Technology is complicated, and so are the many missions of nonprofits. We want to empower you to achieve your missions with technology. And part of that is communicating. Many times discussions around tech are made for experts by experts, but that can make it hard for someone not specializing in tech to receive the intended message.
We want to meet you where you are, and that starts with making sure that you can participate in conversations around tech fluently. With that in mind we want to share some terms from the nonprofit tech space that you should know.
MFA stands for multi factor authentication. It is used to secure logins so that just stealing a password isn’t enough to get into an account. Also known as 2SV in the Google ecosystem, MFA typically works through an app downloaded to your device that displays a code you must enter to access an account. To learn more click this link to our MFA guide
On the note of MFA it is important to know the different MFA standards. Regular MFA is good, and if you have implemented it you are doing better than most; however, there is a higher standard of MFA called Phish-resistant MFA. Phish-resistant MFA offers more security and is becoming the new standard especially for employees commonly targeted by cyber attacks such as CFOs or EDs. Phishing is a type of cybersecurity risk where bad actors create a fake website to trick you into putting in your one time code from an MFA app. Phishing resistant MFA is a type of MFA that is resistant to this type of attack. The two types of Phishing resistant MFA are FIDO keys and Passkeys. FIDO keys are physical devices that are plugged into a device and Passkeys are a form of digital signing managed by your device. Read more about them both here.
Pen testing, short for penetration testing, is a method of ensuring your cybersecurity is protecting you by trying to break it. Think of it like digitally trying to sneak past security at a brick and mortar location to make sure they are doing a good job. It is a service that is most effective for specific types of nonprofits such as those with onsite servers. In our view pen testing is most valuable if you already have strong cybersecurity protocols you want to test. If you are just starting out, consider an assessment as a more affordable first step for nonprofits. We have a more detailed discussion here
ITBM stands for IT Business Manager. Sometimes compared to a vCIO, an ITBM helps to bridge the gap between tech needs and business needs. Community IT IT Business Managers specialize in looking at the big picture of tech within your organization. They work with our help desk to assess your day to day issues and the overall health of your IT. They help make sure tech decisions are strategically moving you forward instead of just keeping the lights on. For more information check out our blog all about them here.
Change Management is the work behind implementing any new technology or new process. There is the saying “if you build it they will come” but that does not usually hold true for technology. If you want to upgrade your organization’s tech you need to make the upgrade, and ensure your employees are using it after roll-out. If you have a big tech project coming up click here to learn more about how you can maximize its impact through change management best practices.
Data Retention Policies are an essential part of your nonprofit’s cybersecurity. Put quite simply, your DRP decides what you keep and what you don’t. This is all about determining where your sensitive info is and how you keep track of it. By having a strong DRP you minimize the chances of a data breach, help set clear guidelines to help your employees comply with regulations, and increase efficiency by making it easier to find the information that matters. You also protect your staff, board, and organization from data leak risks and can even proactively protect yourself from subpoenas and discovery. Learn more about best practices for data retention in the age of AI here.
AI Policy. One policy you may be overlooking but definitely need to have is an AI policy. Whether your AI policy is no AI whatsoever or all AI all the time your organization should lay out clear expectations for your employees so they know what they can and can’t use AI for. By clearly communicating this you ensure AI is used in a way that respects your mission, constituents, and donors. Additionally one of the benefits of a strong AI policy is minimizing the improper use of AI which can be hazardous to your organization’s cybersecurity and reputation. Click here to find out more from our podcast dedicated to nonprofit AI use, or search our AI for Nonprofits library.
As your organization navigates challenges, you deserve a support team that is as committed to your mission as you are.
Would you like to see how our human-centered approach can stabilize your IT environment? If you have questions about how to align your technology with your mission, we are here to help.
Community IT has been serving nonprofits exclusively for 25 years. We offer Managed IT support services designed for organizations that want a partner, not just a provider. For a fixed monthly fee, we provide the proactive planning and ongoing IT strategy you need to ensure your technology is always an asset and opportunity, not a liability.
We think your IT partner should be able to explain everything clearly, without talking down to you or using unnecessary lingo. If you’re ready to gain peace of mind and clarity about your IT roadmap in our challenging environment, let’s talk.
As advocates for using technology to work smarter, we’re practicing what we recommend. This article was drafted with the assistance of AI, but the content was reviewed, edited, and finalized by a human editor to ensure accuracy and relevance.
Photo by Redd Francisco on Unsplash
Wednesday July 15th at 3pm Eastern join Mimi Yeh, PTKO, and George Danilovics, AHIP, to learn your next AI steps.
Fill out the form below to request a quote. We’ll be in touch shortly to discuss your needs and take the first step toward better nonprofit IT.