Set four intentions to make 2025 safer, saner, and more fun for your IT staff and your nonprofit.

Listen to Podcast

Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on AppleSpotifyGoogleStitcher, Pandora, and more. Or ask your smart speaker.

Four Nonprofit IT New Year’s Resolutions

Now is the month to set intentions for the year ahead. We know nonprofits are facing challenges in a challenging time. Be intentional about setting expectations for yourself and your organization this year and you will take some of the stress off.

Director of Outreach and podcast host Carolyn Woodard walks through four resolutions you can make to make 2025 easier on yourself.

Taking these four steps – keeping these 4 New Year’s Resolutions – will make your 2025 safer, saner, less stressed, and more fun. We provide lots of the resources you need on our site – you just need to set your intentions and keep these priorities through the year.

Some key resources:

Presenter

Carolyn Woodard


Carolyn Woodard is currently head of Marketing and Outreach at Community IT Innovators. She has served many roles at Community IT, from client to project manager to marketing. With over twenty years of experience in the nonprofit world, including as a nonprofit technology project manager and Director of IT at both large and small organizations, Carolyn knows the frustrations and delights of working with technology professionals, accidental techies, executives, and staff to deliver your organization’s mission and keep your IT infrastructure operating. She has a master’s degree in Nonprofit Management from Johns Hopkins University and received her undergraduate degree in English Literature from Williams College.

She hopes these 4 New Year’s Resolutions help set your nonprofit – and yourself – up for success.




Ready to get strategic about your IT?

Community IT has been serving nonprofits exclusively for twenty years. We offer Managed IT support services for nonprofits that want to outsource all or part of their IT support and hosted services. For a fixed monthly fee, we provide unlimited remote and on-site help desk support, proactive network management, and ongoing IT planning from a dedicated team of experts in nonprofit-focused IT. And our clients benefit from our IT Business Managers team who will work with you to plan your IT investments and technology roadmap if you don’t have an in-house IT Director.

We constantly research and evaluate new technology to ensure that you get cutting-edge solutions that are tailored to your organization, using standard industry tech tools that don’t lock you into a single vendor or consultant. And we don’t treat any aspect of nonprofit IT as if it is too complicated for you to understand. When you are worried about your email safety and phishing attempts, you shouldn’t have to worry about understanding your provider.

If you have questions about cybersecurity, data or subscription inventories, or anything else mentioned in this podcast you can contact us here.

We think your IT vendor should be able to explain everything without jargon or lingo. If you can’t understand your IT management strategy to your own satisfaction, keep asking your questions until you find an outsourced IT provider who will partner with you for well-managed IT.

If you’re ready to gain peace of mind about your IT support, let’s talk.

Transcript

Carolyn Woodard: Welcome to the Community IT Innovators Technology Topics Podcast. I’m your host, Carolyn Woodard, and today I’m going to talk about New Year’s resolutions. 

I’ve been reading some articles about the idea that saying it’s a resolution is setting yourself up to fail in some ways. Some people prefer to set intentions. I just read that you can set a “nudge word,” a word or a value that’s going to help you make your decisions and evaluate throughout the year if the activities that you’re doing and the way you’re feeling are in alignment with what your intention or your nudge word is for that year. But we can just make resolutions.

1. Put Self-Care First

I think the first one to start with is to put self-care first. We know that nonprofits and the nonprofit sector are experiencing a lot of challenges, both in the work that we do and in the environment in which we do them, both the political environment and if you’re working on the environment, in the actual environment. 

The work itself is stressful to begin with.

The missions are stressful, creating a lot of stress. They create a lot of joy, but we really pour ourselves into the work that we do. 

And then if you’re working in nonprofit IT, you have additional stressors. You have competing demands. You have budget constraints. It’s hard to find out or understand which IT you should be pursuing and investing in. We hope we make it easier here, but it definitely can be challenging to handle all of the demands coming at you as an IT professional, whether that’s the IT director, an IT staff person, a system administrator, and cybersecurity, of course, can be very stressful. 

If you’re in a leadership role at a nonprofit, and IT is something that all leaders at nonprofits should take seriously and should see as fundamental to their work on the executive team, then IT can be very stressful. 

Making sure that as a person who is doing work, you are putting your self-care first is very important to lowering that stress and being able to perform your job.

If you missed the webinar that I did in November on de-stressing, you could go back and check that out on our website, communityit.com. That had a lot of information on what the research says about what stress does to our bodies, our physical health, and our mental health, and then a whole bunch of tips on how to lower your stress levels throughout the day, and really to make that a priority. 

If you don’t take time out and make time for yourself and your own health every day, then you’re going to burn out. And when you burn out, you won’t be making one more call, you won’t be putting one more thing together, you won’t be doing one more IT project, you won’t be able to do the things that your nonprofit needs you to do, because you’ll be out sick trying to get better. 

