View Video

Subscribe to our Youtube Channel here

Listen to Podcast

In Pt 1, listen to a conversation on hybrid work and learn about new cybersecurity considerations and resources. In Pt 2, the panel give some AI tips, answer questions from the audience, and present a “grab bag” of new technology, tools, and issues they are going to be following in 2025.

Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on AppleGoogleStitcher, Pandora, and more. Or ask your smart speaker.

Transcript coming soon!

Join CTO Matthew Eshleman and Director of IT Consulting Steve Longenecker, moderated by Carolyn Woodard from Community IT, in a lively and specific discussion of all things nonprofit tech for 2025 and beyond.

It’s like listening in on your smart friends talking about stuff you need to know about but don’t know who to ask.

Kick off the new year with a new understanding of trends and practices that can help your nonprofit succeed. This is one of our most popular webinars and podcasts year after year for a reason. We don’t believe a lot of lingo or jargon is necessary to understand what you need to know to manage IT.

As with all our webinars, this presentation is appropriate for an audience of varied IT experience.

Community IT is proudly vendor-agnostic and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.

Many questions asked at registration or live at the virtual event will be answered in the transcript. Check back and get some expert insight in this webinar nonprofit tech round table.


Presenters:

Matthew Eshleman


As the Chief Technology Officer at Community IT, Matthew Eshleman leads the team responsible for strategic planning, research, and implementation of the technology platforms used by nonprofit organization clients to be secure and productive. With a deep background in network infrastructure, he fundamentally understands how nonprofit tech works and interoperates both in the office and in the cloud. With extensive experience serving nonprofits, Matt also understands nonprofit culture and constraints, and has a history of implementing cost-effective and secure solutions at the enterprise level.

Matt has over 22 years of expertise in cybersecurity, IT support, team leadership, software selection and research, and client support. Matt is a frequent speaker on cybersecurity topics for nonprofits and has presented at NTEN events, the Inside NGO conference, Nonprofit Risk Management Summit and Credit Builders Alliance Symposium, LGBT MAP Finance Conference, and Tech Forward Conference. He is also the session designer and trainer for TechSoup’s Digital Security course, and our resident Cybersecurity expert.

Matt holds dual degrees in Computer Science and Computer Information Systems from Eastern Mennonite University, and an MBA from the Carey School of Business at Johns Hopkins University.

He is available as a speaker on cybersecurity topics affecting nonprofits, including cyber insurance compliance, staff training, and incident response. You can view Matt’s free cybersecurity videos from past webinars here.

Steve Longenecker


As Director of IT Consulting, Steve Longenecker divides his time at Community IT primarily between managing the company’s Projects Team and consulting with clients on IT planning. Steve brings a deep background in IT support and strategic IT management experience to his work with clients. His thoughtful and empathetic demeanor helps non-technical nonprofit leaders manage their IT projects and understand the Community IT partnership approach.

Steve also specializes in Information Architecture and migrations, implementations, file-sharing platforms, collaboration tools, and Google Workspace support. His knowledge of nonprofit budgeting and management styles make him an invaluable partner in technology projects.

Steve is MCSE certified. He has a B.A. in Biology from Earlham College in Richmond, IN and a Masters in the Art of Teaching from Tufts University in Massachusetts.



Carolyn Woodard webinar 2025 nonprofit tech round table


Carolyn Woodard is currently head of Marketing and Outreach at Community IT Innovators. She has served many roles at Community IT, from client to project manager to marketing. With over twenty years of experience in the nonprofit world, including as a nonprofit technology project manager and Director of IT at both large and small organizations, Carolyn knows the frustrations and delights of working with technology professionals, accidental techies, executives, and staff to deliver your organization’s mission and keep your IT infrastructure operating. She has a master’s degree in Nonprofit Management from Johns Hopkins University and received her undergraduate degree in English Literature from Williams College. She is happy to be moderating this webinar.

Check back for additional resources if you miss this webinar 2025 Nonprofit Tech Round Table.





Transcript

Carolyn Woodard: Welcome, everyone, to the Community IT Innovators webinar for the 2025 Nonprofit Tech Roundtable. This is always one of our most popular webinars every year. We have a panel of our senior staff here today to talk about essential trends in nonprofit tech and what that means for nonprofits.

We’re going to talk today about hybrid work and whether it really is here to stay or if we’ll all be back in the offices in a few years. We’re going to learn about new cybersecurity threats and prevention, about the impact that AI tools are having on our work in our sector, and we’re going to learn some new updates to Google Workspace, Office 365, some other tools, and some other updates. 

My name is Carolyn Woodard. I’m the Outreach Director for Community IT and the moderator today. Very happy to hear from our experts. Matt, would you like to introduce yourself?

Matt Eshleman: Sure. It’s great to be here and talk about some tech trends for the upcoming year.

My name is Matthew Eshleman and I’m the Chief Technology Officer here at Community IT. I’m happy to say this year, I’ll be celebrating my 23rd year at Community IT. Super excited to be here and it’s interesting doing these to see just how much technology has changed, particularly nonprofit space over that time. Looking forward to the conversation today.

Carolyn Woodard: Me too. Thank you for joining us. Steve, would you like to introduce yourself? I think you’re also going to give Matt a run for his money of how long you’ve been with Community IT.

Steve Longenecker: I’m like the little brother, no matter how long I stayed at Community IT, Matt has been here longer than me. I’ve been at Community IT for 20 plus years now, and I am the Director of IT Consulting, and I’m also excited about being on this webinar panel. 

Matt and I have done this webinar together for many years now. Looking forward to it.

Carolyn Woodard: It’s always fun. It’s a good one. 

Before we begin though, if you’re not familiar with Community IT, I’m going to tell you a little bit about us. We’re a 100 percent employee-owned managed services provider. We provide outsourced IT support. We work exclusively with nonprofit organizations, and our mission is to help nonprofits accomplish their missions through the effective use of technology.

We are big fans of what well-managed IT can do for your nonprofit. We serve nonprofits across the United States. We’ve been doing this for over 20 years. We are technology experts, and we are consistently given the MSP 501 recognition for being a top MSP, which is an honor we received again in 2024.

