anyway. So, so your your confidence is well kept with me. Don’t worry. Don’t worry about that. Yeah. Yeah, sure. You got my confidence. Absolutely. This isn’t confidence. Absolutely. Okay. Um bringing a little more down to uh, some actionable steps or if the if not actionable, at least, things that folks can consider. And I’m always grateful to you that we can use N 10 as an example. You have, you have the N 10 Equity Guide for nonprofit technology which is at N 10 dot org. And my suggestion after that was just search for Equity guide for nonprofit technology in

[00:36:05.24] spk_0:
your or its underneath the resources either way. Okay.

[00:36:29.53] spk_1:
It’s called the Equity guide for nonprofit technology and you have some things that you recommend there and I’m sure that intend abides by or at least tries to abide by as best as you can. Um, and the first one is that is sort of what we were talking about earlier. Don’t assume expertise in technology radio

[00:38:52.12] spk_0:
and I think that this gets a little bit confusing for folks because they are hiring for a position where whomever is hired saying is you tony I hire you. I know that so much of your day is going to be using these couple systems and I think I’m doing doing a favor to everybody by saying, okay, we really want somebody who already knows how to use these things, right. But it is unlikely that the way you use that database or the way you have set up your website or the way you use white books, you know, whatever it is, is exactly the same organization to organization. Um kind of what we were saying before, you want somebody who’s interested in ready to learn how you use your database and maybe you want somebody who is familiar with what databases do and are and has ever used a database. But the idea that it’s really important to hire someone who’s used that exact same suite of tools, it doesn’t, it’s just not realistic. They have not been customized the way your organization is customized people are using Salesforce in a way that is unrecognizable, Salesforce. That doesn’t mean that because they use Salesforce somewhere else, they automatically know how you’re using it. And all of those things, just as you said at the beginning or a teacher, we should be invested in teaching all staff, all of the technical things they need always, not just in their orientation, right? But technology training is all the time because technology is changing. And when we remove those pieces of focus from the job description, it allows us to really focus on what matters more. That’s less tradable, less teachable. And that is, you know, are you solutions minded? Are you interested in leadership and responsibility? Do you have experience with community engagement? Do you come from this community that we serve? I don’t know what things might be specific to the job that we’re all raised from in here in this example. But getting to elevate those other pieces that are maybe more about what somebody wants to do or has a natural inclination towards, instead of Can you click a mouse on the screen? Like we will teach you how to do that part, you know? But if you don’t like working with people, maybe that’s not the job because they’re clicking the button so that they can talk to people right? Like there’s something else happening in that job and focus on that instead

[00:39:10.22] spk_1:
related to that making training accessible. Uh, so, you know, I mean, to me there, those really go hand and glove. I mean, don’t assume a certain type of expertise and then you need to make the training accessible. And as you just said, you know, throughout, because technology is changing, it’s not

[00:40:45.21] spk_0:
just not everybody learns in the same way orientation. Uh just saying like, oh yeah, we made this internal wiggy and there’s a bunch of pages, How about it? Like not everyone can just go look at this wiki. They didn’t make themselves and learn from it. So know that however you’re going to invest in training, its investing in different types of opportunities to learn the same, maybe core functions so that people can engage the way that that works for them. And then take, for example, the way that we do this is we like to, you know, document things so that it is written down for people that like to have the guide of, okay, step one step to do some uh recorded a recorded screen where someone is clicking through doing the thing right? And then everybody brings their computer to a meeting and we all do it out loud together at the same time so that somebody can say I did a practice one of these before the meeting and now it’s showing me the screen and then everybody can look and you’re like, oh my screen looks like this, your screen looks like this. Let’s all learn what this error is, you know? Um and it means that of course it normalizes that everyone needs to learn these things and it isn’t just, you know, one person’s job, but it also creates this opportunity for really deep learning because we engaged in that so many different ways, you know, as a team,

[00:41:04.01] spk_1:
community learning right together. Yeah. Um you know, requiring equitable equipment policies and and that’s related to bring your own device,

[00:42:27.50] spk_0:
bring your own device, something we saw at the start of the pandemic, even beyond, Bring your own device was, you know, in an organization where there’s uh in use a very traditional hierarchy, people that were directors or above got to have Apple laptops. So when they said, okay, work from home, they were ready to go. The managers and below had desktop computers, so they were not ready to go, you know, um, and there wasn’t uh, acknowledgment of the inequity there. And I think that’s a very easy case in point where you can think about that. But we’ve received so many questions over the last 16 months of people saying, okay, well, now that our organization is convinced, then we can kind of kind of maintain a hybrid model going forward. They still haven’t changed the policies that say directors get a new computer every two years and everybody else gets one every six years, but my computer is dying, you know, and I don’t qualify. So the option I’m being told by my own or use my own, which of course isn’t, isn’t equitable is not a fair expectation, but it also creates all these other security vulnerabilities were now working off of machines that are part of the organization’s college.

[00:42:46.30] spk_1:
It goes yes, it is inequitable. It’s also high risk. Right? So, so the employee buys their own now, how do you know what else they have on it? It belongs to them. They are welcome to their privileged and entitled to put whatever they want on it. And how do you know? And what? So now what kind of devices, your data being stored on?

[00:43:22.50] spk_0:
Right. Exactly. And where are people accessing it from? You know, a number of organizations often try to address some level of security vulnerability by making sure that all of the staff laptops have a VPN and they know how to turn the VPN on, but then when they start using their tablet or their own personal computer to do that work in a different way, they’re not going through the VPN. So there’s just so many places where it undermines other efforts you have actually invested in because you are not thinking about what it needs to have devices for everybody that works for them.

[00:44:29.89] spk_1:
Yeah, yeah. And let’s wrap up with, and there’s, there’s many more, there’s probably a dozen different, if again, if not action, actionable items, at least items for you to think about and discuss all throughout the, uh, in this, in the intent equity guide for nonprofit technology. There’s a lot more than what we’re just the couple that I’m that I’m raising with Amy, that we’re talking about supporting remote work obviously, very timely, uh, enormously, you know, but um, everybody doesn’t have, uh, there’s not the same level of, of broadband access. We know this, I mean, you’ve been you’ve been active for years on the broadband equity. Um and now it’s part of biden’s infrastructure proposal. Well, how much of that will get past? Very uncertain, right? Some people only define infrastructure as macadam and concrete and bricks and mortar and beyond that, you know, they don’t want to know about infrastructure. So, you know, you can’t even assume the simplest things that so many of us take for granted exist among all your among all your staff.

[00:45:49.19] spk_0:
And, you know, I think what’s just so confounding to me is the number of organizations who last March said, oh my gosh, we have to work from home. So they didn’t, they worked from home, they work from home for over a year, and now they’re saying you have to be in the office to work, which what I hear when someone says that is that You do not believe work happened for the last 16 months, and I’m pretty sure that work did have, and it probably happened in ways that were better for each individual staff person managing their day and their needs and what else they had going on in their life. So if if folks have to be in the office, sitting at that desk in front of the screen to be quote unquote work came to me that says, you don’t think what can happen unless they are being surveilled while they do it, right? That realizing you’re stuck and you are definitely not working on this article you need to work on. So you’re gonna get up and like make a big fresh pot of tea that that’s not a part of your human management of your

[00:45:53.61] spk_1:
valuable to you.

[00:46:50.98] spk_0:
Right. Right. So, I think organizations that are pushing for this kind of return to in person are really hurting their staff. There are staff. We’ve already seen articles about staff are leaving on mass instead of returning because that’s not it’s the bar, right? Like we have said, the bar is I should be able to be a human that can be trusted to do my job and also live my life. And organizations that can’t respect that I think are not going to have the kind of, you know, talent and diversity that they may say they want. Um, and what I think is important to also acknowledges, there are people for whom working in the office is ideal for them because they can’t focus at home or at home. There are too many other demands on their time from family members or, or whatever else. But That one person working best in the office doesn’t mean everyone else has to be there. Exactly 9-5 with them, right. There should still be a way to support folks who are really great staff and just can’t be in the office, you know?

[00:47:26.88] spk_1:
Yeah. There are folks who want to be nomads now. You know, we, we can’t ignore what, what we learned over the past 16 months and what people have learned about themselves as well as what hopefully organizations learned about themselves and their people. These lessons, you know, these lessons are with us now for generations, right?

[00:47:31.78] spk_0:
And that’s our opportunity to learn from them and get better and grow versus hold on to an idea of something that also wasn’t working before the pandemic,

[00:48:23.97] spk_1:
right? But we just very few people have the courage. Very few organizations have the courage to attempt something different, okay. And they got forced into it to marches ago and we can’t ignore the lessons that we’ve learned and people are not, people are not going to be willing to take a step back. So yeah, if your organization is insisting, I would say especially now during the summer, I mean, if it’s maddening, I mean, uh, you know, I’ve had folks tell me that their offices go, they’re going back to the office starting in like mid june or july. It’s the summer for Pete’s sake. Nobody had any any summer in 2020. So if, if you have any humanity at all, at least wait until september or maybe even october. But even beyond then, right, you know, we’ve learned so much and people are not going to be willing to go backwards. And if you want, if you want to retain the best people, you know, some of them are going to want to be nomads. Now, some of them,

[00:48:33.52] spk_0:
you’re going to want to be able to be at home when their kid is sick and not have to take off work. Yeah.

[00:48:49.67] spk_1:
Okay. It’s, it’s equity, it’s tech, it’s hiring, its, its retention, it’s good policies

[00:49:01.37] spk_0:
and I think part of how we ended up going all over the place of this conversation is just a reflection of how interconnected all these things are and kind of directional. If you, if you can’t share your salary on your job description, you’re probably, what else are you hiding from people? Oh, now they’re hired. They probably don’t get to have a great computer that they choose, right? Like it’s all part of the same mess.

[00:49:32.17] spk_1:
Yeah, yeah. We only contribute 25% of health care premiums. Yeah, exactly. All right. All right. Thank you. Amy Amy sample award ceo of intent. Our technology and social media contributor. Uh, you’ll find her at AMY sample ward dot org and at Amy R. S Ward. Thank you for fun. Provocative, interesting conversation. Thank you.

[00:49:41.35] spk_0:
Thank you. As always.

[00:51:25.96] spk_1:
Next week it’s Jean Takagi returns. It’s Jean Takagi. Next week Jean Takagi returns with your one hour legal audit. Who writes this copy this middling lackluster coup. This is why I need an intern. I haven’t put the word out for interns lately, oddly nobody ever applies, but I need an intern to blame for this middling copy. So if you know someone who wants to be blamed, introduce them to me. If you missed any part of this week’s show, I beseech you find it at tony-martignetti dot com. Were sponsored by turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot c o. And by sending Blue the only all in one digital marketing platform empowering non profits to grow. tony-dot-M.A.-slash-Pursuant End in Blue. Creative Producer is Claire Meyerhoff shows, social media is by Susan Chavez. Mark Silverman is our Web guy and this music is by scott. Stein. Thank you for that. Affirmation scotty Be with me next week for nonprofit radio big non profit ideas for the other 95 go out and be great. Yeah. What?

Nonprofit Radio for April 19, 2019: Grit: Succeeding As A Woman In Tech & Great Ideas

I love our sponsors!

Do you want to find more prospects & raise more money? Pursuant is a full-service fundraising agency, leveraging data & technology.

WegnerCPAs. Guiding you. Beyond the numbers.

Credit & debit card processing by telos. Payment processing is now passive revenue for your org.

Fundraising doesn’t have to be hard. Txt2Give makes it easy to receive donations using simple text messages.

Get Nonprofit Radio insider alerts!

Listen Live or Archive:

My Guests:

Marisa Lopez, Sara Chieco, Tami Lau & Aparna Kothary: Grit: Succeeding As A Woman In Tech
Our panel takes on the common challenges facing women in tech as they share their own stories and reveal lots of strategies for succeeding in this overwhelmingly male-dominated career. They’re Marisa Lopez, Sara Chieco, Tami Lau & Aparna Kothary. (Recorded at the 2019 Nonprofit Technology Conference.)





Graziella Jackson & Marcy Rye: Great Ideas
Also from 19NTC, we get methods for generating strong—even breakthrough—ideas, everyday, with help on how to choose and implement the best ones. Our panel is Graziella Jackson & Marcy Rye.





Top Trends. Sound Advice. Lively Conversation.

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.

Get Nonprofit Radio insider alerts!