It really is important to practice self-care, even if you feel like you’ve got a lot of things on your to-do list and your day is super busy and everything is important. 

My challenge to you this year as your resolution is to really put self-care at the top of your list every day and make sure that you’re doing practices that help you feel less stressed and help reset your body stress levels so that you’re not just operating at 110 percent all the time, trying to do all of the things.

2. Nonprofit Cyber Protections

My second suggestion for a New Year’s resolution is after you’ve done self-care for yourself, to do care for your nonprofit – put cyber protections next. 

We know that the hackers are making a lot of use of new tools. It’s like an arms race. The hackers find some new way to convince you to click on something and then new tools come by on the back end to keep you from seeing that thing, so you don’t click on it. 

We know that those things are coming at us all the time. They’re always evolving. They’re always changing. A couple of the changes that are coming this year, 2025.

SAS145 Nonprofit Auditing Guidelines Include Cyber Protections

First is this new requirement in auditing guidelines. It’s called SAS 145. We did a podcast on it a couple of weeks ago. We’ll be doing more content on it during this year to help with the learning curve. 

Every nonprofit has to go through a financial audit every year. In the past, those auditors were just looking at financial risks and making sure that your financial processes and practices were following best practices. Last year, it started to be a requirement that those financial auditors also have to look at your IT risks. They will be asking you questions about IT cybersecurity processes that you have in place.

It’s a learning curve for both the auditors and for the nonprofits and frankly for us as an MSP providing outsourced IT support from Community IT. Keep an eye on the information that’s coming out, and make sure you keep asking questions. If you don’t understand something that you’re being asked to give an answer on, don’t just guess. Do your best to find out what the auditor is asking and what practices you’re doing on your cybersecurity that can comply with those new requirements. 

We’ll continue to have more information on it. You can always give us a call or look at the content on our website to find more information about it. There’s a lot of information out there. Also, you can just Google it, talk to your auditor about it, but just know that that’s coming through.

Your audits from now on are going to have to include your IT risks and what you’re doing to prevent hacks and attacks and scams and phishing attacks. 

The good news is that we published this Nonprofit Readiness for Cybersecurity playbook that is free on our site. It’s a download, communityit.com. If you are following the best practices in that playbook, you will be 90 to 100 percent of the way towards satisfying those new auditing requirements. So definitely take a look at that. 

If you have questions about what that playbook talks about, it’s written in non-technical language. But it does have our advice on reaching a foundational level of cybersecurity practices. And it clearly takes you through what those practices are, in eight different dimensions of your nonprofit activities. So go ahead and check that out.

A couple of more things we need to talk about that are changing for cybersecurity. 

Email Deliverability: DKIM and DMARC

There is a new requirement, or there will be more of an emphasis on this requirement from your insurance, to make sure you have email deliverability, that you put in place some protocols called DKIM, and DMARC is a way of reporting on your DKIM protocols. We did a podcast on it a couple of months ago, and you can find that information. It’s a very clear explanation. 

DKIM is kind of technical. There’s a couple of tools that you have to use, but honestly, email is going to become undeliverable on the other end, and you don’t want that to happen to your fundraising appeals, your emails to partners.

You’re going to want to make sure that at your end, your email is showing that your email is coming from where it’s supposed to be coming from. That’s basically what DKIM is doing. Although, as I said, it’s pretty technical. This is not something that a normal, everyday IT leader is going to… Well, an IT leader will be able to do it, but, you know, an executive director who doesn’t have an IT background, you might need some help to make sure this is in place correctly. 

2025 is the year to reach out and make sure that you have everything correct on your end so that your emails are going to get through to people on the other end.

Single Sign On Provides Extra Protection and Extra Management Functionality

We have done some content on single sign-on. This is another fairly technical thing, but it does give you a lot more protection. It makes you a lot more secure.

And once you’ve implemented it with all of its kind of nooks and crannies and ins and outs, it does give you a lot more ability to control your cybersecurity and to manage the cybersecurity of all of your staff and all of the mini tools and subscriptions and apps that they’re using. We do recommend, if you aren’t using Single Sign On yet, and you don’t really know what it is, you can ask the people that you work with on your IT, and just ask them about Single Sign On, and if it is something that would make sense for your nonprofit to do. 

If you’re a very, very small nonprofit, it may not make sense, because again, I said it is a little bit technical. But if you have more than 10 staff members, you want to give it a look and see. It’s going to be very common going forward. So, you know, it might make sense for you to look into it this year. Single Sign On for Nonprofits explanation.