I want to remind everyone that for these presentations, Community IT is vendor agnostic. We only make recommendations to our clients and only based on their specific business needs. We never try to get a client into a product because we get an incentive or a benefit from that.

But we do consider ourselves a Best of Breed IT provider. So, it is our job to know the landscape, the tools that are available, reputable and widely used. And we make recommendations on that basis for our clients based on their business needs, priorities and budget.

Today, we’re going to be discussing several themes with our experts. We know that nonprofits are always facing challenges and sometimes feel more challenging and more stressful than other times. We do know for a lot of nonprofits this is one of those times. It’s very challenging and very stressful. We know that nonprofits are used to strategizing lots of different outcomes and being smart about planning. So, we hope today you can take a breath, take a mental break and focus on some specifics around planning for nonprofit IT.

By the end of this session, we hope that you will have learned about this hybrid and remote work discussion and what that implies for nonprofit IT support. Is hybrid and remote work here to stay? We’re going to learn about new cybersecurity attacks and prevention. We’re going to learn about what you need to know about AI. At the end, which we’re going to try and make a lot of time for, we have a grab bag, so other new things in 2025, including some updates to tools that you use. I just want to make sure to acknowledge that, as I said, we have some challenging times for the nonprofit community, that are going to impact how you plan for and invest in your IT.

Of course, we hope that you keep investing in IT to stay productive and stay active and able to achieve your missions. But there will be economic uncertainty around a lot of issues, trade, inflation, immigration, changes to government priorities, shifting DEI policies, and funding changes related to these changing tides and ideas around the nonprofit role. 

We’re invested in nonprofits, and we hope to support you, but just wanted to acknowledge that as we go forward.

Now, I’m going to turn it over to Steve, who is going to take the lead on last year’s predictions versus the reality, and then we will jump right into the webinar.

Last Year’s Predictions of Nonprofit IT Trends

Steve Longenecker: Sure. So, this webinar, we’ve been doing this for many, many years, and we do like to look back at what we said last year, and we were joking together, the three of us, at our planning meeting a few weeks ago, that we could almost take last year’s slide deck and just copy it and change a few things, and then we could have the same thing again for 2025. There’s a lot of truth to that joke, for sure. 

We talked about AI last year, and we got that one right, turns out AI was important last year, it will be important again in 2025. We’ll spend some time today talking about AI, so I won’t hash it out here. 

We did predict that there would be new cybersecurity threats in 2024, back in last January, and we were right about that. I expect we’ll be right if we predict in 2025 there will be new cybersecurity threats. We’ll be right about that too, that is an ever-changing landscape. So again, we don’t need to get a lot of credit for that. 

We talked about Google Workspace, Microsoft 365, and how that would continue to be of great interest to nonprofits. You live in one platform or the other, and it’s probably the most important platform to your overall productivity. A finance department member might care more about their finance system than they do about Microsoft 365 or Google Workspace, but in general, it’s the platform we all live in, one or the other. I’d say we back off on that. We’ll talk a little bit about this again today, but I would say that in some ways, things have stabilized. 

Microsoft continues to really invest in their platform. I’d say in the long, long view, we have seen Google have periods of intense investment in Google Workspace or whatever the predecessors were named. The platforms had different branding over the years. And then other periods where it’s laid a little bit low. And I’d say right now Google’s priority is definitely on AI, of which there’s an angle for Google Workspace. But I think Google Workspace is getting less attention than it has in some previous years. So that is what it is. We may talk about that a little bit.

And then we’re going to start out right here at the beginning by talking about hybrid work. So, yeah, it turns out that you can rinse and repeat on tech predictions these days because the same themes keep coming up year after year. And that’s not really a big surprise.

Is Your Nonprofit Going to Keep Working Remotely? Audience Poll

Carolyn Woodard: Yes. So, hybrid work, we’re going to talk a little bit about that. We wanted you to weigh in. I’m going to go ahead and launch this poll. 

The question is, is your nonprofit going to keep working remotely?

Matt, can you see that?

Matt Eshleman: Yeah, I was waiting! I couldn’t see the results coming in, so I was curious to see what it ends up as. 

In terms of the responses for the folks attending today, about 11 percent of the respondents are saying yes, all remote forever. The vast majority of the folks are saying yes, they’re hybrid and we like it. That’s the vast majority of the respondents, 67 percent. Fifteen percent of folks saying yes for now, assessing pros and cons.

Interestingly enough, nobody said no, they tried hybrid and remote and then went back to the office. Then maybe just a few of the folks that said no, we never went hybrid and remote. I know we have a couple of direct services, health clinics, and food banks.

Steve Longenecker: Someone mentioned being an outdoor educational facility in the chat. Hard to be remote if that’s what your organization does.

Matt Eshleman: interesting responses, particularly as we’re headquartered in Washington, DC, in particular with the return to office mandate from the federal government. I’ll be curious to see how that potentially trickles down or maybe gives cover for some nonprofit organizations to call staff back to the office as well. They were waiting for a reason.

Carolyn Woodard: Thank you to the people who put in the chat your experience with hybrid work. 

One person said they’re back three days a week. Someone said, hybrid works for everyone, especially during storms or there’s no electricity or water. Someone, as Steve mentioned, said they are an outdoor educational facility, so it is hard to go remote in that situation. And someone said that in-office days are focused on in-person full team or whole department meetings. We do have a client that they went back to the office two days a week, but it’s the same two days for all of the staff, so everyone is in at the same time, and you can get that benefit of popping into someone’s office or meeting for lunch or doing those things. Someone else said, we have been meeting in person once a month and decided we like to see each other, so we’re going to twice a month this year. And someone says, we have an all-hands home week three times a year. So, kind of the reverse of making sure that there’s some times when no one is in the office, having some times when everyone’s working remotely. 

Thank you so much for sharing that. 

Hybrid work is here to stay, or is it?

This is what we said last year, and we think this assessment stands for nonprofits generally. But as we’ve said, the corporate world and federal offices are shutting down hybrid remote work and forcing people back into the offices. 

