Listen to Podcast
Find part 1 here. Find podcast part 3 here. Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on Apple, Google, Stitcher, Pandora, and more. Or ask your smart speaker.
Cyber, Crypto, Blockchain: Nonprofit Tech of the Future
Video: Cyber, Crypto, Blockchain – Learn about cutting edge nonprofit tech from three experts with decades of experience and a deep interest in tech innovations. Johan Hammerstrom, CEO of Community IT Innovators, Steve Longenecker, our Director of IT Consulting, and Nura Aboki, Senior IT Business Manager and Consultant, discuss topics that are getting a lot of buzz – and dig into how ready these technologies are for the market, and how ready nonprofits are to invest in cutting edge tech.
In the second episode of this series of interviews, Johan and Nura set the stage by going over the way modern offices use technology and what is important to our hybrid and work-from-home offices now. Then they get into the issues with cybersecurity generally for nonprofits, and some high tech that may be coming our way to help counter cyber threats. With Steve, they cover crypto as it relates to nonprofits, particularly wanting to be able to accept crypto donations, and the potential for blockchain to increase options for contracting remotely.
Is your nonprofit forward looking? Are you interested in cyber, crypto and blockchain nonprofit tech? Are you fighting the environmental impacts of these resource-intensive currencies, and conflicted about the pace at which these alternative, distributed currencies are growing, or can go under? Worried about what new financial realities may mean for your donors? Interested in some of the other uses blockchain may bring to our modern offices in the next 3-5 years?
Join us for a quick preview of where we think cyber, crypto and blockchain are going and how we expect new cyber threats to continue to impact the nonprofit tech sector. Johan, Nura, and Steve add their speculation to this trendy topic, looking primarily through a lens of nonprofit business needs and concerns.
In part 3 of this series our experts discuss Artificial Intelligence for nonprofits (AI) and Machine Based Learning innovations. Stay tuned!
Johan Hammerstrom’s focus and expertise are in nonprofit IT leadership, governance practices, and nonprofit IT strategy. In addition to deep experience supporting hundreds of nonprofit clients for over 20 years, Johan has a technical background as a computer engineer and a strong servant-leadership style as the head of an employee-owned small service business. After advising and strategizing with nonprofit clients over the years, he has gained a wealth of insight into the budget and decision-making culture at nonprofits – a culture that enables creative IT management but can place constraints on strategies and implementation.
As CEO, Johan provides high-level direction and leadership in client partnerships. He also guides Community IT’s relationship to its Board and ESOP employee-owners. Johan is also instrumental in building a Community IT value of giving back to the sector by sharing resources and knowledge through free website materials, monthly webinars, and external speaking engagements.
Johan graduated with Honors and a BS in Chemistry from Stanford University and received a master’s degree in Biophysics from Johns Hopkins University.
Johan enjoys talking about all aspects of nonprofit tech of the future, including speculating on cyber, crypto and blockchain and nonprofit tech.
Nura is a Senior Engineer and IT Business Manager at Community IT Innovators. In that role, he proactively oversees technology infrastructure for clients. Nura started his career at Community IT as a Network Administrator in 2009. In 2012, he was promoted to Network Engineer and assumed a supervisory role in IT service operations.
As an IT Business Manager (ITBM), Nura guides some of our largest clients through complex implementation of effective technology investments and utilizing efficient IT services in direct support of their missions.
The ITBM makes recommendations on IT investments, training programs, maintenance, and licenses. They help the client be forward-looking, and act as a vendor-agnostic, trusted advisor with deep knowledge of the nonprofit IT software and platforms available. Because Community IT works in partnership with clients to manage long-term IT needs, the ITBM relationship with the client makes them a true asset. Nura is always thinking and talking about nonprofit tech of the future and how our clients can benefit from new technology.
Prior to joining Community IT Innovators, Nura served as a member of the technical support team at George Washington University where he provided incident management to over 20,000 end users on computer hardware, software, and networking issues. Nura also held a Network Specialist role at the Economic Community of West African States (ECOWAS) Parliament in Abuja, Nigeria.
Nura holds a Bachelor of Science in Computer Engineering and Master of Science in Electrical Engineering, both from George Washington University. He continues development of his professional competence through continuing studies in Technology Management.
As Director of IT Consulting, Steve Longenecker divides his time at Community IT primarily between managing the company’s Projects Team and consulting with clients on IT planning. Steve brings a deep background in IT support and strategic IT management experience to his work with clients. His thoughtful and empathetic demeanor helps non-technical nonprofit leaders manage their IT projects and understand the Community IT partnership approach.