Sponsored by:

View Full Transcript

Transcript for 20190419-GritSucceedingAsAWomanInTechandGreatIdeas.mp3

Processed on: 2019-04-23T12:32:31.387Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2019…04…20190419-GritSucceedingAsAWomanInTechandGreatIdeas.mp3.888152088.json
Path to text: transcripts/2019/04/20190419-GritSucceedingAsAWomanInTechandGreatIdeas.txt

Hello and welcome to Tony martignetti non-profit Radio. Big non-profit ideas for the other ninety five percent. I’m your aptly named host. Oh, I’m glad you’re with me. I’d get slapped with a diagnosis of silicosis if you mentioned the bird brained idea that you missed today’s show grip succeeding as a woman in tech, Our panel takes on the common challenges facing women in tech as they share their own stories and reveal lots of strategies for succeeding in this overwhelmingly male dominated career. They’re Marissa Lopez, Sarah Chico, Tammy Lau and Aparna Kothari that’s recorded at the twenty nineteen non-profit Technology Conference and Great Ideas, also from nineteen ninety Sea. We get methods for generating strong, even breakthrough ideas every day with help on how to choose and implement the best ones. Our panel is God’s piela Jackson and Morsi ry. I’m Tony Steak to thank you. We’re sponsored by pursuing full service fund-raising, data driven and technology enabled Tony dahna slash pursuing by where you see Oppa is guiding you beyond the numbers regular cps dot com by tell us turning credit card processing into your passive revenue stream. Tony dahna slash tony tell us, and by text to give mobile donations made easy Text. NPR to four four four nine nine nine Here is grit succeeding as a woman in Tech. Welcome to Tony martignetti non-profit Radio coverage of nineteen ninety Sea. That’s the non-profit technology Conference coming to you from Portland, Oregon, at the Convention Center. This interview, like all our nineteen ninety si interviews, is brought to you by our partners at Act Blue Free fund-raising Tools to help non-profits make an impact. This topic is grit. Succeeding as a woman in tech panel is all tech leadership. Women beginning with Closer to me is Marissa Lopez. She’s director of account management, presents product group, then. Sarah Chico is director of technology. Social Impact of Presidents Prat Presence Product Group. Tommy Lau is senior self sales force. Energy engineer Tommy Lau is a senior sales force engineer. Social Impact Presents product group and Aparna Qatari is director of technology operations, a global citizen year. Technology. Women Welcome. Thank you. Thank you. Thank you. Technology leadership with women. Welcome. That’s what way women in Texas. They’re succeeding as a woman in tech. This’s not. This is not a panel of lackluster professionals. A panel of successful professionals Important to make the difference makes a distinction. All right, um, let’s talk down the end there. A partner. Thank you for sharing Tammy in a partner. Thank you for sharing Mike’s. The panel is so big, but I didn’t want to exclude anybody, So let’s start with a partner, you know, Give us Give us the headline. Give us the headline in the lead. What is it? What does it take to be, uh, to remain as a successful woman in tech not to get there We’ll get we’LL get to the get there But what does it take to remain st Stay, Stay as successful as you have been I think because you know where you are, right? I think we’Ll probably have slightly different answers with this, but probably with an underlying theme of community and finding a community that you resonate with that you could be comfortable with. One of those communities for us is amplifying. We are working with people with underrepresented voices in tech and so we have in person groups, online groups. But the fact of having a group of people who you can be yourself within share yer challenges with I think something about being an underrepresented voice and tigers when you’re in the workplace. You sometimes don’t want to show that you don’t understand something. Don’t know something are are kind of not faltering but are struggling a little bit. And so it’s been really nice to have a community of people where you can show those struggles, get support, get riel. Resource is without judgment, without judgment, with pretense. So that has to me that has been kind of a game changer. Tammy, would you want to add anything to the community? Sense of the importance of community? Yeah, absolutely. I think I wholeheartedly agree with what partner said. Just finding this community specifically amplified. But other women in tech communities as well has really made my life as a woman in tech so much easier, so much more fulfilling and has really helped me to get to where I am today. Andi organization is amplify. Is that right? Yes, amplify were amplified out, or ge amplified dot org’s okay there. Pointing to Marissa was where assuring the amplify shirt. But everybody doesn’t have the advantage of the video. Yeah, most of our audience is podcast, right? So So what’s that make sure? Amplify. It says amplifying. Yeah, that’s right. We are amplified out. Organs are website in the name of the group. Example. Five. Okay. Okay. Um so, Sara, let’s let’s get you in on the headline. Anything more than community? Uh, probably. I think perseverance and hard work and diligence are are kind of traits that I feel I’ve had to exhibit and had to be strong at in order to succeed and continue succeeding more, though more so than male counterparts, do you feel on the persevere inside, Absolutely absent, really persevering over what persevering over the challenges that come as being a woman in technology, in having managers that don’t understand necessarily how to relate to you or how to speak to you properly, or how to kind of bring out the best in you being having to do that on your own essentially and kind of overlooking, you know, various slights and or obstacles that are put in your way because you’re a woman and not similar to your male counterparts. What are some of those obstacles? Pay disparity, promotion disparity? You know, I was once told, yes, it’s true that you’re better than your male counterparts. And yes, it’s true that they all are making more than you. But it would just be too hard to re calculate the pay scale at this point in time. So we’re just going to leave it as is when this is done. That’s your trouble line. Herbal example. Yeah, too much trouble. It’s just one minor example, but it’s been like that. I have a master’s degree in computer science. I’ve been in Tech since the nineties, and it’s gotten better, but it’s still definitely not all the way better. Okay, because there is a stereotype that people are guys. Yes, guys become computer scientists. Yes, I was a graduate teaching fellow and out of a class of one hundred twenty six students, one was a woman. Reza. Yes. What do you want to say to introduce this? What do you want with the headliner? So what comes to mind for me is the title of the session, and so it’s it’s really what Sarah said around perseverance like to be the word grit, little shorter little fun, more fun and a little more edgy, but really is about the same thing, right? So to be gritty. I mean, if you think about Grigg, you’re thinking about, like, a piece of sand in your eye you’re thinking about, like, you know, biting your tongue. You’re thinking about surviving something they, you know you’d rather just bail out on. I think all of that, really. You know, they’re analogies for the experience of being a woman in technology. Um, some of the common challenges other. Certainly. Sarah listed a couple of poignant and illegal leased. The pain started challenges, Uh, other challenges. Are you willing to open up to any personal I mean, get personal, But what’s happened to you personally as a professional, uh, that I don’t feel comfortable talking about on this radio cast, but I will say that toe piggyback on what they all were saying about community, I think one of the big challenges is also just around being vulnerable and not being able to be vulnerable in the workplace. And that is one of the reasons we need our community. The vulnerability aspect. Yeah. All right. All right. Okay. Anybody wantto respond to what I you know? Like what? What you faced Shuriken in general. So as you mentioned Yes, the stereotype of programmers and developers. Being men is a constant challenge. I’m fighting whenever I’m in a space with other developers. I always have to to feel like I have to prove that I am also a programmer. And over that, yes, I do belong there. Yes, I don’t look like you. Yes, I do indeed. Write code, you know, so that constant mental energy of having to prove myself and altum to convince others I belong, you know? So there’s that that costs to my tio, my energy and my time that there’s that men don’t have to do, don’t have to expend Yeah, partner, I think for me I think a lot about the role of assumptions, both assumptions that are placed on us. But once that we have placed on ourselves just based on how way have been raised in a society as such. And so I think about how we were talking about how your first job out of college, that salary really sets you on a path of, you know, Sal er, promotions and salary raises and how you start off when I think about the wage gap. We’re starting off at a disadvantage for no reason other than our gender perceived gender. And I just get the assumptions role of has really made it made it more challenging, but also made it harder. Tio Excavate what the challenges for? Because it’s so ingrained in my own. Have you, uh have you done your session yet tonight? Coming up. Okay, so now I know a lot of what you’re gonna do is spend time listening to with stories are coming from the audience. Okay. Are you not? Yeah, I thought you were some but we’re also going to talk about our stories. OK? Yeah. We’ll be telling stories. Okay. Uh I guess in more detail. Alright, Thin. You want thirteen thousand strangers to here? Ok, I understand. It’s not a perfectly safe space. It’s time for a break. Pursuant. The art of first impressions. How to combine strategy analytics and creative to captivate new donors and keep them coming back That is there a book on dahna acquisition and how to make a smashing first impression. You’LL find it at the listener landing page which, as always, is that Tony dahna may slash pursuant with the capital P for please let’s do the live love live love goes out. I don’t know where you are because we’re pre recorded, But you’re listening live. And I love that you are. It seems like strips that I love you. I love that year. I hardly know you. I don’t know you at all. So I love that you are listening and the live love goes out. Let’s just Let’s just keep it at that. Let’s not get carried away. And the podcast Pleasantries. Of course. The pleasantries have to come on the heels of the love first love. Then the pleasantries tow our podcast audience. Thank you for listening via podcast pleasantries. So from here we go back to Marissa Lopez, Sarah Chico, Tammy Lau and a partner Kothari. You think I could say all those names? Here they are. We’re not quite halfway, but let’s move to the positive. Okay, Okay. I’m gonna put you on the spot. Although you did say you’re willing, but yeah, I think we’ve We’ve covered the challenge is sufficiently. I think I think the guys there’s a lot more to talk about. Guys, we’re listening, Tio. All right, Go ahead. Teresa. You wanted Teo won’t do one more. Well, I just think. I think the pay in salary is actually really huge and really a big deal and really a really problem. And it it goes deeper than the workplace. I mean, when you’re getting played last year, disadvantage of the world, your children at our disadvantage. Some people are a disadvantage to their partner. I mean, that’s like a huge, huge power issue that women have to deal with. I say I would say myself specifically I was. I kayman attack about a quarter way through my career and I was severely underpaid. I didn’t know that I should be getting paid more. There wasn’t a lot of salary studies out of the time, and I didn’t come from a tech background. I wasn’t part of the network. The good old Boys network for folks know how much people are getting paid so again without that community, that network in that background, I got underpaid for many, many years and I will never be able to make that up, you know, like Aparna said, like you can’t make up for being underpaid early in your career affects your the rest of your life. Yeah, home holds you back and that’s it’s all based on the beginning. All right. You want to Sara? Sure. I can give you an example. So I worked at a start up in San Francisco down your South Park maybe almost twenty years ago. And though it was, you know who’d strap warehouse, whatever. And it was just it was one person who kind of ran the office and the company at operations. And then there were five software engineers and I was the only woman in the company, and I didn’t often open. We didn’t have, You know, anybody who opened the door had kind of an office role. Occasionally I did. Mostly, I didn’t. But whenever I would get up to answer the door, sure enough, the guy who was standing at the door would ask me to get him coffee. Never once did any of my male counterparts get asked to bring coffee too, you know, I mean, it’s just little things like that that happened throughout your career. Kind of perpetually. But I don’t even drink coffee, nor do I know how to make it. So you know, I know I do know how to make it, but I don’t like you drinking? That’s irrelevant to the boy. Almost. Why were you hired in that company? Uh, because I was a good software engineer. So they so they were open. They recognized your your professional talent. But then it was the visitors who ask this now. I don’t know. I’m sorry. These air. Oh, that’s right. You were opening the door of the visitor’s presuming that you’re the office secretary. I’m the secretary, makes the coffee. Women and minorities will deal with micro questions like that every single day. I will tell you every single day in the workplace, and it is very exhausting. And I I think that that is part of the reason that folks with underrepresented voices do not get promoted to leadership is they don’t have the additional band, wants to do all the networking and all the snoozing and all the extra work. Sometimes and all the things. All the things you have to do to move up the ladder because they’re already being overburdened with all these little aggressions. And it is every day still Okay, I see. Let’s let’s let’s talk about let’s talk about overcoming, okay? Overcoming these obstacles and challenges. Um, Tammy Tammy, you have Ah, kick us off the first first tip. I mean, the whole community’s been said so check out, amplify if you’re if you’re among the oppressed. Well, I guess all female. So if you are, if you are the oppressed that we’re talking about, check out, amplify amplify dot or ge is that we are amplified dot org’s okay for under represented folks. Okay. Underrepresented in any in any respect. Okay. In tech. Okay. Exactly. So strategies. Tammy Teacher. So I think I’m going back to the issue I talked about which was the mental energy of explaining yourself. Is that yes. Take the opportunity to explain you know the issues and to explain your story and to try to educate people using the venues that you have, but sometimes just say no. Just walk away and save that energy for another fight. So you don’t have to fight every battle, make it fight. It were accounts, so that’s that’s made him okay. Um go ahead apartment. Have a real simple find a mentor and be a mentor. Yeah, I hear that commonly, for women especially needing to support each other Umm, how about when you’re you’re getting started in your career, is there? Is there anything unique too? To suppose u s o Unlike Sarah, Suppose you are aware that you’re being grossly underpaid. You know who was who was underwear? Who was away? That Morris Resa unaware that you were grossly underpaid. Suppose you are aware. Uh, you go to your boss. Let’s assume that that’s Ah, guy. Worst case scenario. Uh, all the women can be difficult to eye, right? It’s not. It’s not only men, although I’m not gonna let me off the hook. But women can be difficult to women also, let’s assume, let’s assume it’s a male supervisor. You know, you’re being terribly underpaid, but you’re new in your career. Maybe you’re just a year or two out of school, and this has come become aware to you. You become aware of it. Uh, who wants to? What do you What do you think? What? You said you can stay a couple of things so that we could move on. So so once someone else’s dancer. But I would say one thing. First of all, don’t be afraid to go look at a different top if they’re not going to give you a raise at your job. You do not have to stay. If there was a lot of opportunity for smart people up and hardworking people and that is a really thing. And I feel like maybe my generation or maybe who am or maybe who I was raised always like. You have to stick with this and you have to make it work or whatever, but you actually don’t. So that’s one thing. Don’t be afraid to go somewhere else, that sort of do it all the time. Two. I really believe in accomplices and acts in accomplices, meaning like allies that could be male allies that could be other co workers. I could be your friends, but I think it is important to find people that you can trust that can help toe advocate for you. Yeah, and sometimes it’s like Tammy. Wising sometimes is not the fight pick. It’s not the battle Tau Tau battle against, but sometimes someone else can do it for you. And you could either call them in and you could establish that relationship so they could do it. Okay, help from others. Anybody else for the early first couple of years of work, uh, strategies for that For that phase of career. I am pretty far removed from that phase of my career at this point. So why would you remember? Because you were mentoring somebody who right who is in that? Well, I was underpaid when I was in that phase, and I wound up having to have other job offers in hand twice to get raises, because both times they claimed there was not any additional money, which was not true. And then when I, as Marissa said, you have to be willing to look elsewhere. One thing I would recommend not doing is don’t threaten to quit somewhere if you’re not actually really ready to leave and have another good opportunity. That’s possible because I think idle threats are probably not together, completely counterproductive. But so I did actually have other job offers in hand and got matching raises twice and then left when I felt like what I wanted to do. There was done because I was never going to stay in a place that didn’t value my worth. So as a as a you know, I was a director of technology. I managed about ten people now and I always bring people in at what I feel is a is a higher than you. No base salary, because I want people starting off on the right foot. And I want people happy with what they’re making and not feeling like they’re already behind the eight ball to start. You know, a lot of times people kind of like negotiate down with you when you’re doing your initial salary negotiations. And I just don’t believe in doing that. Tammy three of you are with Presidents Product Group, so we may as well disclosed. What? What’s the work of President’s presence? Product group? Sure. So, actually, I was with a non-profit until about six weeks ago. And you’re the only one. You have No one there. Yeah, masking the newest employee. All right, Will you still know? You still know what they do. So what do they do? S o? We build digital products, whether that’s mobile APS o our products on sales force. And specifically our team works with social impact ordered. So non-profits be corporation. Is anybody making a difference in the world building self source products for them? Because you have seen your sales force engineer Yes, you’re correct. Okay. Okay. Uh, all right. Let’s Let’s progress in our career were beyond the first two to three years. Um, for any for any phase of any phase of career. What are apart? You haven’t spoken for a while. What? What is some strategy would give us another strategy for coping overcoming these obstacles. I mean, I think I go back to what I said about being a mentor. I think having a mentor outside of your organisation, but in your industry, because I think often what we do is we tie our salary to ourselves. To our sense, our self worth. Really, this is what we are worth in the work place. This is what we should be paid and that I guess it’s fine. And without having someone to see toe like, understand the industry and understand the work that you’re doing and understand what comparison’s across the industry, I think oftentimes we’re just way are not aware. We’ve convinced ourselves like Oh, yeah, way always justified, right? I’m only fears into