So, our question is, is the nonprofit world going to stick with hybrid work or eventually follow the corporate and federal world?

I think Steve, you were going to take the lead on this discussion, but hoping that Matt will chime in as well about the return to physical offices, in terms of nonprofit IT.

Steve Longenecker: Yeah, it’s interesting how our audience polled. I was just sort of doing the mental math. It seemed like 90 percent of the organizations are currently doing hybrid, and only a few of those 90 percent are even really re-evaluating it at this time.

Now, hybrid, of course, doesn’t mean fully remote. There is still an office space, there is still, for many, an opportunity to engage face-to-face in team meetings and so on, and I think that works. 

I do think that nonprofits, their selling point in terms of recruiting staff is mission fit. This is your opportunity to make the world a better place, and then also that it might be a nicer place to work than a dog-eat-dog enterprise for-profit world, and that people that are self-selecting to work in nonprofits might be nicer people or whatever. 

Our clients certainly seem, and they’re all nonprofits, certainly seem like nice people, generally speaking, so I think that that fits. I think in keeping with that idea that, hey, we may not pay you as well as if you were working in a for-profit law firm. Do you want to work for this nonprofit law firm instead, just to throw out one comparison point. But we do give you work-life balance. You’re not going to have to work 65-hour weeks. You might be able to work remotely more often than you would in a commercial setting kind of a thing. 

I think that it makes sense to me that nonprofits would continue to build on the technology that allows people to continue to do their jobs well, even when they’re not in an office

But I do also wonder, to a devil’s advocate part of me, that with a lot of trends, technologically and otherwise, nonprofit organizations oftentimes are, I would say, lagging behind the for-profit space for whatever reason, just more conservative.

So, some of the trends that we saw really going strong in the for-profit space and hit the nonprofit space later include things like IT security and stuff. So, a part of me wonders, hey, is it going to be the case? Because we’re definitely seeing, these are big corporations, so there’s a scale difference too. Amazon is making everybody come back to the office. Carolyn mentioned all federal employees have to come back to the office, and that’s huge for people that have established patterns that work for them that involve working from home at least some of the time.

Is this going to be a place that now forever more is a distinction between nonprofit and for-profit? I don’t know. We don’t know the answer, but we certainly see our clients embracing hybrid workspaces and taking advantage of it and viewing it as a real advantage.

And Community IT is somewhere between remote only and a hybrid. Matt’s in our office today, but it’s not that common anymore for us. We’ll have meetings in the office from time to time, but many of our staff live all over the country and we rely on virtual meetings to stay in touch. 

Productivity Management of Remote Workers

Matt, do you want to talk a little bit about the requests that we’ve been getting on the, not the security side per se, but what do you want to call it?

Matt Eshleman: Yeah, on the productivity management side. I think that was a new spark or new trend that I saw come to me in 2024. 

As Steve said, we may be nonprofits lagging the for-profit sector. I think from that perspective, we’re talking about more maybe draconian or strict management standards.

For a long, long time, we’ve always said we don’t do staff productivity monitoring. There are tools we have as a managed service provider. They’re geared towards security, and we are blocking malicious websites. But we’re not in the business of reporting on who’s going where, what percentage of the day maybe somebody’s on the Internet. 

The messaging is really management through your staff relationships

But in 2024, I will say I had more conversations with organizations looking at and evaluating or deploying those productivity monitoring tools. Because I think that lack of in-person interaction, being able to drop by and see what somebody’s doing, rightly or wrongly, I think organizations are maybe feeling a little bit disconnected from the actual productivity monitoring of staff. Are they really using their time to the fullest? 

Organizations have started to look at those, quote unquote, productivity monitoring tools that would provide some reporting. How much time is Word open on the computer? How many words have been typed? What percentage of time was being used on business websites versus personal or recreational sites? 

I think that is something I’m interested to continue to monitor and follow because it’s something that is new. 

I think it does represent a little bit of a shift from a management perspective in terms of how that management staff relationship is working. There’s lots of flexibility working from home. But then there is also a sense of, if I can’t see somebody doing their work, how do I really measure and gauge their productivity if I don’t maybe have other tools or other ways to do that in a good and effective way?

Steve Longenecker: It’s kind of an awful topic. You know, “oh, you’re going to count someone’s keystrokes or you’re going to monitor which websites they visit.” But I also appreciate that when everyone was in the same office, you could sort of walk behind someone and see what was on their screen. And sure, probably people quickly replaced solitaire with a word document when they saw you coming. It’s just a different environment than it is when everyone’s working from home. And I’m sure that it’s abused. I’m sure it is. I mean, hopefully not much. 

And hopefully the people in this audience have missions that inspire staff to work hard and hire people that are just self-motivated and all of those things. But human beings come in all varieties. And what do you do? How do you know? It’s tough.

Carolyn Woodard: I thought an interesting part of this discussion is that there’s a lot of management issues with managing remote workers. And so, it would be interesting to see if the nonprofit sector has better practices at managing or having those trust relationships between colleagues and also vertically between direct reports. If the overwhelming atmosphere at nonprofit offices before lent itself better to remote working or hybrid working because there were better relationships between the people.

And you said there’s usually a tradeoff with salary (and work-life balance). So, I think it’s going to be harder for nonprofits to crack down and say, “you have to be back in the office.”

And then a lot of nonprofits, a lot of our clients gave up their offices during the pandemic. They just went fully remote. So, it wouldn’t be the case like Amazon where they had invested in a multimillion-dollar facility, and then everybody was remote because of the pandemic. And now they have to justify having built their office buildings. A lot of nonprofits just don’t have that and actually like to have the least overhead of not renting a space for an office.

How to Invest in Remote Work IT

Are there particular investments that you need to make to make IT remote work work better that people should be thinking about for the next couple of years? Or is it really just keep doing the remote and hybrid that you’ve been doing and see what happens?

Matt Eshleman: I think a lot of nonprofit organizations have already made that shift. And I think the technology is now really in a place to support that. I think, at the beginning of the pandemic, that was a big scramble, right? Moving the cloud-enabled platforms away from on-prem physical infrastructure. But I think at this point, among the clients that we manage, the number of servers that we manage has really dropped precipitously. Most of the business applications are all in the cloud.