Steve also specializes in Information Architecture and migrations, implementations, file-sharing platforms, collaboration tools, and Google Workspace support. His knowledge of nonprofit budgeting and management styles make him an invaluable partner in technology projects. He loves thinking and talking about nonprofit tech of the future.
Steve’s appreciation for working at Community IT Innovators is rooted in respect for the company’s vision, and for his excellent colleagues. Before joining Community IT, Steve was an 8th grade science teacher at Takoma Park Middle School, and – though that was a long time ago now – he still draws on lessons learned in that first career.
Steve is MCSE certified. He has a B.A. in Biology from Earlham College in Richmond, IN and a Masters in the Art of Teaching from Tufts University in Massachusetts.
Carolyn Woodard: Welcome. My name is Carolyn Woodard, and I am the Director of Outreach for Community IT. Thank you for joining us for part two of our series of discussions on high tech and cutting-edge nonprofit technology.
Today, our three senior experts will be discussing cyber, crypto and blockchain. If you missed part one on virtual reality, you can find it if you subscribe wherever you listen to podcasts. I’ll let our experts introduce themselves and get right into the discussion.
Johan Hammerstrom: My name’s Johan Hammerstrom. I’m the CEO at Community IT. I’m happy to be here today with Steve. Steve, you want to introduce yourself?
Steve Longenecker: Sure. I’m Steve Longenecker. I’m the Director of IT Consulting at Community IT.
Nura Aboki: My name is Nura Aboki. I’m an IT Business Manager and a Senior Consultant at Community IT.
Johan Hammerstrom: Well, I’m curious to hear about what Nura has been looking at lately in terms of new technology and specifically what some of the clients that he’s been working with are looking at.
What are some of the new things that a lot of nonprofits are starting to use that we maybe haven’t seen before? I’m curious to hear more about that.
Modern Office IT Concerns
Nura Aboki: One of the trends we’ve seen is certainly the hybrid work environment. What is that? What is it going to look like, two years from now or next year? Is it going to be more remote access, more adoption of social media tools, faster connections, virtual assistants?
So those are the kinds of things I basically researched and I have key points that I would want to share in this conversation.
Johan Hammerstrom: So as a senior consultant, you work with many of our largest clients and as you mentioned, help them with roadmap development and planning for the future.
And I’m curious, what are you seeing now? Are there any new technologies or technology solutions that you’ve seen in the last year or two in the work that you do that are maybe new or that you were kind of surprised to see?
Nura Aboki: Well, in the past few years, we’ve been hit hard by the pandemic, we can’t escape that fact. And that has really created the need for cloud adoption. Several nonprofit organizations have really invested in making sure that they have business continuity. And those investments are typically with software as a service solution providers. Primarily, we’ve seen this across Microsoft products, Google products. Those are big players that we have seen clients moving from on premises solutions that they typically would have been using back when we were mostly in the office to switching to using cloud-based solutions or software as a service.
In addition to that, departments across nonprofit organizations, especially departments that deal with people and culture, departments that deal with finance, are also investing in cloud-based software as a service solution.They are integrating their business processes with those solutions.
Now, two years after the pandemic, we have seen clients thinking about going back into the office. And that also begs the question, what would the office look like where you have people transitioning from being fully remote to having a sort of hybrid work environment? Some clients that had a hybrid environment have been making investments in ensuring there’s fast connectivity in the office.
Because they still want employees to have that hybrid experience where they’re able to access services remotely, as well as when they are in the office. That fast connectivity to access cloud services is there for them. We are seeing investments in increasing the bandwidth speeds. And that is also interesting because bandwidth used to be expensive. Now, it’s becoming cheaper and cheaper and more accessible. Even smaller nonprofits have more options in selecting their internet service provider that will give them the most reliable, fast connections.
Just to touch on a little bit on specifics, the hybrid work environment investment would be something like, hey, we have a lease on the office, for instance.
A client will say, well, we’re going to have a lease on the office, but the office furniture is not fully utilized. Office space is not fully utilized. So there is that consideration of some clients saying, let’s bring in some sub tenants.
Or, maybe we should have a way of having applications that will allow us for hoteling some of the desks in the office or office space. No single employee owns the space, but rather it’s a shared workspace. I think there’s a heavy utility in that kind of thinking and investment.
There are staff applications or software service applications out there tailored to provide efficient ways of using your office space. So that’s one specific example that I can share.
Johan Hammerstrom: Yeah, I’ve seen something similar where at the start of the pandemic, we went from working at an office to working at home, and then as the pandemic has started to recede, organizations, especially larger organizations, aren’t going back to working from the office. They’re instead moving into this mode of working from anywhere where one day you might be working at home the next day you might go into the office, but you might work at a desk that you reserve through a reservation system, like the kind you’re talking about.