my career. This seems like an appropriate salary, because this is what they’ve given me. So I just I think that like building you’re what? I’ve heard someone call like your own board of advisors. We’re kind of your own council of advisers. Teo, give you advice. I think I need to work on that. But I keep keeps coming back to me as a strategy. Okay. And as you said earlier, also, when you are more senior, be willing to be a mentor, seek a mentor and be a mentor. Yeah, All right. We still have lots of time together, right? Go ahead. What else we’re doing? Well, I have something that was really hard for me. That I have learned to do is shamelessly is to toot my own horn. Publicized things on social media linked in I mean linked in this huge, you should be putting updates on lengthen. You should be putting like articles. You should be putting events. You’re going, Tio, that is actually really important. And I always thought that it was more like the work that I am doing for this company and if I am doing my job really well, but actually, publicizing that, especially in this day and age, is actually really important in whatever your networks are. So I think that is a piece of advice that applies to any stage of the A career, but particularly mid career and think it’s easy to get lost in the actual have your head down and focus on what you’re doing. But you need to talk about it and you need to get up in person and you need to write block post and nobody really has time for that. But it actually makes a huge difference. The quality, not just what you’re making or the opportunities, but actually the quality of your career experience used on DH. Your point about Lincoln well taken before that, you said tooting your own horn. Well, how do you do that? You go into your How do you do that with your with your boss with like like, Quarterly? Is that you? You, uh, do you rely on the annual or the semi annual performance review to do that? Or there are other times you’re doing it? Yes, so that proactively, that’s a fair question, I think for me personally, the closer I am with someone, the harder it is. Tio toot, my own horn, so to speak. It’s easier to do it more publicly in generically, but I think that I need to do that a lot more, and it just comes down to communication. You win a big deal. You have a great conversation with a client. You call him, you text them, you slack them. You sent him an email, whatever kind of way you mentioned it during a sales meeting, you mentioned it. Turn whatever meeting you’re having being vocal and meetings again. An area that I need to work on and sayings what’s going on. Hey, I had this great day or even I met this great connection that would be really beneficial to our company. Whatever it is, that’s positive talking about it, you know, not holding it in latto things. Nobody knows unless you say it. This is the This is the great panel. And a couple of you have already said I need to be better at this, you know? But it’s hard. It’s hard to actually take the take the steps on. And it’s you know, it’s probably exhausting, too, starting at a disadvantage, but But you’re the great panel and and you’re even saying you know, I need to be I need to be better at this for myself. But consciousnesses know that women are very self critical of themselves. Yeah, that’s true. Wasting no more time. I’m, uh Are there other subjects you’re going to cover that weren’t Maybe we’re not in your session description, which is what I got my notes from. I saw the common challenges. I know we did that personal challenges from the audiences and talk about your own and then strategies for overcoming obstacles. Is there more that you’re doing? Don’t hold back on non-profit radio listeners. Well, like we’re saying, I think we’re going to dive a little bit deeper into our story. So I think everybody here has a really interesting story of how they got to this point. Three of the four of us started off in the nonprofit sector. Part is still in the nonprofit sector. Tammy just crossed over to the dark side. Um, Tammy also comes from an environmental background. I come from a background in conservation. So Sarah’s actually the only one on this panel that came from a real computer science background. Yet we’re all in technology, so I think there’s some interesting points within that. Okay. Yeah. You want to flush some of them out there. Go ahead. Yeah. So I will say, coming from a non-profit background. And we’ve talked about this amongst ourselves again. Sort of the culture of tech. Just so you have glitter eye shadow. That’s right. Just your glasses. Where I didn’t notice it. Even though you’re sitting there like it, it’s Ah, striking. Yeah, Thank you. I just I only because I was lifting up until now. Your eyeglasses covering here? Well, they just write out the eye shadow. Yeah, you could show it off your for those who don’t have the benefit of video, they’re not going to see that. So Marissa has Yes, literally. I’ve been dreamforce twelve or thirteen times. I actually don’t know. In Dream Force is the global sales worth extravaganza, right? And so, you know, like maybe eleven, twelve years into it. You kind of have to like, you really, really have to have fun with it or else you are not happy. So I was going to just bring the glitter for the evenings out, but I figured I could just wear it anywhere. And then I just realized I could wear it to other conferences to nobody here knows me and knows whether I worked litter all the time aren’t hot. All right, So you were flushing something out? Yeah, the difference backgrounds that you bring to today. So I brought you to non-profit, Released lives or culminating this moment Don’t radio. That’s right. And so I would say that like for younger generations So it might not be applicable if you’re a millennial or if your generation z but for my generation sales lorts and exist. When I went to college, the Internet barely existed. I definitely didn’t use a window in high school. You know, a lot of this stuff is new, and so there’s this term of accidental techie that folks like to take on, but I actually think that that term should not be used right. And folks like myself that come from the non-profit backgrounds are usedto lower pays and usedto working for the mission rather than for the money. I also have this. This might applied to folks that are listening to non-profit radio like inclination that once you go into the tech space, you still have to stay at the non-profit salaries. You’re still working for a mission. And so I think that and the culture is frankly grittier. Once you get into the space and I would say it sze rougher. It’s more fast paced. It’s more masculine. And from my experience, then the non-profit fate space, which is often more feminine and so that cultural change for me was really challenging. And I think it can be for a lot of people. And I think it’s also very normal to cross over from one sector into tech because so many people are working attacked. There’s so much need for that. And there’s need for folks intact and people getting poached in to check all of the time. So there is this transitional, a thing that can happen that some of us have experience that can be fairly challenging. Yeah, and Tio Tio, I think, as someone without a tech background who’s now a tech, and this happens to some extent to everybody. But that feeling imposter syndrome can be much stronger when you don’t have a tech background and you’re surrounded by other people who you feel like, Oh my God, Everyone knows what they’re doing. I don’t know what I’m doing. I’m a fraud. I shouldn’t be here that could just make it really hard coming from a different background into the space and then being underrepresented person on top of that. So I got to imagine that in any phase of our life we imitate and sort of we look at other people where social people are social, right by nature. And so when you look up and you see that only three percent of the CEOs in the tech space or Latino you assume that you don’t belong in leadership. It’s just a natural human assumption. So there’s a very big disparity and leadership that we’re also dealing with here. OK, we’ve got about a minute or so left. Uh, Sarah, a partner. You haven’t spoken most recently. Uh, somebody want toe, give us sort of a wrap up and optimism. Uh, either one of you. I tell you what. A partner. You I let you open. I should session say, like you opened. I asked youto open. I did ask you, uh, Sarah, do you feel comfortable with Cem Porting words, Some parting words? Yeah, I think that, you know, it’s I mean, it may sound cheesy, but, you know, you should do what you are drawn to do and what makes you feel good doing it. And if that’s being in technology, whether you’re under represented or not, you know, go forth and be strong and doing it. Look to your mentors. Look to your community. Don’t be afraid. Women. A lot of times they’re really afraid to ask for help because they feel like it makes them seem weak. Do not be afraid to ask for help. You know, ask for help along the way. It’s actually it’s a really great trait to be able to do that, and I think it’s also well respected. So I would say, You know, go forth. Don’t be put off by the fact that it is more difficult. This is the great panel. We gotta leave it. There they are. Marissa Lopez, director of account management at Presence Product Group. Sarah Chico, director of technology Social Impact Presents Product group. Tommy Lau, Senior Sales Force Engineers, Social Impact Presents Product Group and Aparna Kothari, director of technology operations at Global Citizen year. Thank you very much of each of you. Thanks for telling so much. This is Tony martignetti non-profit radio coverage of the nineteen twenty nineteen non non-profit technology conference, and this is brought to you by our partners and act blue Free fund-raising Tools to help non-profits Macon Impact Thanks so much for being with us. We need to take a break. Wagner, CPS. They’ve got a free webinar It was on April sixteenth. That was a few days ago, but you watch the archive. Of course, it’s tips and tricks for your nine ninety. The best part. You’ve heard me say it. Using your nine ninety as a PR tool is a marketing promotion tool. So many people are reading it because it’s so widely available. Ubiquitous. You might say that you may as well not just satisfy the I. R. S because they don’t care what your right and how you used these sections. As long as the numbers all add up, uh, use it as a marketing tool because it’s so widely read by potential donors. Watch the archive of the Webinar Goto wagner cps dot com click seminars. I wish you could click webinars, but you can’t quick seminars. Then go to April. Now, Time for Tony. Take two. Thank you. Um, thanks. Thanks for listening. Thanks for supporting non-profit Radio however you do if you are subscribed on YouTube. Thank you very much. Twitter. Following their joining there, I’d like to say I don’t really like to turn followers some messiah. Uh, no. You’re joined me. You joined me on Twitter. Thank you for doing that. You’re an insider. You get the insider alerts. You got the access to the insider videos. Thank you for doing that. Whatever you do. Uh, what else? Facebook. Oh, yeah. Facebook were still there? A cz disenchanted as I often am with Facebook. Yes. Were there along with four billion other people. So, uh, thank you. Your your fan on Facebook. Thanks for doing that. You shared non-profit radio you shared with your colleagues to share it with your board. Thanks for doing that. Whatever you do. Thank you. Thank you for being with non-profit radio. Now let’s go to our panel for great ideas. Welcome to Tony martignetti non-profit radio coverage of nineteen. Auntie Si. You know what that is? It’s the twenty nineteen non-profit technology Conference. We’re kicking off our coverage right now. This is our first interview of many, many thirty seven to be exact on DH this interview, like all of ours. At nineteen. NTC is brought to you by our partners at Act Blue Free fund-raising Tools to help non-profits make an impact. Kicking off with me, our gods piela Jackson seated next to me. She’s CEO of Echo and Company and Marcy Ride. Marcy is founder and principal of wire media Ladies. Welcome. Thank you. Pleasure. What chorus? Eleven. And your topic is staying sharp. How to create an implement. Great ideas. Yes. Okay, uh, let’s start at the end. More. See? What? What do you feel like? Non-profits could do better around, I guess. Problem solving and idea eating. I think one thing that’s important is getting everyone involved in the whole process on DH have it not necessarily coming top down, but getting all kinds of input coming in. Okay, Stay close to you. Might remember. Stay close to me. Okay? Andi, I’m sure you know, subsumed in that is getting the right people involved. Yes. Identify who they are. Okay, uh, got piela anything. You want to kick us off? Yeah. I think when we’ve been working on projects where innovation is the core of the project, a lot of times, what we encounter is that culture is a barrier to being able to drive innovation forward. And a part of that is because non-profits in particular, have cultures where there’s scarce. Resource is, there’s not a lot of time. A lot of the staff is very overworked. And so the idea of getting together and creating space actually create and innovate is very scary. Because if you don’t get the right answer first, then you might actually exhaust all your resource is you might actually not be able to go on to the next idea. Everybody’s tired of the process And okay, so we’re gonna talk about culture now. This was originally presented at the Harvard University Digital Innovation Academy. Wass by the two of you Just bite me first. Are you okay? In the true spirit of ideas, this is a pilot. Yes, awesome. And also, in the true spirit of Tony martignetti non-profit radio, which is big non-profit ideas for the other ninety five percent. So if you want the ideas that emanated from Harvard metoo listening to non-profit radio and here’s the proof. All right, um, you, uh let’s take what you’ve got you what you want to encourage strong, strong ideas like every day. This is not just for your strategic plan or something like that. This is every day, pre idea creation. So how do we start to make this culture shift? Thinking about breakthrough ideas every single day? Yeah, yeah, I think the most important thing is that ideas don’t come from a predetermined spaces or predetermined settings. So a lot of times, what you need first in order to come up with new ideas, is a spirit of play in a spirit of spontaneity and often times when we’re in meetings, we have laptops were sitting around a table. Everybody’s in a setting where they’re afraid of being the one, not saying the right thing. And there isn’t a spirit of embracing mistakes. And it’s embracing attempts as much as you have embraced successes. But we really need to shift your setting, whether that’s being up on your feet, it’s changing. The environment is going outside, and you really need to bring in a spirit of play and equal contribution to the table in order to just even start. Okay, this all sounds sounds very good, but how do we convinced our CEO that playtime is eyes really question that playtime is appropriate for our idea. Generation? Yeah, it has to be structured and has to be intentionally set to a goal. So normally, when you’re creating this environment, what you’re trying to do is separate the creation of ideas from the refinement of ideas and picking the one that actually can go forward with limited resource is budget and people. And when you actually see ideas constrained and started inside of organizations that they haven’t done enough prep work, enough research to actually ground the session, you’re going to be having an ideation. And then you’ve also tried to create ideas and edit ideas at the same time, which ends up with too much dress. So, Marcie, I mean, when I was in college, I learned this as brainstorming right on DH the first, the first step in brainstorming was nothing was disallowed. Everything ridiculous. Wild but insane was was not labeled as such. It was written on the board. Is that is that an outdated, uh, brainstorming dead? Now, Marcie, you were just calling it a breakthrough idea generation or what? I think the idea of brainstorming in a group is may be dead and time to move past it. I know that we’ve had some success where people are are individually coming up with ideas. And then they worked together as a group to organize and come to consensus on them. And that works pretty effectively. Okay, okay, yeah, yeah. One thing, too, is a brainstorming in the method a lot of people use. It really don’t doesn’t allow people of different types of thinking and different learning styles actually contribute equally. Why’s that? Oftentimes it’s a group of people, and there are questions put out to the room. And then there’s a sort of ad hoc responses to questions. But a lot of people don’t answer well. They need to take time to reflect. They need to have structured activities, to think, to frame their thoughts and then be able to contribute it back to the group. So what end of happening is people who are really good at responding quickly, who are more extroverted and who are better at thinking out loud, dominate the setting and the people who are actually more cautious and they’re thinking and reasoned. And maybe it’s quieter. Researchers don’t have space, but often times have the best ideas, okay, and so you really have to structure your setting. So how do we do? Martin? Marcie, can you start? Give us some tips. How do we structure this to empower everyone equally? I mean, there’s there’s different ways to do it The way loud on non-profit radio when I was what I was thinking of earlier and sort of referring to earlier is something that we do with branding. Exercise is where it’s pretty simple, but everyone has time to write down their ideas on sticky notes. For example, if they’re trying to figure out, you know, how do they come to consensus on what the personality of the brand should be like? And so they have time on their own to come up with ideas in their own way, and then they and the next phase is they get together as a group, and they work together to figure out how to organize these ideas into categories and which categories are the most important and in the process of doing it, they have conversations about why they’re making those decisions, and it’s really effective in getting to consensus with the whole group that includes often like the CEOs down to the the marketing assistant. Some of the audience. Sometimes it works really well. Okay, um, stick with you, Marcy. Had you mentioned the CEO? How do we get our CEO onboard with this is culture change. What would you say? Way? Tell listeners to say what one of my favorite sort of go twos is. There’s a psychologist called me. Holly Chick sent me. I and don’t ask me to spell it, but he way, having asked you to say it a second time, he came up with the concept that’s called Flow. And it’s the idea of being so fully engaged in something that time passes freely. You don’t notice the passage of time on DH, you do it very. You do your activity very well because you’re completely engaged in in the moment on DH. Then there’s information. There’s data somewhere that shows that you could be more effective. When you’re in a state of float, you get more done. You do better work. All right. What if our CEO says sounds very metaphysical, but how are we going? Toe You wanted me to give you want You want me to get our team into a flow. What do I need to do? What we need to do? Well, I think that’s what God Cielo was recovering Teo earlier about having a structured format that gets them there, and that puts them in the moment. Okay, if you can also drive if you can drive that conversation towards operational efficiencies. So what actually happens when you make this culture shift is teams are happier. They feel more productive. They’ve created space to come up with better ideas. They also embed research into the process that we didn’t really talk about. How you prime yourself for the session before you start. But the idea is to go out to your audience, understand the mission, understand the people you’re serving, actually get input from them so staff can be representative representatives of the end constituent in the room. What actually happens is staff tends to get way more re engaged in the purpose of the organization and the mission, and, uh, and then they start putting in more qualitative hours during the workday. So it’s not showing up in just doing the usual work, which is very important. It’s creating space to do work better and being really connected to how you actually scale the mission a little bit more and you can actually map it. Tio outcomes that looked like revenue looks like costs. It looks like decreased costs and recruiting