As long as you have a computer with a good internet connection you can be productive wherever you are. I think that infrastructure has already been deployed at many organizations. I mean, we still see organizations that haven’t made that shift, but I think that’s a small minority of organizations that we encounter at this point.

Carolyn Woodard: That makes sense.

Steve Longenecker: I agree with Matt that the technology is there, and I think our clients and probably the people in this audience have already found their way to whatever platforms they use for virtual meetings and so forth. 

We’re probably still evolving the way we use those tools. And what I mean by that is, I don’t think it’s a one-to-one replacement for what we used to do.  

So as just one example, our team, the two teams I manage, I attend huddles with them, and it’s easy to do virtually. It’s a chance for people to say what they’re working on and if they’re having any roadblocks. And I know we’ve mentioned this in other webinars, and it’s not like rocket science or whatever, but we never had huddles like that when we were in the office, because it just would have felt redundant, I think, when we could just ad hoc, see each other whenever we want to. But to have a deliberate time for a huddle makes sense in a virtual world. 

One of our audience members talked about good and poor management in terms of getting people to work hard. And I think that takes relationships.

How do you build relationships virtually? You may need to have a different style of meeting with your direct reports than you might have before. Maybe the frequency changes or maybe what you’re trying to accomplish in the meeting is different.

I spend a lot more time with my meetings talking about people’s families and how they’re doing. Just generally more than I probably did in the past where that conversation happened at the water cooler and the meeting was for establishing priorities, finding out what roadblocks were. Now I’m like, well, you know what? This is my chance to make sure that I’m connected to this person who lives three states away and who I only see once a year at our DC week when we all gather in DC.

Anyway, I think that those are the non-technical practices that I think are evolving and we’re still finding our way on that, if that makes sense.

Carolyn Woodard: I will just jump in to say, we talked a little bit earlier about sometimes nonprofits are lagging other business practices, but this may be an area where nonprofit management is leading, being able to establish those relationships and being intentional about keeping those relationships going even when you’re remote.

New Cybersecurity Threats

I think we’re going to change gears a little bit here and talk about cybersecurity threats. Matt, you want to take the lead and hit some highlights on cybersecurity?

Matt Eshleman: Yeah. Building off what Steve said, looking back at what we talked about in 2024, I think a lot of that has continued. It’s always evolving.

The report from the FBI in terms of what the cost of cybercrime in the United States has not come out yet this year. But we fully anticipate that the amount of cybercrime will continue to increase as a financial cost year over year. 

I think as organizations can understand and appreciate that they’re being targeted by cybercriminals that are interested in their financial resources, not necessarily in their mission.

I think that can help change the mindset. 

I think the use of AI, I think we can see that in how the sophistication of spearfishing messages continues to increase. All that well-crafted language, that’s easy now for these threat actors to use and adopt. A lot of the hallmarks that we used to be able to rely on, poorly worded messages, bad grammar, all of that really goes out the window. 

I think the trends that we had seen in terms of account compromises, I think unfortunately, continued unabated in 2024. I’m pulling together our data in advance of our incident report that we’ll talk about in April, but it looks like the number of compromised accounts we had is going to be at a similar level to previous years. 

And other things that we talked about, attackers in the middle framework, stealing credentials from accounts protected with MFA, continues. That’s why we’ve made an update to our Cybersecurity Playbook to really encourage organizations to adopt strong MFA methods, particularly for IT staff, for executives, and for finance in particular, as those accounts are really targeted by these threat actors in there, basically working on financial crime, right? Wire fraud. A lot of that stuff really continues. 

The tools in place to help protect organizations, I think, continue to get better.

There are really good protections now for protecting digital identity, having a strong multi-factor authentication. We talked about FIDO keys or using Windows Hello or Platform SSO. Those tools are available.

And then, some of the other acronyms we have up here targeted around email are finally in a place where they’re being enforced or required. 

That acronym of DMARC, that is a little DNS record that basically says, “hey, email from our domain is going to come from these places. And if you get an email that says it’s from our domain but isn’t on this list, quarantine it.” I know a lot of organizations when we’re doing assessment, they have that DMARC record. But the flag is set to just report, right? Just give us some information about it.

If you have cyber liability insurance, the automated tools that are checking your compliance are flagging that now and say, “no, it’s no longer good enough just to report it. You actually now need to say, quarantine or reject.” Understanding a little bit about how those email support records work to basically provide validation that you are who you say you are when you’re sending messages is really important.

On the cyber security side, those are a lot of the trends that we see continuing, mostly around evolutions and sophistication around well-crafted messages. Financial-based crime is still really the ultimate goal for a lot of these organizations. And that’s all really being perpetrated primarily through email-based attacks.

And that attacker in the middle framework continues to be very effective. I think Microsoft and Google really still have a lot of work to do to catch up to protect the digital identities so that, if and when a credential gets stolen, that attacker can’t use it somewhere else.

Carolyn Woodard: Thank you so much, Matt. We have a lot of resources on cybersecurity on our site. As Matt mentioned, there’s a free download of the Cybersecurity Playbook. If you need to get to a foundational level of cybersecurity, that should help you out. 

AI Policies at Nonprofits

Carolyn Woodard: We’re going to switch gears and talk about AI policies. 

Another quick little poll, and that poll is, do you have AI policies at your nonprofit? 

And if you are looking at creating AI policies, we do have a free template download on our site as well under resources. So, you can download that to get started, but you do have to customize it to your own organization. 

Matt Eshleman: So, do you have AI policies? I don’t think so, question mark is what 30% of our audience reported. A little over half reported that they were in the process of creating those policies. And then 15% are in the great shape of saying that they do have an AI acceptable use policy and that their staff are using it. So, kudos to those seven people who were able to answer that way for their organization.

Carolyn Woodard: Congratulations. All right. 

AI Tools at Nonprofits

We’re going to go on and talk a little bit more about AI at nonprofits.