And then two days later, you might travel to another city to visit another customer or client that you have in that city. And then the next day you come back and you work from home. And so the work environment, especially the computing work environment has to work from a variety of different locations, and in a variety of different environments.
And so that’s something that requires not just a reliable laptop, it’s not just about having the laptop. It’s like you’re saying: how do you connect to the internet from all of these different locations and how do you reserve locations to work from, and how do you work productively from those locations? While also like connecting with people and other people in the organization and in other organizations who are also working from a wide range of different locations?
It has introduced more complexity in some ways into the work environment. And as we know, one of the great strengths of IT is its ability to assist with managing complexity. And so having a solution that enables an organization to manage desk reservations at their office space is going to be effective. Those sorts of solutions are going to be important.
Nura Aboki: That’s exactly right. Thank you, Johan, for really expanding on that. And it presents complexity and concerns in terms of security. I think investment in security has increased as well, because the threat landscape is now broader and wider.
We talked about people working from anywhere. So how do you ensure that their access to the network service is secure and not compromised? In my conversation with senior leaders at nonprofit organizations, they are asking questions about security.
And one element to it is how do we ensure our employees are educated enough? They are sort of aware of the threat landscape and the risk that is out there. And in particular, we are seeing companies or clients sign up for security awareness training programs.
And even if they have not been thinking about it, or they feel like well, you know, I’m no threat. My organization is just volunteers. We provide food to poor people – that kind of mindset and thinking. Still the organization can be at risk, because you may have personally identifiable information on the database that can be hacked or theft of identity or they can be used as proxies.
We’ve seen increased attacks: phishing attacks, spear phishing attacks, fraudulent emails being sent, impersonation of employees. And for that reason, companies are investing in security awareness programs.
They feel the first line of defense is the employee, if the employee is able to detect social engineering, because they’re probably sitting somewhere on a beach working remotely. They understand, are well-trained and aware of threats that may come their way. So that is another angle to the complexity that it adds more support, more complexity,
But then indeed, security is also an area where CEOs and Executive Directors, higher level staff are thinking about.
Would you agree, Johan, that you also see that up and up increased investment in cybersecurity?
Johan Hammerstrom: I totally agree. I think there’s an increased awareness when it comes to cybersecurity. And I think what’s most interesting is that you have to up your cybersecurity game. It’s not enough to have MFA anymore; multifactor authentication, which is something that a lot of organizations adopted over the course of the pandemic.
There was a growing awareness that if my staff can log into their email from home, or from anywhere, then a hacker, a threat actor, could log into our email from anywhere. And so there was an increased awareness that having multifactor authentication was an important security protection to add. Now, what we’re seeing is that not all multifactor authentication methods are created equal, and not all MFA approaches to MFA are equally secure.
And this became really clear with the Uber hack, where they were able to basically access Uber’s credential database – the database that had all of their security credentials. Even though it was protected through MFA, the hackers found a way to bypass that MFA because of how the MFA was implemented.
It’s cat and mouse, every time you have a new protection people find ways to bypass it, and then you need to make the protection stronger. The code-based MFA, where it’s sending a code to your phone, has been found to be fairly weak, especially when it comes to a determined threat actor who wants to hack into your system. More advanced implementations of MFA are being developed and deployed. And that’s something that I think is going to be important for organizations to look at and to start implementing over the next few years.
Nura Aboki: Excellent point. Thank you, Johan.
Johan Hammerstrom: I also think another area of security that’s important is encryption. I know we’ve started to use both. Disk level encryption is something that organizations have been doing for a while. I think it’s something that also has become a lot more common in the last few years. And then file level encryption. We’ve definitely started to use it more here at Community IT.
I’m curious if you’ve seen that in any of the organizations that you work with or if you’ve seen any use cases where file level encryption would be beneficial?
Nura Aboki: Yeah, a good question, again, Johan. I certainly have seen encryption in some of our clients, and some of them really collect a lot of information about their donors, collect information about their members. That information can be personally identifiable information, social security perhaps, or credit card information, address, something you can build a profile that is at risk or sensitive information that could be at risk when it falls into the wrong hands.
So, clients have asked about a variety of ways to secure that data, whether it is through encryption at rest of the files that are stored on either a cloud files storage solution. A variety of them are out there, quite frankly, that typically would have the encryption at rest.
They are concerned that if they are sharing information or sharing links, are these links secure? They’re concerned about the file’s encryption in transit. Is it really happening?
How can they be sure that no man in the middle attack or spoofing attack or some sort of cyberattack can be launched to capture that data in transit? So cloud providers are stepping in to ensure that there is encryption in transit as well.
