The nonprofit world feels more demanding than ever. Many organizations, once outside the political spotlight, are now facing unexpected adversarial challenges. This can lead to increased stress, uncertainty, and a question: How does our IT fit into this new, complex reality?
At Community IT, we understand these anxieties. Our recent webinar Nonprofit IT Essentials for Challenging Times, featuring Senior Consultant Nuradeen Aboki and Outreach Director Carolyn Woodard, tackled these concerns head-on, offering practical guidance on IT governance, cybersecurity, smart budgeting, and even personal well-being. We want to empower your nonprofit to navigate these turbulent waters with confidence and resilience.
Why IT Governance Policies Are Non-Negotiable (Especially Now!)
IT governance policies don’t always spark excitement. But these foundational documents are more critical than ever. In a landscape where organizations might face increased scrutiny, data requests, or even leaks, clear policies are your first line of defense.
Why are IT policies a necessity?
- Clarity for Staff: Without clear policies, employees are left guessing about crucial procedures. If a laptop is lost, or staff don’t know where to store sensitive data, or which applications are approved for use, policies provide clear guidance.
- Preventing Data Leakage: One of the biggest risks today is data exfiltration or leakage. Robust policies, that your staff are well trained in and understand, explain how data is handled, stored, and shared, significantly reducing the chances of accidental or malicious exposure.
- Protection Against Risks: Policies act as a safeguard against:
- Honest mistakes: Well-meaning staff can inadvertently create vulnerabilities without proper guidelines.
- Disgruntled staff: Clear rules provide accountability. Compliance checks can catch malicious staff use early. Trust, but verify.
- Security vulnerabilities: Policies establish best practices that strengthen your overall security posture, for example when off-boarding staff accounts.
- Compliance & Accountability: Many cybersecurity liability policies and new nonprofit auditing guidelines now require an IT acceptable use policy. Without one, liability insurance can be hard to get. And you don’t want to operate without insurance in case of a cyberattack or hack.
Common Barriers to Policy Implementation: A primary barrier is often lack of understanding from leadership. Leaders are mission-focused, and IT can be overlooked. However, as data becomes the “new currency,” more nonprofit leaders are seeking guidance on securing their information.
Takeaway: What kind of trouble can a nonprofit get into without IT governance policies? Bottom line, a lack of policies leaves employees unsure, increases the risk of data breaches, and exposes the organization to legal and financial repercussions.
Bedrock IT Policies to Prioritize:
While a deeper dive into policies is a webinar in itself – Making IT Governance Work for Your Nonprofit – here are the essential policies every nonprofit should consider:
- Acceptable Use Policy: Defines appropriate staff use of all IT resources.
- Cybersecurity Policy: Outlines your organization’s strategy for protecting information assets.
- Data Retention Policy: Crucial for managing how long data is kept and when it’s securely disposed of, especially relevant for potential subpoenas or leaks.
- Privacy Policy: Explains how your organization collects, uses, stores, and protects personal information, particularly concerning donors, clients, and staff.
- AI Acceptable Use Policy: Increasingly important for guiding the responsible and secure use of Artificial Intelligence tools.
For more information on writing or revising policies: Free Resources for Building IT Policies at Nonprofits.
Prioritizing IT: Cybersecurity, Data, and Staff Security
With so much on your plate, how do you decide where to focus your IT efforts? Key areas for immediate attention:
- Cybersecurity: Identity is paramount. With cloud services like Microsoft 365 and Google Workspace, monitoring user identities as they move between services is crucial. Robust monitoring solutions can detect and mitigate attempted hacks, freeing up your team to focus on mission. Talk to your IT provider or internal IT department about the ways they protect Identity and how your staff can help keep their identities secure.
- Data Security: Ensure your data is contained, secure, and accessible only to those who need it. Encrypt data and use providers that prioritize security and can protect you in cases of hacks or subpoena compliance. A thorough IT assessment can reveal gaps and help build a strategic roadmap for data security investments.
- Staff Security: Your employees are often targets, especially those in finance or HR dealing with confidential data. Invest in secure devices for staff and implement strong multi-factor authentication (MFA), perhaps with security keys, to significantly harden access.
While financial security isn’t Community IT’s core bailiwick, strong cybersecurity directly contributes to donor confidence.