I feel like in the beginning of AI, really making this huge, big splash, there were a lot of stories about a few nonprofits using AI to achieve their mission. Using AI to do some kind of analysis that made it faster for them to reach more people or that sort of thing. And now, I’m seeing a lot more stories about nonprofits using AI intentionally or ad hoc to allow staff to do a lot more by using these new productivity tools.

So that’s something that we’re going to talk a little bit more about. I think, Steve, you were going to take the lead on talking about the hype cycle for AI and nonprofits.

Steve Longenecker: Yes. So, first of all, I wanted to steal a quote that I hear a lot on various tech blogs and so forth that I read. It’s attributed to Bill Gates, but apparently Bill Gates was just re-quoting a guy named Roy Amara, who’s an early computer scientist out of Stanford.

And the quote is basically that people overestimate how much tech will change in one year and vastly underestimate how much it will change in five years

And I think that that is probably true about AI. So, if we were looking back a year ago and thinking about our predictions about 2024, and what happened in 2024, we may have overestimated how much AI would change the landscape, but we shouldn’t take that mistake and say, oh, well, then the five-year vision is similarly also not going to be very impressive, because that’s probably not the case.

Productivity Tools Using AI

We are definitely seeing growing use of AI. I would say that in general, it continues to be sort of a life hack for the staff, for the users that choose to use it.

It is very possible to do your job without AI, and most people are probably doing their job without AI. But the folks that have sort of figured out, “oh, I can use AI for this, and I can use AI for that,” are either being a lot more productive, or getting their jobs done a little bit earlier, and, knocking out a day, an hour early each day or whatever. Probably, since we’re all talking about nonprofits that are working hard for the good of their organization’s mission, they get more done in eight hours than they would have otherwise. 

I can speak to this from personal experience. I’ve had a Copilot license courtesy of Community IT for most of 2024, and I have eyed it with suspicion at times, and other times I’ve gone ahead and tried it, and I’ve had mixed results. But the times that it’s really helped me, I have to say, wow, this really helped me. 

I’m thinking of a time, for example, that I needed to do some analysis in an Excel spreadsheet, and I could have googled it and read some tutorials and figured it all out. But it was really pretty cool that in Excel directly, I could click on the little Copilot button and ask my questions in natural language. And then Copilot just gave me this formula that was several lines long, that I could copy out of the Copilot window and paste it into the cell. And then boom, I had the analysis I was looking for. And that was pretty cool. 

That is what we’re seeing a lot of. We’re seeing AI built into the tools. If you have Teams or Zoom or whatever virtual meeting platform you use, you’re probably used to seeing artificial-intelligence-generated meeting notes. That’s wonderful. Taking notes while you’re leading a meeting is difficult. Having someone who is a formally assigned note taker is great, but if they’re trying to also participate in the meeting, that’s hard to do that double duty. So having an agent do it and do it decently is pretty cool. The expertise with which that agent does it varies. But I do think that they’re getting better all the time. 

The other place where we’ve really seen incredible progress in the sophistication of what the tools are delivering is in the generation of graphics and video. It used to be that when I would do a PowerPoint, I really valued having some nice illustrations or graphics or whatever that went with it. I was always very careful about not taking things that weren’t in the public domain that I was allowed to put into my PowerPoints if I was giving a presentation to clients or whatever. But I ended up spending a fair amount of time scouring media wiki, places where these graphics were available free of charge. 

If I had had a budget, maybe I would have gone to a graphic artist and said, can I have a picture of this or a picture of that? A key unlocking a lock, you know, something like that to illustrate my thing. Now you can just ask AI to do it. And people whose livelihoods depend on producing these graphics and videos as human beings are reasonably concerned that their productivity is being potentially replaced. Although, at this point still maybe they’re able to leverage that to make themselves more productive. I don’t know, but that’s definitely improved. That improved a lot in 2024, and I expect it will continue to improve in 2025.

What we have not seen much yet, and that’s what this bullet point Chatbots from Salesforce is, is this idea of top-down management saying, “we’re going to try to replace human beings with AI.” I think that that might be more of that, don’t underestimate what will happen in five years or a longer horizon. I think that these changes are just getting started, and I don’t know where it’s all going to lead, but we’re not seeing that yet.

AI is still very much an individual’s life hack, if you will, to being able to be more productive personally, and they’re not really having to show their work to anyone, and it’s not. So, you could make your staff potentially more productive if they’re willing to use these tools and are able to use these tools. But it’s not at a point yet where you can mandate the use of the tools or find that you can cut your work force by 10% because you’re going to have AI doing that other 10%.

Matt, do you have thoughts on what I said?

AI Chatbots Nonprofit Use Case

Matt Eshleman: I wanted to jump in there because I was at a conference last week, and actually, there was an interesting use case or a situation about this AI chat bot that came up. And one participant was saying, as a legal services organization, one of the services that they provide is a staff interactive chat service. People that have legal questions can use their chat service, to talk to qualified attorneys or paralegals to help get information about whatever legal services that they’re interested in.

And the organization has noticed a drop-off in their engagement on chat because they’re finding that people will just go talk to Gemini or Copilot about their legal question and get it answered that way, as opposed to using a more well-curated resource. 

I think the challenge for them as an organization is going to be, now how do we respond to this changing demand and competition from these more bland, generic AI services that are just spitting out results curated from Reddit and all these other places? Maybe we need to look at building AI chatbot services on our curated knowledge as a way to do that. 

I think that was an interesting window into some of the competition that exists, if you’re an organization that provides resources as part of your service delivery. 

I do think most of the AI use and adoption that we’ve seen has been largely an individual productivity improvement, as opposed to organization-wide process improvement, or chatbot, or data analytics. I think that’s maybe an area where nonprofits are behind, because they don’t maybe have quite the same financial incentives to help justify the investment, to figure that out, because I do think it’s going to be expensive.

Steve Longenecker: I don’t think even in the commercial world that that many corporations have gotten that far along in more than the individual productivity.

Matt Eshleman: Well, I do think the numbers that you see in terms of developers like Google and Microsoft, I think the productivity of code creation, even though it still requires human review, but I think with processes like that, I think those big companies are able to see if they invest in this platform, now they can hire 50% fewer developers, and they can increase their speed to market and do all this other stuff. I think it’s something that there’s a scale question as well. But yeah, I’ll be curious to see how the trickle-down effect impacts smaller nonprofit organizations.

