What topics should we expect to be important next year?
In a New Year’s Eve tradition, Carolyn asked Community IT senior staff to weigh in on the most important and/or under-reported tech stories that impact nonprofit technology. While many of these stories are not under-reported, widely reported mainstream tech stories often have particular or unexpected impacts on the nonprofit sector. We’re following many of them this year.
Listen to Podcast
Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on Apple, Spotify, Google, Stitcher, Pandora, and more. Or ask your smart speaker.
New AI hacks and increased vulnerability even when using MFA were some of the top stories in cybersecurity this year, and it is no surprise that nonprofits are concerned about these new attacks. Community IT is assisting our clients with stronger MFA options and increased training to keep staff current on updated scams. As long as hackers can take money even 1% of the time, we expect nonprofits to need to constantly revise the measures they take to deter cyber crime. The good news is, many of the new approaches are not expensive or terribly difficult – the important thing is to start with a good foundation, organization-wide commitment, and keep your staff trained on new techniques.
AI (Artificial Intelligence)
This story was not under-reported in 2023, but has had an outsized impact on the nonprofit sector and we expect the AI field to keep changing and impacting our sector in new ways in 2024. With the availability of new AI tools accelerating, we are not going to predict what we will be talking about in January 2025!
If you have been to a webinar, conference, or training in 2023 you have heard about the possibilities and considerations nonprofits need to make when using AI, beginning with creating an AI acceptable use policy for your organization. Microsoft’s Copilot is getting attention as a stand-alone AI for 300+ staff organizations, but in fact most of the tools we already use will have new AI updates coming, and your organization will have to develop ground rules. Nonprofits are uniquely positioned to draw attention to the ethics of AI. Expect to hear more about AI implementation, new tools, and special concerns in the coming year.
Community IT has created an Acceptable Use of AI Tools policy template; you can download it for free here. The Technology Association of Grantmakers has published a free framework for nonprofits using AI tools available here.
If you have tried to hire an IT staff member in 2023 you know that the challenges have only increased as the market has gotten more competitive. With businesses competing for all workers, tech staff are in a strong position to shop around and change positions frequently. Even with layoffs from large tech companies providing more IT workers in the workforce, it is an applicants’ market.
One of the benefits of working with an MSP like Community IT is an outsourcing of the hiring process, saving you headaches. We have noticed increased new client inquiries from organizations who lost a long term IT staff member and were unable to hire any replacement. While Community IT has also experienced more turnover than usual, we already have a deep bench and lots of cross-skills coverage, which gives our clients more stability than hiring in-house. And our emphasis on work-life balance and hiring and supporting under-represented groups has kept our hiring strong even in this competitive climate. Many of our staff have been with us for decades, giving us a unique ability to escalate tricky questions quickly and mentor new staff on our high service standards.
Transcript: Top Nonprofit Tech Stories of 2023
Carolyn Woodard: Hello and welcome to the Community IT Tech Topics Podcast. My name is Carolyn Woodard. I’m the Outreach Director for Community IT and today I am continuing a New Year’s tradition and grilling our senior staff on some of the tech stories that they are following, particularly how the national tech news relates to the nonprofit sector. So please join me in listening to these experts share their opinions and the stories that they’re following with the greatest interest.
Steve Longenecker: My name is Steve Longenecker and I am the Director of IT Consulting at Community IT. Two tech stories from 2023 that I’d like to share with you are one, an important improvement to Google Workspace for nonprofits and two, a new sophisticated attack on Microsoft 365 identities.
Google Workspace Storage Updates
The good news first, in the spring of this year Google announced that they were changing their approach to storage limits for the Google Workspace for the nonprofits tier of Google Workspace. A lot of nonprofits, especially when just starting out, sign up for this tier of Google Workspace because it’s free, it provides a lot of basic IT services in one package, and it’s relatively easy to implement. But a limitation of this free tier of Workspace was its significant storage limits. A single Google Workspace for nonprofit user account could not have more than 30 gigabytes of stuff across their Google Workspace services.