MFA Additional Security Steps

Another thing to make sure on the cybersecurity front is that you have MFA enabled for all of your accounts, for everything they log into. 

MFA is the gold standard for protecting your accounts. So, it makes sense that hackers are trying to find ways around it. They found a couple ways around it. So, make sure that you’re talking with your IT department and staying current on the most up-to-date ways to make your MFA as secure as possible. That might be using a physical key called a FIDO key.

So, it has to physically be with the person who’s trying to log in, and then your laptop or device will check that the FIDO key is there. There are some other ways to make sure that you have the strongest MFA possible, but just be aware that MFA by itself, yes, it’s better than nothing and everybody needs to have it, but we’re finding that sometimes it’s not quite enough, so you can make it stronger. 

Staff Cybersecurity Awareness Training

We always say that your staff are your eyes and ears, and they are the most important measure in terms of cybersecurity.

You can have all of the tools you want. You can have secure platforms. If your people aren’t using those tools and platforms securely, for example, if they’re putting their password in Slack chat, then it doesn’t matter how secure you are. Your staff are creating those holes in your security. 

It’s not possible anymore to have a once a year, hour long video that people have to watch, and then they’ll be secure for the rest of the year. Also, staff are very good at gaming those videos because they’re not really relevant and they’re not engaging. If you are still doing that, don’t worry. It’s better than nothing, but definitely look into cybersecurity training that’s more frequent, that mimics the kinds of scenarios that your staff are going to run into

For example, tools that we use that send you a quote-unquote phishing e-mail, it’s sent from the tool. So, if a staff person clicks on it, it will give them a message that says, “you shouldn’t have clicked on this. Here’s an additional training you can take.” You can be doing that monthly, quarterly, and it really helps staff know what they’re supposed to be looking for, especially as those clues evolve, right?

It’s no longer enough to just look for misspellings. And the hackers, especially using AI, are getting a lot better at creating these phishing emails, maybe using social engineering, using some information they’ve found about you, from your Facebook account or other accounts that you have. They can really make something look very realistic, but there are still usually clues.

Train your staff on how to avoid clicking on those suspicious emails. And then the counter part is, if they have clicked on something, who do they tell? How do they tell them? What does your organization do next? How do you protect yourself after you maybe have clicked on the wrong thing? All of those are very important for you in terms of protecting your organization and staying safe.

We do know that there are more and more suspicious emails with AI, but also just there are actors out there who are online all the time. And as I said, they are looking for information about your staff, particularly your financial staff, your executive team. If you’re working in an area, an advocacy area where you are perhaps at threat, if you’re working in countries where there are state-sponsored actors who want to know who’s on your payroll and what research you’re doing, what work you’re at, who you’re lobbying, there will be hackers targeting you.

All of those will impact your safety of your staff. In the evolving online environment, another thing to put on your list for cybersecurity safety this year is just personal safety. And if you’re looking for resources, we have a few we’re going to work on some more this year because we know that this is an evolving threat. Anti-Doxxing and Nonprofit Staff Safety with Shauna Dillavou podcast.

So that’s my second resolution is put cyber protection next. 

3. Spring Cleaning

A third resolution I would recommend, which is kind of common with just regular New Year’s resolutions, is to clean up. Spring cleaning can start now.

File Structure, Permissions, Archiving

In terms of nonprofit IT, that means you want to understand your file structure and those permissions for those folders. So if you’ve moved to the cloud already, congratulations, but have another look, because sometimes when organizations moved to the cloud a couple of years ago, they may have just done a dump, take out all of the files that we had on our server and just using the same architecture, put it into our cloud server that we’re going to use now for our file organizing. And that might not be appropriate for you anymore.

It could be a matter of cost. You’re saving a lot of stuff from decades ago that you really don’t need to be saving in a way that you access them all the time. 

The most important thing that it may be is the permission structure. As we’re using AI search more and more, I mean, AI search is quote-unquote smart search, but it’s actually kind of dumb. AI is going to let anyone who has a permission see anything they have a permission to see. Some of your files may have been protected by obscurity in the past. They were way down in some folder. So even though a staff member had access to them, they couldn’t really find it easily. AI search is going to surface it, and they’re going to be able to see it.

So that’s another reason to make a resolution to go back through your files in your cloud file storage and review the architecture, review your permissions, and see if there’s anything you can archive. Do a spring cleaning. 

Data Inventory

While you’re doing that, you want to make a data inventory.

All of the apps and databases and tools that you’re using that are storing data, just make a map of that. And then again, look at those permissions, look at your subscriptions, look at who has access. This also kind of relates back to your cybersecurity.

You’re going to want to make sure that you have vision into all of these places where your essential data is being stored, because what if that vendor has a breach? 