staff and keeping staff. It looks like decreasing the amount of time that is spent to get better ideas. And then it’s actually having a spirit of trying a lot of things. Picking the best ones, replicating them, maturing them and turning them into programs so the organization itself can grow in a non haphazard way can grow very intentionally around the efforts. All right, I got to take a break. Tell us the passive revenue stream. You want fifty percent of the fee. When cos you refer process their credit and debit card transactions with Tell us and all that fifty percent of those tiny fees it adds up. That’s the long tail of passive revenue. You don’t work for it. That’s passive. Get passive right passivity. The passivity of the revenue. The Explainer video is that Tony dahna slash Tony Tell us, watch it, then have the company’s watch it, then make your ask. Would they switch to tell us and then tell us we’LL we’LL work with them, right? You go to Tony dahna slash Tony Tell us now Back to Gutsy Ella Jackson and Marcy Ry Way. If we’ve made the case on DH, we’ve we’ve had our first. This’s not just like a single session. It doesn’t sound like you know, you said some people function very well in one hour setting. They think rapidly, and other people need Teo. Be more considerate. So we’re talking about something that’s not just a one, a one off ideation session, and then we moved to the next step or something. You know, we start going down. It’s a longer term. Yeah, Usually the cycle is a research and prepare. Then idee eight. Then concept test concepts figure out which ones are the best. Replicate those and then a couple times, and then the ones that prove themselves than mature them and continuously start that cycle over again. That can be a sprint in a matter of two weeks. Or it could be a longer term programme in a matter of months or a year just depends on the complexity of the problem that you’re trying to solve. Okay, and then eventually the goal is that this becomes very natural. And so that that then you are doing this in every day, decision making. But it’s happening obviously more, more rapidly. We can spend two weeks on every decision. Yeah, and then the other thing that is very beneficial for a leader is a part of the process. Is teaching staff to learn how to pitch their best ideas to leadership in a way that leadership can then go pitch that to board members and thunders and things like that. And so you actually want at the end of it, you want to go knothole process so you can prove your pilot. You can pitch it to the executives, they could go pitch it to the board, and it’s founded in research. So when the board is arguing about the marriage of that or questioning the merits of that, they’re arguing with numbers and evidence and not with people and ideas. So you do want to push out of the ideas phase into evidence, but the process allows you to do that better. Okay? What brought you to this work? Initially? A good question. It only took me twenty twelve minutes e-giving dancing question out. I’LL try harder next time. It’s marrieds are getting So I started in journalism when newspapers were falling apart. Somebody said, Who wants to learn? HTML and I did, and I ended up in technology. But I ended up in technology doing big Web strategy for organizations that had thousands of people, lots of micro sites. They kind of had homegrown technologies. Everybody had their own budget. All of the technologies were decentralized, and people were had an appetite to consolidate all of that. And I started in organizations trying to do it from a Strat from a consulting perspective. And it didn’t work because you have so much change embedded in the process that if you don’t do the work to get people excited about process and excited about the ideas, they’re not going to be able to understand or commit to the amount of change that you’re asking them to go through. And so I just got really excited in that I studied design thinking, which, uh, it’s a It’s a way of solving unknown problems, using a lot of co design with people who are going to be the end beneficiaries of the solution and it’s actually built on improv. So the the for the, um, the art form of improv has a central concept. And yes, and exactly why do I have done in problem taking improv classes? And I use it in my stand up comedy? Yes. And you surrender or fishes? Yeah. Alright. And so it was just and I’m involved. I’m on the board of Washington Improv Theater in D. C. I’m very close to that work. And I could mind at UCB Upright Citizens. Yeah, And in these working Alan Alda actually created a organization. I think it’s called the Center for Compassionate Communication. We goes into mostly scientific organizations, teaches them improv and completely sort of read, helps them re imagine the way they communicate with each other and the way they communicate externally. Kruckel mostly. What drew you to this work? What drew me to it? Yeah, it’s kind of the opposite track. I guess I started working more with smaller organizations that had few numbers of people that needed to do a lot with a little on DH. So it was starting to think about how can we get there pretty quickly and then, you know, my background is more designed, technology oriented. So I kayman things from that perspective and started seeing that some. You know, some of the problems pretzel is talking about where change management issues on the on their staffing side and how their processes were creating problems for the project we were doing. And that got me interested in trying to fix it. Yeah. Okay. And so you apply this for your clients? A wider media, Okay? No, the ones that are willing, the ones that are willing. Okay. Okay, um see, choosing implement. So let’s talk about choice now choosing, choosing the options that we’re goingto way. Just choose one. First of all, we’re really choosing one of the many or we’re choosing half a dozen. How do you know who knows best this? I mean, that’s where I think pitching, pitching it is important and making a case for who is going to serve, what the outcome is going to be and why the commitment of resource is worth the eyes worth the investment. And so I can I think it just depends on the problem you’re solving and whether or not you want to try different things in different context to be able to compare them. There’s a lot of different types of research that you can do in our field. We kind of break it down before the first one is explorations. If you’re just trying to explore a concept, you do kind of many things that you, Khun, see how people would solve problems in their own world in their own words. And then the second one is, once you’re kind of headed in a direction, you do assessment testing, and that’s kind of figure out. You come up with a concept, and how close did you get it actually solving things the way that they that someone might want it to be solved, and then it just gets more formal from there. Once you have a finished design, you test that once it’s live and in production, you test that. So it really depends when you’re in this exploration phase. You wantto do the right amount of exploration to hit the appropriate audiences. We always do and use their definition first. It’s like there’s no point in doing anything unless we design for the people who are going to be using it, and that could be fifty different types of audience groups that could be too. And so that kind of dictates the how much work you do in that, um, who can give me Marcie, Can you give me some examples of problems that were that you’ve seen your client’s solve using this method? What types of decisions are we talking about? Well, I mentioned earlier, like coming up with branding characteristics for a new brand or something. Another one might be So something we’re working on now actually is women organization has lots of different kinds of information that they want to share with the world. And they want to put that on a website or some kind of application. How do you structure that? So that the people that need that information can quickly and easily find what they need, you know, and you couldn’t think of a million different ways to organize data or content like that. But doing the right kinds of testing at the right time really helps you with the audience focus, right? Really helps you make sure that you know the person who needs the particular piece of information gets it quickly and easily. Yeah. Um, you said in your session description that the best ideas are often undiscovered. Why why is that? Is that because, Well, you explain me. What? Why why do you say that? Um, well, we see it in different ways in different organizations. But my my general sends is that the people who carry some of the best ideas because they were the closest to the people that are being served aren’t in the room. When ideas are being created on and you don’t you don’t necessarily know by instinct. Who in your organization has the best ideas? I think the best thing you can do is an executive is go ask around for who kind of is the most pioneering who’s willing to drive things forward, who’s really good at people and marshaling resources towards a common end who’s really good at just guarding that. The innovation aligns to the mission. You have to have all the four types of those people to be able to get to a good idea, and oftentimes you’re just leaning on leaders to come up with a Biggins up inspiring idea or your leading on on leaning on staff or overworked a busy and they don’t have time. We use a formula where we kind of look at the amount of time that staff members are spending on different types of ideas. There’s bread and butter ideas that’s like your daily to do list. I always say that that’s like a goldfish. It’Ll grow to the size of the pond, so if you have a million hours, your to do list will grow to a million hours. The second type is building boost ideas, and so it’s creating a little bit of space to do something that requires a little more coordination, a little more effort. And from that, you often times can get what the third category is, which is breakthrough ideas. And that’s like big ideas. You spend a lot of time developing and nurturing, and most organizations are just stuck in bread and butter. And so there’s not enough intentional time carved out for the other two types. Time for our last break text to give Diversify your revenue by adding mobile giving. It’s not on ly for disasters. It’s not only for small dollar. Donations is not only through the phone company lots of misconceptions. You can allay those you can. That’s the Lei is more for fears. You can slay those misconceptions you can. Ah, eliminate. Seems kind of easy, but you can’t eliminate the misconceptions. You do that by texting NPR November Papa Romeo to four, four, four, nine, nine, nine Just do it and the misconceptions will die. We’ve got several more minutes for great ideas with Nazi Ella Jackson and Marcie Ross marchenese doing doing a lot of nada. Anything you want to add. What? I mean she’s right. Yeah, yeah, yeah. Okay, Information. Affirmation is a part of the process where it fits in rewarding people for being courageous and putting an idea out there that they’re hesitant about because the bad ones are as good as the good ones. The bad ones prime you for a better one. So it’s funny. I spoke on a panel two high school girls in stem on Monday before I came here, and they asked us a question. What will we go back and tell ourselves in high school? And mine was Don’t measure your don’t measure yourself to the success. Measure yourself to the attempts because we’re hardwired to learn from mistakes and failure, and sometimes we just get obsessed with what success looks like. But it’s better for us to try a lot of things and write things. And eventually we’LL we’LL hit a couple that are really good. I should have asked you, Is there a client story or two you want to share? Yeah, I’LL try to share one short red quickly So way work with organization in Washington, D. C. Called the Newseum. They’re pretty well know. Yeah, so they focus on their mission is to advance media literacy and education about our First Amendment freedoms. And years ago in twenty fifteen, they indigenous to just kind of redesign. A very simple website had about ten lesson plans and some PDS and some videos and way got in there with them. We did some ideas, ideas, princessa sessions, and we asked them why what teachers were looking for. And teachers were really preoccupied with not being able to teach current events in the classroom with curriculum that helped him deal with sensitive subjects and then with the materials to help them teach it. And so we started doing a ton of exploration, and we realize that the museum was sitting on this goldmine of thousands of artifacts that had to do with historical references to politics and media and also contemporary references. And when we went to talk to teachers, we realized that we needed to not redesign the thing that we were hired to redesign. We needed to create a completely new platform that was one hundred percent dedicated. Teo serving media literacy curriculum teachers in the classroom. So they making all these resources available to them for free indexing. Okay, Yeah. Driving. Yeah. So we pause that project way. We created a platform and a brand. So before they were just a department and then they were the Newseum. Ed, Uh, they ended up getting a major funder commitment for five years to be able to build this platform that’s still growing. And they went from eight hundred users to one hundred thousand users in about three years. How did the breakthrough process contribute to that exponential growth in usually So there was like a very cinematic moment where I walked down a hallway with something on a sticky note. It was like we need to do this, and honestly, they have. They had a vice president of education, and I think she was a director at the time. She is exceptional at pitching ideas and leading her team. And she took that idea on the sticky note. I think, to the CEO of the Newseum and said, We need to do this This is central to our mission. If we don’t do this, somebody else will do it. We’re going to miss the opportunity. I will lead it protects her effort into it. I will find my own funding for it. I just need your support. I need to be at the executive table to have conversations about this. I need to be ableto talk to the board and understand their support in this. And they did. That kind of shifted the department. She ended up sitting thie executive on the executive team and she really did. She was a visionary and she drove it forward, including this decision making process. Yeah, including this decision making process. So we launched a like what we kind of call the beta of that platform and twenty fifteen didn’t have enough resource is and we knew that we were to achieve what we needed to We needed a road map. We wrote that so she could go get funding. And then we actually relaunched it this year, a major version release again with a lot more committed funding. And so it’s it’s growing from there. I hope it around for a very long time. Um, Marcy, how can we be sure that the idea that is going to be implemented remains intact through this through this? I don’t wanna call a tortuous process, but through this through this process, like, how do you ensure that you stay true to the idea that with the solution that was chosen through implementation, I think that comes down, Teo, the idea of having a structure and a specific process that you go through and you stick to it and you don’t let you know random outside ideas come in and derail that you stick to the formula that you’ve decided to use from the start. Um, we still have another, like, two minutes or so together. What, uh, what more can you say about you? Have a ninety minute. How long of the sessions on our or ninety minutes? Fifteen. Okay. Somewhere in the middle. So you got You got seventy five minutes on this topic. What? What can we say for another couple minutes? Yes. Oh, I am going to be fun. Yeah, so? So majority of the session is going to be a game, and I feel like that’s really important because you have to be able to bring a spirit of play and fun into it. Okay? And it’s going to be a man activity that helps you figure out you have a listener’s listeners can’t be on the game. Okay, so what else can we talk about this topic that listeners can benefit from? So it’s based on a model where there are four types of ideas and you can think of it as a ladder and you have to run your idea of the ladder. And the first question is, Is it useful? Is your idea useful is something that you can move forward If it if it’s yes, then you go to the second question. And that is, uh, is it rare? Is it valuable or is it rare? And then, if you get it, if it’s no, you’re you’re filtering out your ideas. If you get a yes on the next is is it difficult or costly to replicate? Can you only do it because there’s something about you and your resource is where you can achieve it. And if you get yes, you go to the last one. Which is is it designed for lasting value? And those air Four questions you can ask about every single idea. And what you’re trying to do is weed out the ones that don’t hit all four questions. Yeah, would you say Yeah. Yeah. And then the ideas, Teo, the idea is to present your idea to Piers or to other people involved and get their input on whether or not you’re asking them those questions. You’re not asking it of yourself. You’re asking the other people you’re working with. You’re asking this team right in each of these four questions. Okay? Yeah. And then what? Do you have a minute or so That what happens if multiple ideas? Well, then do. Then you start to co implement, right? Yeah. Move them all through the process. Yeah. Here, you pick one that seems to have the most merit. You’re going forward with that one? Yeah. It is kind of like the U size, the decision to the organization, But I think just going through that exercise will get you either a stack of all those really lasting value ideas or not. Okay, well, don’t leave it there. Thank you very much for naming my pleasure. They are gods piela Jackson, CEO of echoing company on Marcy RAI, founder and principal of Wire Media. You’re listening to Tony martignetti non-profit radio coverage of nineteen ninety seethe uh twenty nineteen non-profit Technology conference in Portland, Oregon, on this interview Like all our nineteen ninety seon reviews brought to you by our partners at Act Blue Free fund-raising tools to help non-profits make an impact. Thanks so much for being with us next week. Maria Semple returns. If you missed any part of today’s show, I beseech you find it on tony. Martignetti dot com were sponsored by pursuing online tools for small and midsize non-profits, Data driven and technology enabled Tony dahna slash pursuant capital P by Wagner’s Deepa is guiding you beyond the numbers. Gregor cps dot com by tell us credit card in payment processing your passive revenue stream tourney dahna slash tony tell us and by text to give mobile donations made easy text NPR to four four four nine nine nine our creative producers. Claire Meyerhoff. Sam Liebowitz is the line producer. Shows Social Media is by Susan Chavez. Mark Silverman is our Web guy, and this music is by Scots. Dine with me next week for non-profit radio. Big non-profit Ideas for the other ninety five percent Go out and be great lorts You’re listening to the Talking Alternate network e-giving Wait, you’re listening to the Talking Alternative Network? Are you stuck in a rut? Negative thoughts, feelings and conversations got you down. Hi, I’m nor in Sumpter potentially ater. Tune in every Tuesday at nine to ten p. M. Eastern time and listen for new ideas on my show yawned potential Live life your way on talk radio dot N Y c Hey, all you crazy listeners looking to boost your business. Why not advertise on talking alternative with very reasonable rates? Interested? Simply email at info at talking alternative dot com Thie Best designs for your life Start at home. I’m David here. Gartner, interior designer and host of At Home Listen, Live Tuesday nights at eight p. M. Eastern Time. As we talk to the very best professionals about interior design and the design that’s all around us right here on talk radio dot N. Y c. You’re listening to Talking Alternative Network at www dot talking alternative dot com now broadcasting twenty four hours a day. Are you a conscious co creator? Are you on a quest to raise your vibration and your consciousness? Sam Liebowitz, your conscious consultant and on my show, that conscious consultant, our awakening humanity. We will touch upon all these topics and more. Listen live at our new time on Thursdays at twelve noon Eastern time. That’s the conscious consultant. Our Awakening Humanity. Thursday’s twelve noon on talk radio dot you’re listening to the talking alternative network hyre.