The Good News about Cybersecurity:
Despite the rising threats, 90-95% of attacks seen by Community IT clients are still financial, often simple phishing scams, not complex adversarial hacks. The even better news? By following best practices, you can prevent 80-90% of these risks. Many of these practices are not expensive, like:
- Staff training.
- Having policies in place.
- Following the guidelines in Community IT’s free Cybersecurity Playbook.
Smart Budgeting for IT: Beyond “Break/Fix”
How do you budget for IT strategically, especially when finances feel uncertain?
- Avoid the “Break/Fix” Trap: While sometimes necessary for smaller organizations, simply waiting for something to break and then scrambling for funds is reactive and can be costly in the long run.
- Beware of Ad-Hoc Tool Adoption: When departments or individuals sign up for new tools without central oversight, you miss opportunities for value and consolidated planning. New tools can quickly become the tool in use, without analysis or proper implementation to all staff. This is a short term approach to strategic problems. Many nonprofits prize their ability to be flexible and adaptable; but with IT tool purchases an IT roadmap can help ensure investments in technology are all moving the organization toward common goals.
- Best Practice: Leadership-Driven Roadmap: The most strategic approach involves:
- Leadership meeting with stakeholders.
- Updating your IT roadmap and strategic plan.
- Clear communication.
- Prioritizing IT investments that align with overall organizational goals.
Many nonprofits are already adopting smart budgeting practices, such as budgeting per staff member, evaluating hardware lifespans for replacements, and allocating funds for upcoming projects. For more on Discovering the Value of Your Nonprofit IT Budget please view our webinar.
Optimizing Your IT Spending
- Conduct an IT Inventory: Take stock of all devices, licenses, apps, and platforms. This helps manage devices and ensures you decommission logons for departing staff – a crucial security step that often reveals unused, paid-for licenses.
- Strategic Hardware Replacement: Laptops older than 3-4 years become inefficient, unreliable, and harder to secure. Budget to replace a percentage of them annually to plan hardware costs effectively.
- Personnel: The Biggest Expense: Hiring and retaining IT talent can be challenging for nonprofits.
- Consider Outsourcing (MSP): For organizations with 15-20 staff or more, a Managed Service Provider (MSP) can offer comprehensive IT support, technical escalation, inventory management, and cybersecurity protection, often at a predictable cost. MSPs can scale with your organization’s growth.
- DIY for Smaller Orgs: For smaller nonprofits (under 15 staff) with limited budgets, free or low-cost tools like Google Workspace can be managed internally. However, be mindful of security settings, as user-friendliness can sometimes obscure security needs.
- Train Internal Accidental Techies: If hiring dedicated IT staff isn’t feasible, consider training existing staff who show an aptitude and interest in technology.
Keeping the Lights On in Times of Crisis: While it’s tempting to cut IT projects during financial or political challenges as you require all hands on deck to meet the moment, remember that investing in foundational IT (like policies, security tools, and proper assessments) can prevent future risks and even save money by avoiding costly incidents. Crisis can make your organization more vulnerable. An IT assessment can reveal where strategic investment in fundamentals is needed to improve your overall IT security and improve efficiency, giving more time for crisis management. Carving out time to prioritize IT at a leadership level is always a good investment.
Self-Care for Nonprofit Professionals: Don’t Burnout!
Lastly, amidst all the technical considerations, it’s vital to remember the human element. The stress on nonprofit professionals is immense.
- Small Resets are Powerful: Research suggests that frequent, short five-minute breaks throughout the day are as effective as longer pauses for de-stressing.
- Unplug and Decompress: Make time to eat lunch away from your desk and truly step away from work to unplug and decompress.
- Lead by Example (for Leaders): If you’re in a leadership role, model healthy behaviors, check in on staff stress levels, share de-stressing techniques, and prioritize clear communication and good change management, especially around IT initiatives. This ensures staff feel heard and part of the plan during transitions.
- IT Staff, Prioritize Yourselves: For those on the IT front lines, remember the “oxygen mask” principle. If you burn out, you can’t help anyone else. Prioritize your own self-care daily.
Your well-being is critical to your organization’s mission.