Take a data inventory. It doesn’t mean you have to do anything with it, just you want to have that inventory. And it’s always changing. It’s good to do every year as part of your spring cleaning.

Clean Up Subscriptions and Licenses

And then a third thing to think about as you’re cleaning up your IT is subscriptions and licenses.

We often find new clients that come to us that are paying for licenses for staff who have left and were never really off-boarded. So, not only are they paying for that license that no one is using, but that staff may still have access to that account.

Have a look at your subscriptions and all of your licenses and just do a cleanup. Make sure they’re all the ones you want to be paying for. And see if you can save some money. That’s always nice in the new year. 

4. Resolve to Do Something Fun

And my fourth resolution is do something fun, right?

We work a lot, but technology, it shouldn’t just be boring and drudge work stuff that we have to work on. There’s a lot of fun stuff out there. 

Take Tutorials, Gain a New Skill

The biggest thing, of course, is AI right now. If you are interested in AI, even if you aren’t, it’s worth it to take a couple of tutorials, spend some time every week, every month, just learning what new is out there, what other nonprofits are doing with AI, what productivity tools are coming out.

If you get an update for a tool you’re using, Microsoft, Google, but also some of your, maybe your CRM, your fundraising software, they come out with updates all the time and they’re always putting out, “you have a new AI assistant!” Well, take the tutorial, see what that assistant does and see how it can help you.

And just poke around, take some tutorials. If there are other tools that you’d like to use better, if there are tools you’re not using yet, but you kind of wonder, “this seems like it would make sense for my position. I’d like to learn more about it.” There are lots and lots of tutorials out there. A lot of the tools themselves will have a tutorial in their knowledge base. You can look on LinkedIn Learning. Ask around. Ask other nonprofits what tutorials they like. You can look on LinkedIn and see, a lot of people will put up their achievements, their certificates, and you could look into that to see if there’s something that makes sense for you to learn and just put time aside for it. 

Resolve to put time aside for tutorials, learning, fun stuff, playing, playing with the IT, and give yourself that time to master new tools and to play. 

Build Your Team Skills

And if you can, you might want to make that a team building exercise.

We did a webinar on using a skills matrix that I just found fascinating, especially around change management, but also in terms of this idea of being a learning organization, which we did a webinar on last year as well.

You could pull your team together, talk about where you want your nonprofit to be going, and then have your team do a self-assessment. Which tools do you need to master to put your nonprofit in the position you want it to be in? 

And that might be being able to be more efficient and productive with the tools that you have.

Like I said, doing some of those tutorials on using your tools more effectively, finding some bells and whistles you didn’t know that that tool had that would save you an hour or two of work a week. That’s amazing. 

You have to put that time in, but be the kind of leader and be the kind of team that works on that together collaboratively.

And you can split the load. So maybe you need to be a lot better at Word, and there are these AI tools that help you draft the documents that you’re making. And there’s one person on your team who’d like to take that on, so, you can divide and conquer. Come back next quarter and share your learning and share the increased productivity and some benchmarks that you’ve passed. And that can all be team building as well as fun.

You could make it a competition if your team is into competing like that. You could put some rewards in, like you get to have a cookie exchange or a pizza party, something like that. Think back to your high school days of what was motivating to you then. And just, you know, have fun with it.

4 New Year’s Resolutions for Nonprofit IT 

So those are four New Year’s resolutions or intentions that you can put in place. Put self-care first. Take care of yourself, your mind, your body, so you can keep working and doing the great work that you’re doing in challenging times.

Put cyber protection next. Make sure you’re protecting your organization. I will tell you from our clients, when you do experience a hack or a breach or you lose money through a wire fraud, it is so, so, so stressful for all of your staff to recover. It takes a long time to gain back that peace of mind. So, putting cyber protections in place now can really protect you. Also, just your psyche and your health later on. Stay safe both for yourself and for your organization. 

The third New Year’s resolution is to clean up. Spring cleaning starts now.

And then a fourth resolution is to make sure to make time to do something fun every day, every week, every quarter.

If you can make that something fun that you do together with your team, I think a lot of us feel kind of isolated working from home, working remotely. So being intentional about bringing your team together to do those learning or really not even learning, maybe just having fun together is important. So, make that an intention as well for the new year. 

Thank you for spending your time with me today on this podcast. I hope these were some helpful thoughts and I hope that you’ll join us.

Subscribe to our podcast. Maybe sign up for a webinar. We have a good one coming up.

Well, they’re all good. But our webinar January 22nd is a roundtable talking about some of these new IT tools and concerns that are coming at us in 2025. It’s always a really popular webinar and you can join us and ask your questions to our experts in real time or at registration.

So have a look for that on our website, communityit.com. Thank you.

Photo by Charlie Hammond on Unsplash