Nonprofit Radio for January 4, 2019: Stay Secure In 2019

I love our sponsors!

Do you want to find more prospects & raise more money? Pursuant is a full-service fundraising agency, leveraging data & technology.

WegnerCPAs. Guiding you. Beyond the numbers.

Credit & debit card processing by telos. Payment processing is now passive revenue for your org.

Fundraising doesn’t have to be hard. Txt2Give makes it easy to receive donations using simple text messages.

Get Nonprofit Radio insider alerts!

Listen Live or Archive:

My Guest:

Jordan McCarthy: Stay Secure In 2019 
Let’s resolve to keep our technology and data safe in the New Year. Jordan McCarthy will help. He’s with Tech Impact and he’s got simple, proactive measures for the short term as well as bigger long-term initiatives for your consideration. Stay safe!



Top Trends. Sound Advice. Lively Conversation.

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.

Get Nonprofit Radio insider alerts!

Sponsored by:

View Full Transcript

Transcript for 420_tony_martignetti_nonprofit_radio_20180104.mp3.mp3

Processed on: 2019-01-04T22:17:46.089Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2019…01…420_tony_martignetti_nonprofit_radio_20180104.mp3.mp3.454052384.json
Path to text: transcripts/2019/01/420_tony_martignetti_nonprofit_radio_20180104mp3.txt