When that limit was reached, the user accounts functionality would degrade significantly. Most importantly, the user couldn’t send or receive email. This spring Google announced a change was coming soon. Google would now give each Google Workspace for nonprofits customer 100 terabytes of pooled storage. Pooled means that one account can use more if other accounts use less. Pooling alone, even without increasing the total storage allotted, would make a big difference. But 100 terabytes is also a huge, huge allotment increase. It’s more than 30,000 times the old per user limit of 30 gigabytes.
This change didn’t actually materialize until just a month or two ago, but now for nonprofits getting this tier of Google Workspace, it has probably happened. You didn’t have to do anything. Just go into your Google Admin portal and you should be able to see the new paradigm. Look under the storage node. Thank you, Google.
New Multifactor Authentication Attacks
And now for the story that’s not good news. We’ve been telling our clients for years now that they really need to implement MFA, or multi-factor authentication, for accessing their cloud services. This is familiar to everyone, I hope, but it’s the idea that you don’t just provide your username and password when you log onto a service. You also provide a second authentication factor that only you have. Most commonly, you click approve on an authentication app registered to your specific Android or iPhone device. It’s important because passwords get compromised. MFA adds an extra layer of defence until 2023.
In 2023, we started seeing sophisticated attacks that started with a phishing email inviting users to open a shared SharePoint or One Drive document. When the user clicked on the share link, the link took their browser to a server owned by the hacker or adversary or whatever we want to call these bad guys.
But the server didn’t just offer up a webpage that was copied from a Microsoft 365 logon page. Those are bad because an inattentive user might type in their username and password. When they do, they’re typing it into the hacker’s server. Of course, MFA mitigates this attack, at least somewhat, because while the hacker might get the user’s username and password, they don’t have access to the user’s Android or iPhone. So with MFA, they couldn’t actually access the account.
This year, though, we saw attacks in which the adversary’s server actually passed the web traffic through to the real Microsoft 365. It’s called proxying. So the logon page that the user sees is the legitimate logon page, Microsoft’s. It asks for username and password and for MFA. If the inattentive user provides all that, the legitimate Microsoft logon process authenticates the user and sends back to the user’s computer a small piece of code called a token that is held by the user’s browser until the token expires.
The token is the browser’s authentication to all Microsoft 365 services. Tokens save you from logging in every single time you access a Microsoft 365 service. They’re great. Tokens are awesome. But this token is passed through the adversary’s server, the proxy, on the way from Microsoft 365 to you. And the adversary’s server grabs a copy. And with this token, they now have access to your Microsoft 365 account. Wow.
At Community IT, we want everyone to get regular cyber security awareness trainings so they are more likely to recognize the original phishing email. With training, vigilant users might notice that the web address their browser shows during that proxied logon process is not a Microsoft address. We’re also exploring the use of physical FIDO keys as the MFA second factor, as this technology can apparently defeat this adversary-in-the-middle attack.
The cat and mouse between bad actors and security best practices will continue to evolve. 2023 was no different. MFA remains a key component of cloud security, but it alone cannot be counted on. The challenge continues.
Saba Gebru: My name is Saba Gebru. I am the Vice President of Support Services Department at Community IT Innovators. I oversee and provide leadership to the support services operations, which includes Community IT’s helpdesk, on-site support team, and advanced engineering team. I have been with Community IT for 16 years.
Looking back on 2023, from where I sit, I have seen an increase in security incidents. As security platform vendors and professionals implement more sophisticated security measures to protect organizations from hackers, hackers are simultaneously becoming more clever with their attacks. We’ve noticed that hackers also find more deliberate and complex hacking methods. As a result, we have seen an increase in account compromise cases. I believe this will continue to be the case for 2024 and beyond. It is a game of cat and mouse for both the security industry and the hackers. I’ve also noticed cyber insurance companies requiring more in-depth information on how organizations are securing their data and network before processing the cyber insurance.
Migrating to the Cloud
As we all know, the pandemic dramatically changed the way many organizations worked, overnight. We also know that remote and hybrid work environments are here to stay and with it comes a need for advanced technologies and easy access to any location. Which is why migrating to the cloud is another area that nonprofit organizations were focused on in 2023.
