David Dawson walks through a recent incident and response.
David Dawson is a Senior Engineer at Community IT on the escalation team for our help desk. Recently he led the response to a cybersecurity incident at a nonprofit client. In this Community IT podcast, he answers Carolyn’s questions about the flow of the response, best practices, and gives tips on how your nonprofit can be prepared to respond to phishing or hacking attempts. Knowing who to call and how to respond to a cybersecurity incident at a nonprofit can be the difference that makes a quick and complete recovery.
Listen to Podcast
Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on Apple, Spotify, Google, Stitcher, Pandora, and more. Or ask your smart speaker.
The takeaways:
- When staff know what to do and who to call it saves valuable time and leads to more confidence in your response. Cybersecurity Awareness Training – particularly anti-phishing training – is a crucial part of your nonprofit cybersecurity defense.
- Having a single point of contact handling the communication at the nonprofit was important both to provide helpful information back to the IT provider quickly and to communicate effectively with 100+ staff that the incident was being resolved and what they needed to do.
- Of course, if your single point of contact is on vacation it can complicate your response. Having an Incident Response Plan with multiple backups will help guide your response.
- If you haven’t reviewed your Incident Response Plan recently, you should! Better yet, gather the stakeholders and hold a tabletop exercise to run through some scenarios and see how your team would handle them. This kind of an exercise doesn’t cost anything to run except your stakeholders’ time, and can help identify single points of failure or areas where the plan is good but your staff need training on what is in it.
- Many nonprofits initially handle their IT management internally. As your nonprofit grows, consider when it becomes appropriate to call on a trusted partner like Community IT to help with cybersecurity, help desk, and strategic planning. Are your cybersecurity investments up to date? What does your cyberliability policy cover? Could you resolve and recover from a cybersecurity attack?
Presenters

David Dawson works as a Senior Network Engineer and serves on the Board of Directors of Community IT Innovators. He builds Windows Server and VMware ESXi networks. David’s past work experience was with restaurants and he joined the IT world in 1996 working in a Network Operations Center for Sprint. He holds the Microsoft Certified System Engineer, Cisco Certified Network Administrator and VMware Certified Professional certifications. David enjoys working with clients that are making a difference in the community and internationally.
When he joined Community IT in May 2001, he felt that his faith, social, and professional lives became more integrated. David studied English at Virginia Commonwealth University and continues to pursue his interest in cooking.
To learn more about David, and about working on a team at Community IT, please see our interview Community IT Voices: David Dawson

Carolyn Woodard is currently head of Marketing and Outreach at Community IT Innovators. She has served many roles at Community IT, from client to project manager to marketing. With over twenty years of experience in the nonprofit world, including as a nonprofit technology project manager and Director of IT at both large and small organizations, Carolyn knows the frustrations and delights of working with technology professionals, accidental techies, executives, and staff to deliver your organization’s mission and keep your IT infrastructure operating. She has a master’s degree in Nonprofit Management from Johns Hopkins University and received her undergraduate degree in English Literature from Williams College.
She was happy to have this podcast conversation with David Dawson on how to respond to a cybersecurity incident at a nonprofit.
Ready to get strategic about your IT?
Community IT has been serving nonprofits exclusively for twenty years. We offer Managed IT support services for nonprofits that want to outsource all or part of their IT support and hosted services. For a fixed monthly fee, we provide unlimited remote and on-site help desk support, proactive network management, and ongoing IT planning from a dedicated team of experts in nonprofit-focused IT. And our clients benefit from our IT Business Managers team who will work with you to plan your IT investments and technology roadmap if you don’t have an in-house IT Director.
We constantly research and evaluate new technology to ensure that you get cutting-edge solutions that are tailored to your organization, using standard industry tech tools that don’t lock you into a single vendor or consultant. And we don’t treat any aspect of nonprofit IT as if it is too complicated for you to understand. When you are worried about productivity, change management, and implementation of new technology, you shouldn’t also have to worry about understanding your provider. You want a partner who understands nonprofits and understands how to respond to a cybersecurity incident at a nonprofit.
We think your IT vendor should be able to explain everything without jargon or lingo. If you can’t understand your IT management strategy to your own satisfaction, keep asking your questions until you find an outsourced IT provider who will partner with you for well-managed IT.
More on our Cybersecurity Services here. More free resources on Cybersecurity for Nonprofits here.
If you’re ready to gain peace of mind about your IT support, let’s talk.
Transcript coming soon
Photo by Kaffeebart on Unsplash