Grab Bag of New Nonprofit IT Tech and Trends

Carolyn Woodard: Well, I wanted to segue, I’m sorry to cut off this great conversation. But we have this great grab bag as well. 

Google Storage vs Microsoft Storage

Google Workspace, I think you made this bullet point that they have added storage.

Steve Longenecker: Yeah, so I did it in the review of last year’s predictions. Last year we predicted that there’d be continuing tension between do I want to be a Google organization or a Microsoft organization? And I said at the beginning of this presentation today that, I feel like Microsoft continues to really be a strong investor in the Microsoft 365 platform, particularly on the security side, obviously the Copilot AI side as well. It makes sense. That’s their bread-and-butter business. That’s what they are. They’re a services company. 

Whereas Google is driven by search first and foremost, is driving their revenue by selling ads against those search results. So, it’s just a different business model and cultural incentive structure for them. I don’t see them as investing in Google Workspace as much. 

That said, we see it is really interesting how I think it was in 2024, if not, it was in late 2023, that Google started rolling out 100 terabytes of free storage to their nonprofit charity customers. So, if you had the charity level license, you suddenly were able to avail yourselves of 100 terabytes of storage. And if you’re not a tech person and not sure what a terabyte is, it’s a lot. It’s a lot of storage. It’s an awful lot of storage.

In contrast, a lot of our small nonprofit customers have something like, one, one-and-a-half, two terabytes of SharePoint storage. And we are seeing our clients running out of SharePoint storage. It’s not a daily event for us. It’s not even a weekly event. But we see clients’ tickets come in, running out of storage. What should we do? And then, you’re scrambling to try to delete old files that no one needs. The value of doing that, it takes labor if you make decisions. Do I keep this? Do I throw this away? Most of the time, it’s cheaper just to buy more storage.

But Microsoft is not making it free. And it does have, ultimately, it’s a never-ending cost. And our clients that are having to do that obviously don’t like it. 

So, it’s really interesting, this contrast. I don’t know whether that means that Microsoft is just at some point going to have to have parity with Google. “We’re going to give away a lot of space, too.”

It used to be that we talked about storage being free. But, and of course, it was never free, but it felt like it was free. And we’re now seeing on the Microsoft side, the impact of it, of the fact that there are limitations, and we do have clients running up against it.

That’s just an interesting contrast. Otherwise, I feel like the two platforms continue to exist and continue to be good enough. Microsoft is getting better all the time. Google is holding steady, but it’s okay.

Subscription Model and Nonprofit Discounts

Carolyn Woodard: Thank you so much. Matt, I think you were the one who talked about the annual commitments and the low discounts becoming the subscription model.

Matt Eshleman: Yeah, I think Microsoft finally increased the price of Microsoft 365 after it being basically the same price for a number of years. This is kind of around the edges. The nonprofit community continues to get very good discounts from Microsoft.

But at the same time, we now have made that switch from “we’re going to buy the software one year and use it forever,” to now we’re switching to a monthly recurring cost. Now, we’re seeing vendors switch to say, “hey, you actually need to do an annual commitment to get that same pricing. If you’re on monthly, we’re going to raise the price.”

There’s going to be some differences there. I think to some extent, the original promise of this cloud utilization and it being dynamic, and you just use as much as you want, and you don’t, you just try it out. I think it goes away a little bit because most organizations are not dynamically changing and you have relatively static, staffing loads. I think your software subscription is just going to cost a little bit more, and it’s still better and cheaper than trying to do it yourself. 

Carolyn Woodard: For sure. Trying to keep a server running, as we talk a lot about, is recurring costs that are a lot more than what you’re going to pay in subscriptions

ARM Chip for Windows

Matt, did you want to talk about this ARM chip for Windows? 

Matt Eshleman: ARM is a different chip architecture. A couple of years ago Apple made the switch to their M platform, switching away from Intel. They got tremendous battery life gains and performance gains.

Microsoft or Windows is a little bit late to the party. But we’re seeing a similar shift now away from or in addition to Intel based chips, to ARM based chips, which are supposedly going to have much better battery life. 

The good news is that it’s probably going to be largely transparent to end users. We’ve tested all of our endpoint management tools, our security tools, everything just works with the ARM chip architecture. We’re waiting to see if the battery life and performance demands pay off. It doesn’t look like it’s going to be that much cheaper. I think it’s going to be a performance side play instead of a cost saving side play.

Carolyn Woodard: So something to keep an eye on.

Steve Longenecker: The chips that are traditionally in phones are now going into computers and they run a lot cooler. They’re totally different architectures. So, the software stack just basically needs to be rewritten. And so that’s why for Windows, it was a longer rollout, I think. They’ve been around for a while, for quite a while, but we can’t really try these computers out because half the software we use doesn’t work on it because it’s not been rewritten for it. And I think we’re viewing 2025 as the first year that we’ll really start. We don’t think we have any of our clients buying ARM chips, in ARM Windows computers yet.

Matt Eshleman: I think there’s one other computer other than our test machine that’s in our management fleet of 8,000, right? So over 6,000 Windows computers.

Steve Longenecker: But the promise of the 12-hour battery life, perhaps, and also just running cooler. I mean, everybody’s experienced how hot a laptop can get, but Windows laptop can get really hot when it’s really running fast and furious. So, it’s a good possibility. I’m excited about it. We’ll have to sort of see how it actually plays out in terms of, does all the software actually run. 

The word on the street is just that for gamers it’s a non-starter right now because all the game software doesn’t run on except on the traditional Intel chips. But probably most of us are hoping our staff are not playing games on their organizational laptops as much as they’re word processing and browsing the internet for whatever.

Windows 10 End of Support

Carolyn Woodard: While we’re on Windows, do you want to address this point of the Windows 10 and the end of support, which was a question at registration?