2023 was also the year that artificial intelligence emerged and gained the spotlight. Some nonprofit organizations are already engaged in figuring out ways to integrate AI to support their organization’s mission. Organizations are using artificial intelligence and machine learning technologies to analyze information to help with predicting trends and planning for the future. Nonprofit organizations are also challenged to think about and create acceptable use of AI within their organization. How do they want AI to be used within their organization? What is the acceptable use of AI? What to do or not to do when using AI at work? Regardless of our thoughts on AI, it is there. It is here to stay for the long term.
Rethinking the Donation Process
Lastly, digital fundraising is something I have been hearing about for 2023. Digital fundraising uses a variety of online tools to reach a larger audience. Some nonprofit organizations have already embraced digital fundraising. Digital fundraising will continue to be the trend in 2024 and beyond. Nonprofit organizations will be rethinking and recreating the donation process to join the digital fundraising era.
Matthew Eshleman: Hello, my name is Matthew Eshleman, and I’m the Chief Technology Officer at Community IT. In my role, I’m responsible for endpoint management, technology strategy, and cyber security for our internal teams and our clients.
Cybersecurity MFA Attacks
When I look back at 2023, one of the things that I think has been under-reported is really the rise in sophisticated cyber attack frameworks that allow threat actors to steal passwords and MFA tokens. And looking back in our data from the past year, we can see that we had a number of cases where accounts were compromised, even though they were using some sort of multi-factor authentication. In many of those cases, it was due to a proxy attack that the attacker was able to launch that intercepted a login and was able to steal those credentials and MFA tokens. And to me, that really demonstrates that ongoing training and education, along with adopting phish-resistant forms of MFA, like physical security keys or certificate based authentication, is critical to keeping your digital identity secure.
Microsoft Donation Program Changes for Nonprofits
I would also note that there have been a number of changes in the Microsoft donation program for nonprofits that I think have gone under the radar. Last year, we saw Microsoft remove the ability to renew those free E1 licenses that many organizations had accrued. This year, Microsoft has made some additional changes to reduce the Azure donation from $3,500 down to $2,000. There have also been increases in the overall subscription cost for business premium and the other product SKUs. And there’s also been a switch away from kind of the pure month-to-month licensing costs into the more traditional annual licensing commitments.
Even with all those changes, I think the Microsoft 365 platform still delivers a tremendous amount of value for the products that are included. But those changes, I think, are worth acknowledging as Microsoft continues to refine and update their nonprofit donation program.
Nuradeen Aboki: My name is Nuradeen Aboki, and I am a senior consultant at Community IT.
Microsoft Copilot AI
This year, Microsoft announced Copilot for Microsoft 365, which is a new feature that uses artificial intelligence, AI, to assist users with various tasks and projects in Microsoft 365. This feature can have significant impact on the nonprofit sector, such as improving fundraising and donor engagement. Copilot can help nonprofit organizations create personalized and compelling content, including emails, newsletters, social media posts, and videos to attract and retain donors. It can also analyze donor data and behavior to optimize fundraising strategies and campaigns.
In addition, Copilot can enhance operational efficiency and effectiveness by helping nonprofits automate and streamline various tasks, such as data entry, reporting, accounting, and compliance, to save time and resources. It can also provide insights and recommendations to improve decision making and performance.
Furthermore, Copilot can help nonprofits explore new possibilities and opportunities by generating novel and creative ideas, designs, and prototypes. It can also facilitate communication, knowledge sharing, collaboration between nonprofits and other organizations and stakeholders.
While Copilot for Microsoft 365 can bring significant benefits to nonprofits, there are also risks and challenges associated with using artificial intelligence, such as data quality, security bias, privacy, and accountability, as well as regulation. Therefore, nonprofits should carefully consider the benefits and risks of using Copilot for Microsoft 365, and follow best practices and guidelines for implementing and managing projects in Microsoft 365.
Carolyn Woodard: My name is Carolyn Woodard, and I am the Outreach Director for Community IT. I’m jumping in here at the end to thank the other staff who gave us their insight into some of those stories.