Now, the disk encryption that you had mentioned, which we’ve seen, device encryption is a no brainer. Organizations that do have users using mobile devices like laptops, for instance, should really consider getting that. It’s available within the operating system and can be easily implemented and deployed. So we advise our clients to prioritize if they haven’t, disk or device encryption, for all the laptops that they have, and even for stationary devices.
If it’s a stationary device and there is likely going to be some sensitive information, disk encryption is important. And device encryption can be enabled, as long as you have the right partner that has the right skill sets to get that rolled out. As clients use more of the cloud, the cloud providers need to provide some evidence of encryption. They typically have, whether it’s 256-bit AES encryption, or it’s 128, they do have some level of encryption.
Some organizations that have compliance requirements, there may be some minimum requirements to meet that compliance. And they need to evaluate the vendor that is providing that storage capability for their files in the cloud to ensure that their data is secure.
There are some high security nonprofit organizations that are really security conscious, and they are worried that their data can be shared with some of the third party cloud providers. So they also need to closely evaluate, to see how they can bring in their own encryption keys so they are the only ones that have the private keys to decrypt any data. Even the provider doesn’t know what’s there. It’s encrypted. All they know is there are files on there stored by X client. But they can’t decrypt and read any of their data.
So there are levels. But that evaluation needs to be done with an IT partner that actually has the experience to provide that guidance.
Crypto for Nonprofits
Johan Hammerstrom: Switching gears a little bit, I wonder if any of your clients have asked you about blockchain or crypto currency? Is that something that you ever get asked about?
Nura Aboki: Well, as I’m looking at data on my computer, we recently experienced some crypto exchange that actually went into trouble [FTX Meltdown]. And so that excitement is there.
The questions I typically get about crypto is, is it possible for us to have a secure, clean way to accept donations?
So that is the fundamental question: how are we going to raise funds? Is crypto a donation option for us?
And it’s under consideration, I would say. I’m not aware of any of my clients accepting crypto as a method of providing donations. But the confidence level that people had is still there, it’s just that recently, the news hasn’t been good for the crypto community.
And so the growing concern is: who is the legitimate sort of regulated crypto exchange provider where we accept donations in crypto currencies, and we can convert it into fiat currencies at the other end and use it to fund our programs easily? That’s the extent to where I’ve seen those conversations happen.
Blockchain for Nonprofits
But I know investments are being made by the tech community to provide solutions around blockchain transactions so they can easily be audited. Know your customer, know where the source of the funds is coming from, who it’s exchanged with and how the transaction is done. Blockchain technology has so much potential in providing that transparency.
Johan Hammerstrom: Yeah. I agree. I think blockchain’s very interesting. I don’t know nearly enough about it to really weigh in on its technical merits.
For example, going back to the DocuSign, where we sign documents with this weird, sort of grainy click,
Steve Longenecker: Click, yeah. It’s the click that counts.
Johan Hammerstrom: Right, exactly. It’s the click that counts and the click is verified by sort of this poor facsimile of a written signature.
If blockchain technology can create some sort of universal verification method; contracts seem like an area that seems right for innovation. If contract storage could be centralized and done in a secure way and there’s a ledger that tracks all the contracts that are getting signed in the world or something like that. That seems like an efficiency gain over what we have with DocuSign right now, which is like the fax machine in some ways. So I would assume that DocuSign is looking closely at blockchain and figuring out how we can innovate to the next level with all of this. So I think it’s important to separate blockchain, the technology, from the crypto currency…
Steve Longenecker: Financial boondoggle?
Johan Hammerstrom: Well, I think there’s people who are true believers when it comes to what crypto is supposed to be able to do, in terms of global currency systems. I think they are…
Steve Longenecker: Freeing us from the nation state monopoly on monetary systems right now. Yeah. I get that. And it’s an interesting idea.
Johan Hammerstrom: Well, I think it’s really naive. And I think, human history and human behavior being what it is, low and behold, a lot of crypto currencies are actually fraudulent and they’re failing and they’re crashing like every other new financial instrument that’s ever been invented in the history of financial instruments.
So, I think it’s easy to look at all that and say, well, it’s a bunch of hype and it’s just fraudulent. But, I think behind the way in which this blockchain technology is being used, there could be a legitimate technology that in the hands of companies, it’s going to be tech companies, could end up being put to a use that a lot of organizations find helpful.
Carolyn Woodard: Thank you for joining us for part two of this discussion of high tech and nonprofits. You can find parts one and three if you subscribe wherever you listen to podcasts, or on YouTube, or on our website.
Get in touch with us on our website [right here!] to suggest future topics you’d like us to talk about.