Oppcoll. Hello and welcome to Tony Martignetti Non-profit Radio Big Non-profit ideas for the other ninety five percent. I’m your aptly named host. Happy New Year. Welcome. Welcome to Non-profit radio two point zero one nine. Whatever the hell that means. Welcome to the new Year. Oh, I’m glad you’re with me. I’d suffer the embarrassment of Pem Fergus Arithmetic. Assis, If you made me face the idea that you missed today’s show, stay secure in twenty nineteen. Let’s resolve to keep our technology and data safe in the new year. Jordan McCarthy will help. He’s with tech impact. And he’s got simple, proactive measures for the short term as well as bigger long term initiatives. For your consideration, stay safe on Tony’s Take two Time to be an insider. We’re sponsored by pursuant full service fund-raising data driven and technology enabled. Tony Dahna may slash pursuant by Wagner CPAs guiding you beyond the numbers regular cps dot com. Bye. Tell us Attorney credit card processing into your passive revenue stream. Tony dahna slash Tony Tell us and by text to give mobile donations made easy text. NPR to four four, four nine nine nine How police to welcome Jordan McCarthy to the show. He is infrastructure and security lead at tech impact. He works with organizations of every shape and size from three person grassroots advocacy groups to three hundred plus Persson social service providers to help them figure out what kinds of technical tools, analyses and strategies will maximize their social impact. Yes. A decade of experience and systems and network administration, technical writing and education and technology policy analysis. Tech impact is at tech impact dot org’s and at tech underscore impact. Welcome to the show, Jordan. Thank you so much. It’s a real pleasure to be here. Thank you. And happy New Year. Oh, you as well, Thank you very much. Thanks. Um, Tech impact is Ah, non-profit itself. What? What are you doing there? So quite a lot. We are an interesting organization because we have the heart and soul of a non-profit, um and to some extent, you know, the constant, you know, running from one thing to the next. But we provide services in the style of a more traditional tea shop to other non-profit. That’s not the only thing we do. We actually have several arms, one of which I’m really, really fundez works arm, and they’re sort of a more traditionally non-profit ah division that does workforce development in Philadelphia, Wilmington in Las Vegas. I bring in underserved young people and giving them a solid foundation of skills in its various kinds of support and allows them to go back in their communities and give back and start off on really solid careers. But, um, I was out of the house. We provided all sorts of technical services advising, consulting, implementations and an ongoing support. Two non-profits of every shape and size. And what we do for each non-profit really depends on who they are and what they need. So we try to meet folks where they’re at and, you know, get a sense of who they are and then sculpt a package of services, whether ongoing or short term. There really helps them be more effective at whatever it is that they do using technology related. Yes, exactly. Right. So you know, we aren’t necessarily going to help for supply cars, but anything related to information technology. It pretty much falls under arm broke Now I saw that in training you partner with Idealware Idealware Sze CEO Karen Graham is bound to show a couple of times. I’m a big fan of Idealware. Did I see that right? You You do some partnering with them? Actually, yes. And we’ve partnered more closely than ever because we have actually merged with Idealware second back and idealware. Yeah are now basically part in parcel of the same organization. So we are tremendously excited about that, Looking forward to working with Karen and her team to really redouble our efforts in the area of education and training and really trying to get people empowered to do some more of that stuff on their own. So they don’t have to, you know, exclusively, Rely on, you know, chops like that Come back. We will be here still that people need us. But we want to give people a much much of the tooling and resources that they I can stomach so that they can be as effective as they can on their own looking Look at Non-profit radio outside the loop. I did not know that you had merged. Is there going to be a common name? But between you and idealware. So they are, I believe now, but we’re keeping the name check impact it’s sort of, you know, it’s It’s a nice broad umbrella Idealware is keeping their name is well, but I think there now, you know, one of our major flagship. Yeah, Not not. I don’t know what we’re calling it the subdivision because they are, you know, really powerhouse in their own right. But they’re a member of the family. Let’s say OK, how recent is that merger that I that I didn’t know? Only in the past couple months. Oh, good. Okay. I don’t feel so bad. All right. No, more like two or three months behind. Oh, that’s not so bad. I’m still reading the newspapers from October then. Okay, Trump. Um, So you want to see, um, social progress? You say that you want to see social progress shaped technology usage, not the other way around. What do you feel like? Non-profits are not doing as well as they as well as they could in this. That’s very interesting and complex questions. All right. What we have in our you know, I mean, we go. Don’t take. Don’t take a full hour on it, you know? But now I don’t know if we have time. You don’t want the one you don’t want to tail wag the dog? Yes, exactly like that. One of my personal driving philosophies, that sort of really, um they put me where I am today through various stint in higher education and the D. C think tank world. And what I know what that means to me. I think, is that I see, you know, technology is everywhere in today’s world, and we’re doing a lot with it. But a lot of what’s being done is not all that socially oriented, right? You know, I several years ago was already sort of concerned about what Facebook was doing to all of us. And now, you know, come two thousand eighteen and we get a really big download of exactly what’s been going on there and how they have not really been all that interested in doing good by the world on. You know, Facebook is obviously the bookie man of the day. But you could look at any big tech company, really and and ask. Okay, well, how much of this is socially relevant? And to be fair, many of these cos I do have a lot of really powerful, um, philanthropy arms, and they do a lot of really good work. But at a zoo community, I feel like the technology space isn’t as focused as it should be on solving the really big problems that we face as a society as a world, you know, matters of civil rights and environmental destruction so forth, Um, and I think that the non-profit community really does tackle those problems day in and day out. You know, that is their core focus. They’re kind of safety net providers in the whole bunch of different spaces where you know other sectors just aren’t quite stepping up. And so what I would really like to see is a fusion of the spirit and the really innovative thinking in terms of social development and progress on the non-profit side and be able to fuse that with the you know, really, under a nouriel creativity of the technology space so that we can see maur tools, Mohr types of work that leverage this tremendously powerful tool kit that we’ve developed over the past twenty years or so to really maximize the number of people who can be reached by a particular social intervention, you know, the number people who are aware of various pressing problems really raise the level of engagement. OK, tidy as a whole. Uh, Jordan, I want Our people are not only more aware of what’s going on, what’s really important, but that they also empowered to do something about it. That’s meaningful. Unhelpful. Okay, we got to take our first break, but I want to continue this thread of the conversation talking about Cem Cem. You know, idealware non-profit technology network and I feel like there’s we’re making inroads to this, but time for a break right now pursuing two New resource is on the listener landing page. The field guide to data driven fund-raising is practical steps to achieve your fund-raising goals using data and they’ve integrated case studies included and demystifying the donor experience guide you through creating a donor journey. That donor journey map plus savvy stewardship strategies. You find those two resource is on the listener landing page at Tony Dahna may slash pursuant capital P for please. All right, now, back to stay secure in twenty. Nineteen. Right. Jordan sometimes might take these brakes. I forget where we were, but I did not forget where we are. This time. But future breaks, I may ask you, Teo, be my crutch. Remind me what? That we were just talking about. OK, so where you want to see this fusion between social progress and the technology tools that can enable it support it? We’re making inroads, though. I mean, there’s there’s tech impact. There’s a non-profit technology network there’s idealware. Let’s see, I just had a guest on and Mae Chang a few weeks ago talking about instead of lean, startup lean impact, you know, howto iterated and learn fast from buy-in in your in your non-profits. I mean, that’s sort of ah, that is broader than just technology. But she was taking that technology that that tech startup theory of lean impact from Eric Reese and applying it here to non-profits. I feel like we’re making inroads, right? Oh, yeah. Okay. Which is not where you want it or not, where you want to be yet, right? I think you know the corporate world is really good about innovating rapidly and figuring out new things, Teo. New products to bring to market and new ways to capture the public attention and so forth. I mean, there was really good at it. That’s what they do. And I feel like the non-profit and civil society space. You know, it’s so focused on its core work, which is some of the most important work being done out there, right? You know, it is life saving work. It is world saving work that they don’t necessarily have much time to throw at considerations that might seem, in some ways, like overhead. You know, obviously fund-raising that one is a given, right? Everyone needs to do that. Yeah, but way. I’ll know that mandate all too well, but there are other things that are perhaps equally important, like keeping abreast of what opportunities are out there in the way of technical tools that could really help, you know again, reach more people or make your operations more efficient or save money or saved. The’s are all important investments and unfortunately, overhead. Gotta bad label several years ago. But, you know, Ah, non-profit radio were always bristling at that. That that thought that, Oh, you know, if it’s not direct service related, it’s wasted money and people won’t. Our donors won’t understand it on DH. They’ll think that we’re not good stewards of the money that they give us. That’s that that thinking has got to go out because we’re talking about investment in your organization and your people and in the services that you’re providing. That’s exactly right. Yeah, I mean and invested time and money to end up with a better, more efficient, leaner you gnome or impactful and state like that’s just there’s no way around it, right? I mean, you can’t deny that the most Well, I was gonna say most admired companies, Let’s just say the wealthiest cos whether they’re most admired. That’s ah, value judgment, but that you can’t deny that they’re constantly investing in in themselves in their people. Amazon, Google, Facebook. Was that Fang Netflix? You know, the company’s heir, constantly investing in technology, and there’s a lot of lessons to be learned in those types of investments. Oh, most definitely. And I think you know, I I also share your frustration with the whole idea that overhead is a bad thing because you know, it doesn’t matter and you know not to stare at their do it, Lee. But information security is often seen his overhead right. It’s something that you have to deal with on a regular basis. You know, you do it right. It’s always in the back of your mind and always take some resource is an attention, and you don’t really see immediate, tangible benefits because by definition, good security is not getting broken into right. And it’s hard to measure the value of a negative. I know, until, of course, you do get broken into and you see just how bad it can be. So I completely agree. I think overhead is a sort of A I wish it were not a bad term, but since it is, let’s get rid of it and call it something like, you know, core structural support, investment. That’s what investment you’re investing. Exactly. Yeah, that’s even better. And people understand that. And you’re asking people to invent me? If you’re talking to donors, you’re asking them to invest and you’re investing in the work that they’re investing in. You just give it to you, and you invest duitz. Okay? All right, Let’s school. Good. Uh, love that opening. So let’s let’s get to some some details. Tech impact has this excellent resource which we’re goingto sort of talk through. So if you could just goto tech impact dot or GE, is that the way to get it? I got it. But I forget, how did what did I do? You go to Tech Impact or GE. And then where, then Eleanor website. There’s a whole bunch of menus, and there’s a menu item for things that we do on underneath that there is a security section and I’ll go there. You’ll get brought Teo Page that ask you for just basic information. And then you get a quick security checklist of the top things that you can do is a non-profit or honestly, for that matter, as any kind of organisation or even a person to be safer in a world that is getting less safe. Okay, Yes. And I I want to thank Thank you that I appreciated that it was very minimal information that you asked for sometimes to get the resource, you know? Yes, it’s free. But you have to give up your your physical address. Ah, phone number. You know, I bristle it that for this resource, it was this name and email. That was it, that’s all. And that’s all I asked for When people join our list. Name and email. So thank you for that. Thank you for not going overboard with data collection. You know, I mean privacy, because then you have to preserve lead right to you. If you take my address, then you will have to preserve it and secure it. All right, So we’re gonna get to that. OK? Eso what kinds of risks are you concerned about your welcome to share client stories. I know you. You know, you do direct work with clients non-profits clients. So what types of risk air you seeing? So I think I unfortunately have gotten pretty Harry particularly. I would say over the past year, twenty eighteen was not a good year in so many ways. So what we’ve seen is that, ah, the tax that previously were targeted, let’s say, mostly at bigger fish especially, you know, corporate fish are now coming downstream to smaller organizations. And that is ah, indicative of AA few things. One important thing to understand about the space of ideas, security or insecurity, if you like, is that it is and has been for a while. It is dominated by big, actually corporate actors. I mean, These are international crime syndicates who exist in their their core business model is to break into other organizations and steal their intellectual property. Used there are rather abuse their infrastructure. For other, you know, malicious reasons just generally do as much damage as possible. Like steal half a billion addresses and credit card numbers from it was, Well, Marriott, Whatever the weight of a company emerged with Marriott last year. Spring him not Spring Hill, but Starwood Starwood, right. Half a billion addresses, credit card, a data passport information for some people compromise. And that’s just one example of yeah, well, you go back, you know, even a couple of years. And, you know, many, many big names just, you know, fly off the pages of a Home Depot. There was target argast, you know, the Office of Management and budget in the federal government like you be. These attackers have targeted very successfully the some of the largest institutions out there that have truly massive databases of personal information. But Betsy’s coming down, proceed. You Ah, go and steal people’s identities or you know what? They generative process, right? They take the information that they’ve stolen, and they use it to try to extract as much value from that data set and then build dated today to set further. So they might use those emails to send more spam, encouraging people to log into a fake. You know, Google, Sinan Page or something and thereby build their database even further on. And they really refined this. It’s not a technique, it’s a hole. World of techniques, really. It’s a business model over several years. Two at the point where it’s really a precision engineered process, and they have a specialization. They’re different parts of this black market ecosystem that specialize in breaking into accounts. They’re different ones that specialize in spamming. They’re different ones of specialized in setting up and distributing attack tool kits that make it even make it easy for people to start performing these attacks. So there’s a lot of specialization, a lot of a lot of different firms engaged in this process, and there’s a CZ. You pointed out this billions of dollars to be made in compromising organizations. Now rhetorically again. And even now, of course, the Holy Grail, if you will, is to break into a target or a Home Depot or something because they have millions upon millions of records, latto payment information and so on. But of course, you know, this is an arms race, and so the big companies have gotten somewhat better at securing themselves. Many of them have been hacked and therefore have been paying a lot of attention to their borders and making sure that you know they’re relatively safe and At the same time, the attacks have gotten cheaper to run because they’ve been systematized and really reached a sort of industrial level of scale, which means that it is easy and cheap to run attacks against smaller and smaller organizations profitably. And so that’s exactly what’s been happening is that, um, these very sophisticated attack tool kits and procedures have been used to go after smaller and smaller organizations. Ah, and another important thing to understand is that most of this work is not at all targeted. It’s very opportunistic. So you know, a. A big crime syndicate will get a big list of E mail addresses by way of breaking into a company’s database. And you know, there’ll be all sorts people on that on that email list. You know, private individuals, partners of the company and so on. And the attackers will just use that database and send out fairly generic phishing emails to everyone on the list on the assumption that sure most people will recognise this email that’s