IT Workforce Issues Affecting Nonprofits
I just wanted to conclude by saying something that I’m really keeping an eye on, and I know some other people at Community IT are as well, is workforce issues for tech workers. We saw a lot of layoffs in big tech that had expanded too much, maybe they’re retooling entirely what they are doing with nonprofit space, such as Salesforce. Maybe they are reorienting themselves toward AI tools, like Microsoft. So there have been a bunch of layoffs, which you would think might flood the IT applicant pool for nonprofit IT, which I think it has to some extent.
At Community IT, we’re seeing, and I think some of our clients are seeing as well, a lot of applicants maybe who are thinking that they will change their careers and move from for-profit IT jobs into nonprofit IT. And maybe that’s a good fit, and maybe it isn’t. We’re seeing a lot of people trying out a nonprofit IT career, and maybe moving on pretty quickly. There seems to be a lot of turnover, and we’re hearing that on our clients as well.
It’s very competitive right now. As we all know, there’s a lot of demand for IT jobs, and still not a lot of supply. IT workers are finding that they can trade jobs fairly quickly. They can try something on and then move on if it’s not a good fit, which is always good. If it’s not a good fit, you shouldn’t stay.
That also means that it’s very challenging to find someone to fill a role. Maybe you have somebody leaving after they’ve been at your organization for a decade and been in charge of IT, an IT director, manager, or CIO. It’s just really, really hard to fill those roles and to hire for them.
There’s also been a lot of consolidation, or there is ongoing consolidation going on in the Managed Services Provider (MSP) space. There’s lots of acquisitions, there’s lots of MSPs buying up smaller MSPs in order to grow large quickly. That can mean that you get better service. But often what it also means is that they lay off people and try to find efficiencies in that way. There’s just a lot of turmoil, I think, in terms of workers and job roles.
In addition there’s so many changes with AI, as we’ve heard, and with cybersecurity. There are new job descriptions coming online, and trying to find the workers that can fill those new roles is difficult. And it’s very hard to find applicants for more senior roles as well, like the CIO role, where it’s got to be somebody that’s on your executive team that really knows your organization really well and can see the strategic difference that IT can make.
Well managed IT is such an asset to an organization. If you’ve ever been in a nonprofit organization that has not had well managed IT, what a block that can be to your growth as an organization and to your ability to fill your mission.
As we’re thinking about all of these different stories that are going to be in the news in the next year that was one part of the puzzle I wanted to draw a little attention to. If you know someone who’s looking for a job in nonprofit IT, now is a really good time to get into this career.
If you are an organization trying to hire someone, I would recommend looking at MSPs, because they can give you a lot of stability. You have a team working for you instead of a single point of management over your IT. If you were to hire that position in house, you just have one person, versus hiring an MSP, where you would have a team of people and some senior people you can call on.
That’s about going to wrap it up for the top tech stories of 2023. I hope you will join us again in 2024 for our podcast. We do try to bring you these stories as they’re coming out from our senior staff and from guests of the pod. We’re always looking for people to interview, so get in touch if you’d like to be on the podcast next year, and we’ll see what we can do. And of course, we also post our webinars here, the audio, so you can follow along. If you missed a webinar, we have those webinars monthly. You can register for those on our site. And we look forward to hearing from you and collaborating with you and just following this path through IT for nonprofits with you in the coming year.
Ready to get strategic about your IT?
Community IT has been serving nonprofits exclusively for twenty years. We offer Managed IT support services for nonprofits that want to outsource all or part of their IT support and hosted services. For a fixed monthly fee, we provide unlimited remote and on-site help desk support, proactive network management, and ongoing IT planning from a dedicated team of experts in nonprofit-focused IT. And our clients benefit from our IT Business Managers team who will work with you to plan your IT investments and technology roadmap, if you don’t have an in-house IT Director.
We constantly research and evaluate new technology to ensure that you get cutting-edge solutions that are tailored to your organization, using standard industry tech tools that don’t lock you into a single vendor or consultant. And we don’t treat any aspect of nonprofit IT as if it is too complicated for you to understand.
We think your IT vendor should be able to explain everything without jargon or lingo. If you can’t understand your IT management strategy to your own satisfaction, keep asking your questions until you find an outsourced IT provider who will partner with you for well-managed IT.
If you’re ready to gain peace of mind about your IT support, let’s talk.