Steve Longenecker: Yes, yes, thanks. I’ll quickly take that one. So, Windows 10 is going to reach the end of support in 2025. I think it’s October of 2025. At that point, Microsoft will stop issuing patches for that operating system. So, any bugs or particularly vulnerabilities that are discovered, and they’re discovered every month, and that’s a lot of what the security patching is, is covering up, correcting vulnerabilities with code updates.

That will stop for Windows 10 in October of this year. We’ve been encouraging our clients buying new computers to buy Windows 11 computers for quite a while now.

The difference for users of Windows 10 and Windows 11 is, they look a little different. There are definitely differences, but we don’t feel like you need to have a long training course on it to make the adjustment. It’s pretty intuitive. So, it’s not that big a deal to have a mix of Windows 10 and Windows 11 computers.

At some point, we’re going to push Windows 11 out to the Windows 10, and when I say at some point, it has to be soon because we have until October. So, that will be a priority in the next few months for our clients. 

The question that came with the registration, Carolyn passed along to us was, “What do I do with the Windows 10 computers that are not able to be upgraded to Windows 11?”

And there are a few things that computers have to have first and foremost among them, I think, and Matt, you can correct me if I’m wrong with this, but they need to have a TPM chip in them for Windows 11, for them to be able to be upgraded to Windows 11. 

If you have a computer that can’t be upgraded to Windows 11, the question is, what should I do with it? I would tell you to make sure that you recycle it as responsibly as you can.

Don’t just put it in a landfill. But you are done. That computer is over. I’m sorry to tell you that, but it has reached the end of its life.

Mac Parity with Windows Hello and Platform SSO

Carolyn Woodard: Mac parity with Windows Hello, and the platform single sign on. I can’t remember now who wanted to take that.

Matt Eshleman: This is a little bit of a tech geek out thing, because it ties into a couple of underlying technologies. Steve already mentioned one of the acronyms, which was TPM, which is a security chip that is in Windows computers. So, in the Windows world, Microsoft uses that TPM chip to secure and generate unique security IDs for you. Then you can sign in with your Microsoft 365 credentials, and then that TPM can store some information and is a secure phish-resistant MFA method that can be used then to log into websites and other applications. 

That’s been a super handy feature for Windows users and Microsoft 365 to basically have one username, strong password, and it’s all self-contained within the Windows platform. That is not something that was available in Mac.

If you’re a Mac user, I actually own a Mac right now, and logging into Microsoft 365, you have your local ID that you use to log in to your Mac, and then you have a separate login that you use to log in your Microsoft 365 credentials. 

Microsoft has now released a feature. It’s a preview, technically, called Platform SSO that basically allows you to use the secure chip on the Mac called Secure Enclave to basically do the same thing. And so you can, with Platform SSO configured, have single sign-on to access your Mac, to access all your Microsoft 365, to use the secure fish-resistant NFA method. 

It’s going to be a really tremendous security benefit to streamline things, to streamline administration and make things a lot more secure for your Mac users and to provide that feature parity. It’s the same basic things that you can do on a Windows computer you can do on a Mac computer as well.

Carolyn Woodard: Wow. That is so great. I know that’s different. 

I just want to shout out to our amazing chat. We had a question in chat about how to find out if you’re on Windows 10 or 11 after the discussion about the computers that are going to be useless. Someone in the chat actually helped that person, so I appreciate it. Thank you very much. 

Data Silos at Nonprofits

We wanted to talk a little bit about data source silos as an ongoing issue, as data and I guess AI search as well as becoming a bigger thing. We still see a lot of clients that have silos. So, can you talk a little bit about that?

Steve Longenecker: I think we put this on the list mostly to acknowledge that most small nonprofit organizations do have their data in individual silos. And while there is a move afoot in the greater technology world to put these things into data lakes and make it possible to sort of mingle all your data and bring it all out with AI queries and other kinds of queries to get the data out, that most of us are not at that place and probably won’t be at that place in 2025 either. So, it’s more of a note that there’s some cool stuff on the horizon coming, but probably not something that the small nonprofits are going to be able to do. It hasn’t trickled down yet to the smaller organizations. That’s my takeaway from on this topic. Matt, do you want to add anything?

Matt Eshleman: Yeah, I do think that this is an area probably where nonprofit clients are probably ahead of us even, because I think organizations really know their data and know it well. Over the past couple of years lots of investment has gone into this area to take advantage of the data that is there. 

As organizations are prepping to use AI services beyond just individual productivity enhancements, having a good foundation of data to access and use and to feed into these systems is really valuable.

If you’re thinking about adopting AI internally, it’s really helpful to know the Copilot world, right? Copilot has the same permissions that you do. And so, if your SharePoint site is just completely open and you’ve relied on security by obscurity, and now somebody is searching for, “hey, what’s the payroll information for my organization?” that information would be surfaced if you haven’t adequately restricted your data. 

Organizations that are trying to think about, well, how can we use data or AI effectively? We don’t really have a capacity to do that right now, but maybe we have capacity to really take an audit of what data systems we have, where does it live? What is security? What kind of data is contained there? Do we need to make any additional controls or restrictions?

I think that’s a good place to start, just understanding your data, where it lives, what’s contained within, so that then you can take advantage of it, and be more effective with it later on.

Carolyn Woodard: I think as long as I’ve been in nonprofits, which is 25 years now, that’s been the killer app we’ve waited for is how can we easily find data without having to clean it up? 

I just listened to an interesting podcast a couple of months ago from a company that does this for nonprofits and talked about data lakes, data warehouses. There is no magic AI tool that you can just give it your confusing, disoriented, not labeled correctly data and have it tell you what you have and have it find all of the things that you need it to find. I’m sure it does seem like that is something that the next few years is going to be really talked about and the tools are going to come out, especially with AI being able to do more and more. But I still think you have to do the work. You have to look at what your data is, where it lives, who has permission to it, and make some of those decisions about what you’re going to archive. 

Again, I want to shout out the chat. There was some really good advice on being able to figure out what you need to archive and how to do that. So, thank you again to the chatters. 

Policies that Help Protect Organizations or Staff Who May Be Targeted Now

I think we have one more question, which I thought was a pretty good one that came in through Q&A. What other considerations should an organization consider with AI and other use policies that help an org protect its staff who may be targeted in this administration or this political climate, shall we say?