coming in is not actually asking to reset their Gmail password. But even one percent of the people on that you know, many million person list do actually take the bait that represents thousands and thousands of more accounts they’ve just broken into and a hand that can now use to execute even more attacks. And so there’s a lot of daisy chaining that’s going on here a lot of building on prior work or prior attacks to create even Mohr devastating attacks that target even more people. And so the non-profit space is sort of squarely in the sights of this black market ecosystem now. And so, you know, at any given day I c e mails coming in both to Tech impact itself and to our partners, who then forward them on to me. You know, maybe somewhere between five and ten fairly well crafted emails. Ah, on all sorts of subjects. You know, some of them say your Gmail account has been compromised. Please click here to reset your password. I saw a brilliant one just yesterday purportedly from American Express saying something is wrong with your card. You need to click here to review some another as transactions. This email wass spectacular. He had all the right branding. It was formatted exactly right. All of the links in the email even went to valid American Express Web pages except the big click Here button, which set you to the attack Paige that tried to get you to divulge your log in information for your American Express account. You’re saying that was very high level of sophistication mary-jo right now, very hot again, basically targeting everyone at this point. Okay. And that was very high quality, so very equality. And I mean, I think the big theme is I have seen a steady progression of the quality. So it started out, you know, in let’s say, Well, that’s a year ago, January of last year, Most of the stuff I was seeing was pretty shoddy, right? It had lots of spelling errors, very little in the way of visual branding. Um, you know, the formatting was terribly off. The email address didn’t look even remotely convincing. But you know the email I got yesterday again, everything about it was perfect. Except that one button and even the button. I mean, it was, well formatted. You would have to actually hover over it and noticed that the link point somewhere other than an American Express. But Paige Teo be able to tell that anything was wrong. Okay? S so natural. You know, next question is, what the hell are we going to do about this? So you’re you’re resource papers, got ideas, and you really want to start not with the technology, but with your people. Exactly. There’s a misconception in the general, you know, world at large that because this is a high tech problem, it must have Ah, hi tech solution. And more to the point that you know that high tech solution probably going to cost a lot of money. And it is true that there are some high tech solutions out there or I wouldn’t call them high tech. I would just call them, you know? Yes. Technical solutions. None of them are that involved. And, you know, you shouldn’t have to pay that much, if anything, for most of them. On the most effective solution to this kind of problem, um, is getting your team, your staff on board with the project of keeping the organization’s safe and helping them to understand just how pervasive and sophisticated the threats really are. You know, it’s hard to get a bunch of dedicated, hardworking, you know, non-profit staffers into a room for an hour and get them to listen to a lecture on you know how they need to care about security. You know, for all the reasons we talked about you so much rather be getting their work done. But if you can get your team to understand that this is the risk Israel, the threats are, you know they’re significant and growing. I get people to just adopt a stance of reasonable vigilance, you know, not full blown paranoia, but just being a little bit, you know, thoughtful about everything they click on, whether it be an E mail that comes in from that they weren’t expecting, even if it comes from someone they know. Because part of this whole like iterative process in the attack space is that attackers will break into an email account and then send emails to every single person in that now hijacked account’s address book so that the emails do, in fact, come from someone that that person know you can’t even now just say, Oh, as long as I know the person, it’s fine may very well not be fine because you maybe not. But when you open an email and you’re not expecting it. And I’d ask you to go. You know, you this special report that, you know, if for your eyes only and what not especially if the person that you, uh, get this email from would never write that way. That should be a red flag. And similarly, whenever you’re browsing online, you need to be vigilant about what you click on you. No, don’t click obviously, on anything that says you’ve won a thousand dollars, because that is never true either. It’s certainly not true in real space, and it’s doubly not true online. And, you know, you always just have to be a little bit, you know, a little bit suspicious in back of your head. Think, Okay. Could there be another you No ulterior motive here? Like what? What’s the agenda of the person who sent me this thing or, you know, showing me this web page? Um, you know, is that someone I trust on? Do I have some context for why I’m being asked to enter my password here or provide this information Or click on this button? Um, is this going to do what I wanted to do? And if you can adopt that kind of a mind set and get your entire team to adopt that kind of a mind set. You become exponentially safer than most other folks around. Because this is a new mindset. It’s hard to shift your thinking, particularly the non-profit space, where we operate largely on the basis of trust. Right? You know, we have a lot of partners. Uh, you know, we have to trust that our partners are also interested in doing the same good work that we are. You know, we don’t want to wander around being endlessly suspicious of everyone, but unfortunately, the state of security online. Yeah. Yeah, You really have to be all the more vigilant. We just We just have about two minutes before break, tell us what’s been going on at Tech. Impact yourself. You’re you’re you’re CEO. You’re some sort Your CFO has been getting emails that purportedly come from your executive director. Oh, yeah. And we’re not alone. So the more sophisticated version of we’ve only really talked about one type of attack. And there are others that we might want to talk about. But, you know, let’s go quickly. There’s a different variant that isn’t quite fishing. So fishing is trying to get you to divulge your own personal information over email. But there’s a variant of that attack where someone writes into an organization pretending to be someone high up in the leadership team, the executive director or the CFO or someone like that and ask various members of the staff, Oh, I’m out of the office right now, but I really need you to conduct a transaction for me. I need you to buy some gift cards. Some of them get really creative, and they say, and they and they do their background research. And they say, Uh, we just had this annual conference, and I need to send gift cards to all of our speakers. Could you go out and buy those for me and then send me the codes from the back of those gift cards so I can, you know, send them along to peep folks by email. Those e mails, when they’re well done, can look exactly like they come from the executive director of the C. F O or whoever. And of course they don’t. And if you reply to them and do what they ask, you will be sending all sorts of things potentially financial information out to someone you’re never gonna be able to find again. Because they set up a fake e mail account for the purpose of trying to infiltrate your organization. And once they’ve done that, they’re going to get rid of it, and it’s going to be on Treyz schnoll. All right, we’re going where we’re going to take a take a break. And when we come back, I want youto continue this because I’m going to ask Ah, Jordan, how could this possibly happened? Attack impact. Okay, so ah, stand by for that weather. CPAs nufer the New Year. They’re kicking off a remote non-profit roundtable. Siri’s. They used to just be on location. Now they’re doing it remotely. Livestreaming each quarter a wagner’s C P a C P a will cover a topic that they’re intimately expert in. So they’re the experts, but you need to have a basic understanding of it. All right. I mean, you want to know what you want to have a rough idea of what you’re seeing is doing and what to do in the non-profit realm. That’s what they’re talking about. The first one is on January fifteenth about revenue recognition for your grants and contracts, you goto wagner cps dot com Click Resource is than seminars Now Time for Tony. Take two. It’s time for you to be an insider. A non-profit radio insider also nufer the New Year. I’m kicking off something expanded guest interviews that are going to be exclusively for non-profit radio insiders. Each week, I’m going to dive a little deeper into a topic with a guest or cover something we didn’t talk about on the show in these three to five minute videos. All right, the video is going to be on a private playlist entirely for insiders. Have you become an insider? Sounds like something that you would have to pay for. And you’re right. It does sound that way, but you don’t have to pay. Other people might charge for something like this, but I will not. Ah, all I do. All you do is go to twenty martignetti dot com. Click the insider alerts, button name and email Like George and I were just talking about that’s all you got to give and you become an insider. Tony martignetti dot com. Now let’s go back to Jordan on DH Stay secure in twenty nineteen Jordan How could this happen to tech impact? No. The unfortunate thing is this is really easy to do, and it’s easy to do for someone with not that much technical skill. And just because you get one of these emails that looks really carefully crafted and whatnot doesn’t mean anything has actually been weak or that you’ve been broken into every one of us as an organization has tons of information about us online, right? Certainly the names of our executive directors are incredibly easy to find. If nothing else, you can get them from our tax returns, right? And attackers again have built out this elaborate process that involves doing some basic background research on any organization that they want to attack. I’m sure that they go to the organization’s websites and maybe even look at their tax forms and find out other things about the organization’s. Actually, I read recently that many of these militias actors air now doing extensive Lincoln research on a particular people within an organization is they’re trying to go after, so you don’t know what they’re doing. They built the whole process around this on. They use the publicly available information to construct, you know, eh uh, intact. It is as plausible as they can make it. So, you know, if they see a mention on the Web site that there was a annual conference recently, they might throw that into the E mail again to try to make it that much more authentic. They might mention someone else on the team and say, Oh, you know, like, you know, pretend that the message was coming from your executive director. Oh, I tried to contact, You know, Jim our c F. O. And he was out of the office, but I really need this done. Can you help? It is very common behavior. Now, I will say each second a background research. That hacker does represent one less second of profit. Right. They don’t want to put in that much time. So you know, you shouldn’t worry generally unless you are really, really big and really, really interesting about, you know, hypothetical attackers scouring your web page and every other thing you’ve done publicly for information about you. They’re not going to do that, but it probably will spend, you know, a minute looking at the stuff they confined most easily. And then they’re gonna construct attacks based on what they found, uh, and make it seem like you know the emails. They’re sending our legitimate as possible. They also will do that, actually, not only even just pretending to be part of the organization, they will also try to extort you and say, you know, I found out all of this fallacious information about, you know, your executive director, or you know what your organisation’s doing on. They’ll drop some publicly available details that aren’t even remotely interesting and say, But I have so much Mohr and, you know, if you don’t want us to go out, then you have to pay me a lot of money. I actually saw entire wave of the attacks last month, and they they weren’t particularly well done. But they bothered to do a little bit of background research. So the bottom line is you’re going to get these emails on. They will contain information about you and that should not be as big of a red flag You as you might think. You shouldn’t respond to them. You shouldn’t do anything except, you know, look at them carefully make sure that there isn’t anything in there that really is private and that someone has figured out, because if that’s the case, you need to do a lot more work to get things locked down. Um, and again, just be suspicious. Don’t believe someone when they ask you to do something, you know, unless you have actually had a conversation about that request before. Better yet, I encourage every organization to have a basic policy that says no one in the organization is going to ask anyone else to authorize a financial transaction or a password reset or anything sensitive over email alone. That’s just never gonna happen, and it’s never going to be allowed. You always have to actually talk to the person who’s making the request to confirm that they, in fact, made it before anybody acts on anything. Sounds like a sound policy. Okay, Labbate. Let’s let’s bring it back to what we can do to protect our organizations. So after staff training, what what would you say is next? So after staff training and then again, building a sort of culture of vigilance and everyone being it together on everyone having each other’s back, I would say there are some basic technicals. Defense is you can put in place. Um, because the most dominant type of attacks that we’re seeing right now are definitely email based and identity based. That is, they’re trying to convince you that you know, the attacker is someone they’re not, or and most often there, trying to steal your own account credentials and then use them for exactly the same purpose. One of the best things you can do to protect identity online is too not used, just a password alone. Wherever possible, passwords are kind of outdated security mechanism. They were only added back, you know, twenty thirty years ago, when the original researchers who were building Internet realized Oh, really? You know, not everybody should have the ability to read everybody else’s email without a password. That’s how open everything wass until they tacked on the password, kind of as an afterthought to fix the security hole and a force. As the Internet has evolved to do all sorts of incredibly sensitive things. The password as a security mechanism really hasn’t kept up to speed. It’s not good enough for the level of security. We really need of our bank websites and our social services websites and our, you know, electronic health record websites. So there’s a new standard which itself is not perfect. Nothing ever will be, but it’s a whole lot better than just a user name and password. And this technique or technology is called a couple of different things depending on who you talk to. But they all mean the same thing. You can hear the phrase, multifactorial indication or dual factor authentication or two step verification and all of those terms mean you can. You still have a user name and password, but you also need to supply something else whenever you log in to prove that you are who you claim to be, so that someone who managed to steal someone’s password can’t get in with John. That stuff this is this is Well, I think it’s we’re starting to see this. I see it on a lot of options, you know? Do you want to enable? I usually see there’s, like, two factor authentication, and this is where it’s a code will be sent to your to your phone number to your to your cell, and then you have to enter that number into the site that you’re tryingto log into is that yes, we’re talking about. That’s exactly right in the core idea There is. It’s actually just terrifyingly easy to steal someone’s username and password, particularly if you build a Web page. It looked exactly like the Gmail log in Paige, but it’s going very, very difficult for someone to simultaneously steal someone else’s phone. It is possible are, but it’s just so much so non-profits can implement this a CZ. When people come in in the morning latto log onto the system, they have to provide two factor authentication. You can do that. I would say it’s less important to do that on, you know, your PCs, you know, so that when you grow up coming in the morning, you have to go to this process. Certainly, hospitals do do that. Everyone has, you know, their little cars, that they swipe against some sort of scanner and that that council there’s there in a second factor. But most of us, I think, are now using something like Google Sweet or Office three sixty five, which is accessible from anywhere. And that’s where the attacker’s really have a have a party right they can get because you could get into the system from anywhere. The attackers can get in from Russia, Thailand, South Africa, lots of various places where they tend to work out on. And so those kinds of cloud based systems, as convenient as they are, also present a pretty big security risk that literally anyone on Earth put attack. And so those are the platforms where you really want to make sure you have multi factor authentication turned on. And the good news is, in most of these platforms, turning on multifactorial education is free and pretty easy. It’s, you know, there’s a few steps to it, but you basically just go to someone’s account. You say this person should now be required to use this second, you know, step verification or multi factor authentication. You have to have your your team signed up. You know, basically, just put in their phone number that they want to receive those authorisation codes at and then you’re done. That’s it. You know, they’re they’re logging process is going to be a little bit harder in some cases, but the whole it’s pretty painless and it’s so affected by locking these kind of so much worth the extra minute that it takes just to enable this, okay? Let’s say we got We got a couple minutes before another break, so give us No, we have to go to a break. Sorry. My mistake. So hang on there, Jordan. Think. Think of the next thing we’re going to talk about Xero tell us. Can use more money. Do you need a new revenue source? This is your long stream of passive