A Call to Funders: Support IT
To any funders reading this, please understand that IT support is consistently a critical need for nonprofits. Embracing trust-based philanthropy means listening to grantees and providing the IT support they need to thrive and deliver on their missions.
Moving Forward: Your Strategic IT Plan
We hope you have found actionable insights to foster a proactive approach to IT in your nonprofit. Here’s a summary of key takeaways to help you create your plan:
- Strategic IT Roadmap: Develop a roadmap that outlines your IT goals, priorities, and execution plan. Think of IT as integral to achieving your mission, not just a support function.
- Stakeholder Alignment: Agree on IT priorities with key stakeholders, including leadership. Their understanding and investment of time are crucial for success.
- Prioritize Policy Development: Make time to invest in creating essential IT governance policies. These are foundational and protect your organization from both honest mistakes and malicious threats. Don’t let policies sit dormant; ensure staff understand and are using your policies, and that compliance is checked regularly.
- Perform an IT Assessment: Understand your current IT state, identify gaps, and uncover opportunities for system consolidation and cost savings, especially when transitioning to or optimizing cloud services.
- Understand Your Inventory: Maintain a comprehensive inventory of all IT assets – hardware, software licenses, subscriptions, and data locations. This is vital for security, cost management, and efficient operations.
- Strategic Budgeting: Have a clear understanding of your fixed IT costs and approach discretionary spending wisely. Don’t shy away from investing time and money in projects that improve fundamental IT infrastructure, as this prevents greater costs and risks down the line.
- Stay Healthy: Prioritize your own physical and mental well-being. You cannot effectively support your organization if you are burnt out.
Resources to Help You Move Forward:
Community IT offers a wealth of free resources to help your nonprofit strengthen its IT posture. Check out these links:
Leadership:
- Video: Design an IT Roadmap to Create Value: https://communityit.com/video-design-an-it-roadmap-to-create-value/
- Webinar on Stress and Self-Care: https://communityit.com/webinar-de-stress-self-care-in-nonprofit-it-roles/
Data Security:
- Blog: Data Retention Policy Best Practices in Uncertain Times: https://communityit.com/blog-data-retention-policy-best-practices-in-uncertain-times/
- Podcast: Nonprofit Data Retention Policy and Cybersecurity Basics with Ian Gottesman:https://communityit.com/podcast-nonprofit-data-retention-policy-and-cybersecurity-basics-with-ian-gottesman/
Staff Security:
- Blog: Protect Digital Identity: https://communityit.com/blog-protect-digital-identity/
- Podcast: Anti-Doxxing and Nonprofit Staff Safety: https://communityit.com/podcast-anti-doxxing-and-nonprofit-staff-safety/
Cybersecurity Basic Best Practices:
- Webinar: Playbook on Cybersecurity Readiness for Nonprofits: https://communityit.com/webinar-playbook-on-cybersecurity-readiness-for-nonprofits/
- Free Cybersecurity Playbook (download from site linked above): This can prevent 80-90% of risks and scams.
MSP & Internal IT Management:
- Are you ready for an MSP? How Do I Know if an MSP is Right for My Organization?
- The Nonprofit Guide to Vetting a Managed IT Service Provider
- Webinar on using Google Workspace for smaller nonprofits: a resource for self-management. Growing Your Nonprofit with Google Workspace
- Webinar on training internal managers/accidental techies: Discusses models for developing internal IT capacity. Nonprofit Digital Health Workshop with The Human Stack.
By prioritizing these essential IT components, even in challenging times, your nonprofit can safeguard its operations, protect its mission, and continue to make a profound impact.
Ready for IT support you can depend on?
We’ve found that many nonprofit organizations deal with more IT issues than they should have to. Resources are tight. Systems are unreliable, responses are too slow, and repairs are too expensive. Sometimes nonprofits don’t even realize how bad things are until something big breaks and their mission is derailed.
Our process is based on decades of exclusively serving nonprofits. Our technicians have certifications across all major platforms, and we constantly research and evaluate new solutions to ensure that you get cutting-edge solutions that are tailored to the needs of your organization.
We regularly present webinars at Community IT about IT issues and best practices, and we work hard to keep our nonprofit technology community informed and engaged in managing IT as a strategic asset.
If you have more questions about managing nonprofit IT in challenging times, just ask.
Photo by Johnson Wang on Unsplash