Do you guys have some ideas about where to look for support on protecting staff?

Matt Eshleman: I think there’s a couple of different things in there in terms of protection. I’ll probably start with a new thing. Maybe this could have made it onto the trend list.

I think a new thing that we’ve started to see in 2024, and I think we’ll continue in 2025, is protecting an individual’s personal identity against doxing or harassment, online threats. I think a lot of the work that we’ve done with Community IT and other kinds of cybersecurity stuff has been around protecting your organization’s digital identity, your work computer, your work email, all the stuff that is around your work identity. And we know you have a personal email, but that’s separate and we don’t really think about that.

I think from a cybersecurity threat model perspective, certainly for high-profile organizations or policy organizations, your personal identity is kind of in play as well, right? Threat actors would target your personal email, your home, your spouse, other people in your house.

Carolyn Woodard: Find your home address.

Matt Eshleman: Right. They aren’t just targeting your work email; they’re targeting you as a person. That is now extended to online bad actors. It’s not just Chinese state-sponsored hackers that are going after people individually, but we’ve certainly seen it, online doxing people that have a different political identity as you, going after you as an individual, because of your politics or your identity.

We are seeing more organizations and more services that are focused on doing some basic stuff like removing your personal digital identity from web services. And then, individuals that may be targeted beyond that, these services can remove all aspects of your digital identity from the web. That could include things like putting your house in a trust to remove your name so your address can’t be located. 

I do think that there is a lot of movement in that space in terms of really protecting your personal identity against that malicious online actor targeting or doxxing you as an individual.

Policy Templates/Fundamental Policies Nonprofits Need

Carolyn Woodard: We had a question come in about where to find policy templates and which policies are necessary. I’m going to share a link to our governance webinar that we did last year that has a bunch of links in it to other sites that have good templates and good information on setting up those governance policies.

What’s a Data Lake? 

And we have a quick question. What is a data lake? Anyone want to take that?

Steve Longenecker: I realized I jumped into that question without explaining what a data source silo or a data lake warehouses, data lake houses were. The idea here is that your data lives in a service, a database, if you will. Your Microsoft 365 data, which might be your email and your SharePoint files and your OneDrive files, your Teams chats, that’s all in the Microsoft 365 silo.

Then you might also have a finance system which has a bunch of accounting records, but that’s not probably Microsoft 365, although Microsoft does have Microsoft Dynamics, so it’s possible that it’s also in Microsoft, but more likely it’s a different system. 

Then you might also have a system for managing your organization’s customers, or contacts, or stakeholders, it’s called a CRM generally, donors. And that’s a different system.

And if you’re a school, you might have a student information system, and you might have multiple student information systems, because there might be one tied to the charter school board that you report to, and another tied to your grading system, and another tied to attendance, or whatever. 

How do you bring all that together? Because obviously the same identities or query points can appear in all the different databases, but since they’re in silos, you have to address each one individually.

The idea of a data lake is that can we dump all that stuff, somewhat unstructured perhaps even, into a single place, and then use AI to connect the dots and bring out the information that we need without worrying about which silo it originated from. And yes, that is happening. 

There is a lot of work being done in that space, but at this point, these are massive investments being made by very, very large organizations. And I’m sure there are very large and just medium-large nonprofits that fall into that category that are doing something like this. But most of our smaller nonprofits can’t afford it and aren’t quite there yet.And like I was saying, the trickle down hasn’t happened.

Those tools will probably get more efficient and more inexpensive over time, and it will become an easier thing to do. But at this point, we’re not at that point. 

At this point, there’s a lot of value to using Microsoft 365 if you’re a Microsoft 365 organization as much as possible, because then everything’s in one silo. That is, you might not be able to do your, everything in Microsoft 365 because Microsoft 365 doesn’t do everything, but do as much as you can there. Don’t have a separate system for files. 

Don’t use Dropbox for files, Microsoft 365 for email, and Zoom for chat, because then there’s three different systems. That’s okay, and maybe that works best for you. But if you want to have it all in one place where one Copilot can access all of it, you might do better to have it all in Microsoft 365 or Google with Gemini if you’re a Google customer.

So that’s a better, more grounded explanation for what I was trying to say earlier. And I apologize for not even saying what it was before.

Carolyn Woodard: But like we said, I think that just demonstrates that data, where your data is, how you access it, how you use it with these new tools to make it more productive and to do clearer analysis on it to connect those dots, that is going to be a continuing story

So, when we do this next January, we’ll definitely be talking about data, whether it’s in lakes or lake houses or warehouses, I don’t know, but they’ll be important. I mean, everything is changing so quickly.

Learning Objectives Recap

Hope that we did cover these learning objectives, talking about the hybrid work, the security attacks, what to know about AI and then the grab bag

Before you go, I want to make sure to mention that our next webinar is the Cybersecurity Awareness Training Tips with our team members, Matt and Anna. There are many tools out there to help you move cybersecurity training from a boring and maybe useless once a year video to a dynamic and up-to-date regular mini training that will give your staff real experience identifying scam emails and learning first steps to take if they get something suspicious.

Matt, who’s here today, is our resident cybersecurity expert and our CTO and Anna manages the program that we use with the clients. They have so much experience. If you have been thinking about this, you haven’t implemented it or you’re struggling with having cybersecurity training that your staff are really doing, I’m really excited to have Matt and Anna give us their advice. 

That’s going to be at 3 p.m. Eastern Noon Pacific on Wednesday, February 26th. 

I want to thank you, Steve and Matt, for staying extra, staying after school for a few extra minutes to answer a few more questions.

This is just always such a great webinar to be able to ask you what’s going on, what are you seeing, what are the trends, what’s happening. I appreciate your time today and to everybody who stayed on also extra, thank you for staying. 

We will be putting this video and the transcript and the podcast up as soon as possible so that we can share all of this information with all of you and we’ll see next January what we were right about and what we missed.

Thank you, Matt and Steve for joining us.

Matt Eshleman, and Steve Longenecker: Thank you.