revenue that you get when companies that you refer process credit card transactions through. Tell us watch the video. Send potential companies to watch the video. After you do, you go when you want to see it first. And then if they use, tell us for processing you. Your NON-PROFIT gets fifty percent of the fee for each transaction. This adds up small dollars. Adding up the video is that tony dot m a slash Tony. Tell us time for live listener love. We’ve got to do it. There’s so much of it. I get it. I get three sheets of paper, but do not. Eight and a half by eleven sheets. Uh, Northvale, New Jersey. The live love to Northvale, New Jersey. Wow, Northvale. Hello. That’s like that’s two minutes from where I grew up in uh, old Japan. Ah, New Bern, North Carolina. Live Love to you, Carmel, California Paddocks. Kala Patasse, Piela, Ohio Pascal or Patasse Piela Live Love goes out. However you pronounce it even if you pronounce it differently than either of those two ways. Live loves going to Ohio. Jacksonville Beach, Florida Atalanta. Oh, California Tampa, Florida All right, Awesome. Lots of live listener love today. And let’s go abroad. Uh, why wouldn’t we? No reason not to, um Tokyo and Cicada. Oh, Japan. Wonderful. Konnichi wa Hanoi, Vietnam. Ah, Social Korea, on your own. Haserot comes a ham Nida for our Korean listener. Beijing, Beijing, China. Of course we know d how everybody knows that Mexico City, Mexico I was always said, guten tag. No, that’s not right. Mexico City. Mexico would be good afternoon. What a star days when a star dies. Of course. Iran. That’s not guten tag either. But Iran is listening. Laos and Egypt. Well, look. Ah, Middle East. Checking in love it Lots of live love going out to all those people. And they maybe others that we can’t see. Sometimes there’s masked cities, et cetera. Um and ah, the podcast pleasantries. The podcast pleasantries have to go out to our over thirteen thousand podcast listeners right on the heels of the live list. Their love comes my gratitude to our the bulk of our audience, which is sitting podcast in the time shift. Whatever time device, however, you squeeze non-profit radio into your life, whether it’s Sunday nights or Saturday mornings. Pleasantries to you. Very glad that you’re with us. Thank you. Okay, we’ve got several more minutes left for we got lots of time left. Oh, yeah. We got latto two time left for Jordan McCarthy and stay secure in twenty nineteen. What’s next? Jordan? What? What should we attack after we take on too factor with simple enabling of two factor authentication? I don’t want to sound like I don’t make it sound is difficult. Once we once we checked out off, where should we go next? It is really not not hard at all again, just so valuable. So we talked about fishing. We talked about email based attacks on identity based attacks. Again, I would say they are the most frequent, Andi increasingly sophisticated type of attack we’re seeing so that definitely your number one priority, I would say. But then there’s a whole other universe of things that also are happening at the same time. So let’s talk about malware and others have more software based attack. So in addition to the attackers, just constantly, you know, trolling around, trying to find people who they can trick into divulging their passwords. There also constantly scanning every system connected to the Internet to see if those systems are susceptible to various kinds of software attack that can sort of worm their way onto PCs, possibly even then spread to other PCs on the network. Um, and again, all these attacks, very opportunistic, automated. It’s very rare that you’ll see someone actively targeting you because they care about you. They just want a, you know, hit the low hanging fruit. Um, but that means they’re going to put up a malicious file that looks like, I don’t know, maybe a pdf of, you know, um, various discount code for something that that’s that’s a common technique. Or or even better yet, a free version of Adobe Photo Job. Right, look, one one deal. What, one day deal, you know, download adobe photo job for nothing here, right? Of course, that’s ridiculous. That would never happen. And if you click on that link and download the software, you may get some variant of Adobe. But you’re also going to get a boat load of malicious software along with it. And once that software is on your machine, that could do anything it wants. Pretty much, you know, they can watch every keystroke that entered into the BC. It can even take video and audio recordings. It can hijack the computing a network power of the PC and use it to attack other targets. Um, until malware is Avery Big deal. And it’s producing a pretty big deal because the most rallies not even that recent anymore, but one of the more modern variants or evolutions of malware. Let’s say it’s called crypto ransomware, which is a mouthful. But what that basically means is this malware is very sophisticated and what it does. Once it gets onto a machine, it takes a look around. It finds every file. It looks like it might contain something useful to you. So every word document, every picture, every email, takes all of that data and steals it, put it into an encrypted archive, delete the original copies from your computer entirely, and then puts up a message on the screen saying, We have your files. If you ever want to see them again, you have to pay us about a thousand dollars. That was last year. The British medical system, right? And the entire city of Atlanta. All right, let’s get to what we can do. The help mitigate the likelihood minimized. I know we can’t prevent. What can we do to minimize the likelihood of this? So when you were talking about malware again, the number one thing going back even earlier discussion is, too promote that culture of vigilance and thoughtfulness. But technical safeguards there your most powerful defense of your software systems and your system security is to keep your systems up to date and that that sounds deceptively simple for anyone who’s actually tried to do it. You know, it’s next to impossible because everyone is very busy and no one wants to take the time to reboot their computer ten times a day to keep everything up to date. So it’s a challenge. But there are various tools that can help you do that shit. Um, e-giving mind when I say keeping up to date? I’m talking about not only your computer’s operating system so Windows or the Mac OS. I’m also talking about your phone operating system, whether it be Android or IOS. I’m also talking about various programs on your PCs, especially Web browsers on other boardmember that connect to the Internet quite a bit from all of that needs to be kept up to date because any one of those pieces could theoretically, if they get out of date, be broken into by one of these automated attack phones. Khun B phones could be turned. Phones could be turned around into microphones against you, right? Exactly. And you know, phones or general purpose computers, too. So if the phone gets compromised, theoretically, you could end up You know, using that phone is a launching point onto other devices are connected to it. OK, what are we going to do? What? You scared us enough. You scared me. And it was very good, too. Sorry. Didn’t get a little bit late for Halloween anyway, so there’s a few tools that can help you. There are tools that very simply watch all of the program’s installed on your PC and alert you. If any of them get out of date, some of them will automatically install patches for those tools for you on. Most of them are free. You know, if you just do a quick online search for, you know, keep my PC updated, that kind of thing. You’ll get some good options whenever you download anything online. As part of this, you know, theme of vigilance. You wantto look for reviews, make sure other people have used that tool and like it. But there are a lot of tools out there to do this work. That’s very ad hoc, right? Each piece he would have to have that installed, and, you know, someone could uninstall it. It would be kind of messy for organizations that are I would say above, let’s say ten people inside. It probably makes sense to aim for some degree of centralization. Uh, you can monitor and enforce the prompt application of software updates for both the operating system and other applications on there’s a variety of tool kits that can do this that there’s a too big name, um, types of rockets that are useful in this case. One of them is called a mobile device. Management took it. And again, if you do a quick Web search for mobile device management, you’ll find a bunch of different options. Um, some of the big players in the space there include things like Microsoft in Tune, Cisco Air Watch, um, IBM mas three sixty and there are a bunch of others. But those are just some that come to mind, and those are really, really good at managing the security of mobile. As their name suggests mobile devices. So many of them focusedbuyer merrily on the the mobile phone space. But many of them can also handle desktops and laptops as well for desktops and laptops. Then there’s another tool kit or a type of tool kit that really focuses in on that space and those air remote management and monitoring toolkit abbreviated are. Mm. On the first one was abbreviated mdm tonight. We love acronyms. I’m not really sure why, but but thankfully, you kept yourself out of jargon jail by actually using the full name before you even said that with him. So yeah, I get that way. That’s why we have debts when non-profit idea has jargon jail. Oh, thank you. I What? All right, finish your sentence, and then we gotta take our last break. Okay? So remote management and Mandarin monument and management and monitoring tools do exactly what I proposed. It needs to be done. They help you watch species for anything that might need to be updated and get those that they supplied promptly. They can also do more than that. They can watch and monitor and a virus programs which are not actually as useful as you might think. So that’s why I didn’t put them first on my list. Keeping yourself repeated is actually more important than having antivirus programs in place generally. But it is a good last line of defense. And these talk is gonna help make sure that those you’ll stay in place and are updated as well. All right. Jordan and Jordan, Wait. Take your last break. When we come back from this break, I want you to list list again. The resource is that you named so that people can have a place to ah t check out and you know, the ones that you believe are our sound. Do you think hoexter give can use more money again? I need a new revenue source. Here’s another way. Mobile e-giving. You could learn about it with text to gives five part email. Many course. Now, this is an E mail that is bona fide. So you don’t have to worry about is being a phishing e mail. You know, you’re just five e mails away through this many course. One each day from raising more money are raising money to get started through mobile giving. It’s cheap to get started. Its easy for your donors. The way to start the many course. You text NPR to four, four, four, nine, nine nine. All right. And we still got several more minutes. Force they secure in twenty. Nineteen with Jordan McCarthy. Alright, Jordan, what’s your What’s your list of resource is that users can trust. So first of all users listening listeners, listeners, contrast. Who’s you? Well, they are users, too, but listeners is what we’re talking about here. You want to look at whatever vendors you use and you want to see. You wanna have a look at what they say about their own security? So, you know, look at go to the web page of, you know, blackbaud sales force, Microsoft, Google and, you know, just say all right. Tell me about your security. What do you do? What do you offer? What can you help me to nail down? Okay, because many of these platforms will have a lot of security features built in that you may not be taking advantage of. So start simple. Start free. You use a totally ordinary included but may not know about you already included. Ok, then you want to start looking for other resource is to tell you you know, about what else you, Khun Dio? What else? What what? What are the sort of tools of record that really are effective and secure and we’ll increase your security So I mean not to be too self promoting, but idealware is a phenomenal resource for this kind of thing. That haserot hutchisson tons of resources and listeners know that idealware idealware knows dimension of, you know, I, including security brought up Yes. Objective, objective, objective. Other indexes as well. So if you look at sites like PC World, um, com p world ars technica Wired, they usually do reviews of various security tools I go to them routinely to see. All right, what is the latest on the mobile device management tool kit? There really top notch? What antivirus programs are recommended this year because they always cycle in and out. Okay, no. In terms of the tools that I use quite a bit and trust, I would call out for things like authentication. Obviously, Office three sixty five and the Google Sweet are phenomenal talk it They can both do a lot for you in terms of keeping things safe and helping you to monitor the security of your communications and your files and everything. So either this platform’s, I think are exemplary. And both have built in multi factor authentication. You just need to turn it on. Um, if you’re looking for something that can be, go beyond those core platforms and spanning multiple product, you might want to look at. Ah, couple of tool kits that focused squarely on authentication, safeguarding identity. Those tools are duo. Do you and octa O K E A. And these They’re both really big names in the space of again. Just making sure that people’s identities were kept saying that they cannot get attacked by simply divulging their passwords. Both of them provide multifaceted indication toe a wide range of other tools so you could end up just logging in with your duo or octa credentials and then be granted access to a bunch of other things. But but in a very secure way. Okay, excellent. We just have about a minute left. Jordan. So I feel like we did enough on why you should be paying attention to this. Let’s not. Let’s not wrap up with that. But I’ll leave it to you. How do you want to close? You got a minute? I think I would say that. You know, things are pretty scary right now, and I don’t want to sugarcoat that way. As you say. We said enough about it, but there is a lot that any given non-profit Khun do it doesn’t It’s not rocket science. You know, you might be told that you need to pay a butt load of money or hyre, you know, a really fancy consultant to tell you what to do. Ah, and if you find it helpful, sure, by all means, go and get some help. And you know, if you want a lightweight approach or even something more in depth, tech impact is here to help where we’re more than happy to meet you at whatever level the support you need. But having said that, a lot of this stuff is really not that difficult. It can be done by someone who just has the time. I mean, that’s sort of our all of our scarcest resource. I know. So that’s easier said than done. But if you have the time and you know, you can set aside some resources to dig in and turn on mold a factor authentication and figure out how to keep yourself up to date, you were going to be so much safer as a result. And for most non-profits, that’s exactly what they need to do as long as they are safer. Than the average. They are totally not interesting. Okay, hackers we got Okay, We got to leave it there. Don’t be interesting. Two attackers. Ah, he’s Jordan McCarthy. Infrastructure and security of the tech impact. You’ll find them at tech impact dot or GE, which is where you’ll find there the resource paper with even more ideas. And they are at tech. Underscore impact. Thank you so much, Jordan. It’s really a pleasure. Thank you. Thanks. My inside a video with Jordan. We’re going to talk about single sign on next week. The annual zombie loyalists replay with Peter Shankman. His customer service ideas are excellent, so it’s very worth Well, he worth replaying it. Do it every year. If you missed any part of today’s show, I beseech you, find it on tony martignetti dot com. We’re sponsored by pursuing online tools for small and midsize non-profits data driven and technology enabled Tony dahna slash pursuant Capital P. Well, you see, piela is guiding you beyond the numbers regular cps dot com by tell us credit card and payment processing your passive revenue stream. Tony dahna slash Tony Tell us and by text to give mobile donations made easy Text n p. R. To four four four nine nine nine. A creative producer was Claire Meyerhoff. Sam Liebowitz is the line producer shows Social Media is by Susan Chavez. Mark Silverman is our Web guy and his music is by Scott Stein. You with me next week for Non-profit radio Big non-profit ideas for the other ninety five percent Go out and be great. What duitz? You’re listening to the talking alternative network you get to thinking. Things xero. You’re listening to the talking alternative now, are you stuck in a rut? Negative thoughts, feelings and conversations got you down. Hi, I’m nor in Santa the potential tune in every Tuesday at nine to ten p. M. Eastern time and listen for new ideas on my show Yawned Potential live life Your way on talk radio dot N y c geever Hey, all you crazy listeners looking to boost your business. Why not advertise on talking alternative with very reasonable rates interested? Simply email at info at talking alternative dot com. You like comic books and movies, HOWBOUT TV and pop culture. Then you’ve come to the right place. Hi, I’m Michael Gulch, a host of Secrets of the Sire, joined every week by my co host, Hassan, Lord of the Radio Godwin. Together we have over fifteen years experience creating graphic novels, screenplays and more. Join us as we bring you the inside scoop on the pop culture universe you love to talk about. Wednesday nights eight p. M. Eastern Talk radio dot and wives. Did you know you’ve been playing poker your whole life, even if you’ve never played a hand of cards? Hi, I’m Ellen Lake and author of Polka Woman and host of the new show Poker Divas. On the show, I talk about poker. Strategy helps you win in business. Life and Love tune in Live every Thursday one p. M. To two p. M. Eastern Standard Time on talk radio dot N. Y. C. You’re listening to talking alt-right work at www dot talking alternative dot com, now broadcasting twenty four hours a day. Are you a conscious co creator? Are you on a quest to raise your vibration and your consciousness? Um, Sam Liebowitz, your conscious consultant. And on my show, that conscious consultant, our awakening humanity. We will touch upon all these topics and more. Listen, live at our new time on Thursdays at twelve Noon Eastern time. That’s the conscious consultant, Our Awakening Humanity. Thursday’s twelve noon on talk radio dot you’re listening to the talking alternative network. Yeah.