View Video

Subscribe to our Youtube Channel here

Listen to Podcast

Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on AppleGoogleStitcher, Pandora, and more. Or ask your smart speaker.

In part 1, Nura and Carolyn cover introductions, policies, and resources on three main categories you may be worried about – cyber, data, and staff safety. In part 2, they go over budgeting for IT when your budget may be up in the air, what to move into the “nice to have” and what needs to stay in the “must have” column, resources on how to stay mentally healthy under stress, and they review how to make a plan to move you and your nonprofit forward with confidence in your priorities. 

Nonprofit IT Essentials for Challenging Times:
Cyber, Data, Policies, Healthy Workplaces

Community IT Senior Consultant Nuradeen Aboki in conversation with Outreach Director Carolyn Woodard
on steps to take now for your organizations’ IT so you can worry about everything else.

Are you worried?

The current situation for the nonprofit sector is highly changeable and changing fast. Every day there’s a new worry turning up around your mission, your funding, and your future.

Where does your IT fit into this new world? Is your IT strategy flexible, and have you revisited your IT planning, performance, and policies? As you examine your finances, what IT is essential and where can you afford to pare back without hurting your productivity and morale? Do you have some smart savings opportunities lurking in your IT budget that could help your organization in this moment? Is your cybersecurity up to date and do your staff know how to protect your organization and data? Perhaps most importantly, how are your staff coping with all this stress?

What are the top steps to take NOW to adapt your IT quickly to the new nonprofit sector reality?

Join Senior Consultant Nuradeen Aboki who answers your questions about priorities, strategy, and next steps. Nura has been in nonprofit IT for decades and has enormous experience helping our clients’ executives strategize priorities and cut through the noise to the essentials. This is a perfect opportunity to get guidance and reassurance.

What you are doing matters. Don’t burnout with worry but don’t leave your organization vulnerable either.

Learn what Nura recommends and leave with a plan for your next few months and the resources to help you sort out your nonprofit IT essentials for these challenging times.

As with all our webinars, this presentation is appropriate for an audience of varied IT experience.

Community IT is proudly vendor-agnostic and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.

Presenters:

Nuradeen Nura Aboki

Nuradeen Aboki is a Senior Consultant at Community IT. In that role, he proactively oversees technology infrastructure for select clients, providing strategic IT advice, recommending IT solutions and solution design to meet business objectives, and then overseeing solution implementations. Nura provides leadership and guidance for strategic planning and solutions architecting with clients who have sophisticated technical and business requirements. He gathers core business, technical and IT service management requirements through a variety of activities including key stakeholder interviews, document review and technical assessments. 

Nura started his career at Community IT as a Network Administrator. In 2012, he was promoted to Network Engineer and assumed a supervisory role in IT service operations, then became an IT Business Manager, where he has guided some of our largest clients through complex implementation of effective technology investments and utilizing efficient IT services in direct support of their missions. He has a lot of experience in helping nonprofits discover nonprofit IT essentials for challenging times, and is our resident expert on the value of governance and IT policies, and how to craft them.

Prior to joining Community IT Innovators, Nura served as a member of the technical support team at George Washington University and held a Network Specialist role at the Economic Community of West African States (ECOWAS) Parliament in Abuja, Nigeria. Nura holds a Bachelor of Science in Computer Engineering and Master of Science in Electrical Engineering, both from George Washington University.


Carolyn Woodard


Carolyn Woodard is currently head of Marketing and Outreach at Community IT Innovators. She has served many roles at Community IT, from client to project manager to marketing. With over twenty five years of experience in the nonprofit world, including as a nonprofit technology project manager and Director of IT at both large and small organizations, Carolyn knows the frustrations and delights of working with technology professionals, accidental techies, executives, and staff to deliver your organization’s mission and keep your IT infrastructure operating. She has a master’s degree in Nonprofit Management from Johns Hopkins University and received her undergraduate degree in English Literature from Williams College. She was happy to have this conversation with Nura about nonprofit IT essentials for challenging times.





Transcript

Carolyn Woodard: Welcome everyone to this Community IT webinar, the Nonprofit IT Essentials for Challenging Times. We’re joined today with Nuradeen Aboki, who’s a senior consultant here at Community IT. We’re going to talk about making hard choices in our current climate and facing the challenges with our essential IT intact. We plan to talk about governance and policies that help you manage risks, and how to budget wisely. We’ll also talk about when in-house or outsourcing.

IT can add value, especially if your nonprofit is facing staffing cuts or major disruptions in your programs or your funding. We want to talk about how you keep their. IT lights on in the midst of these changes and challenges, and how do you protect your nonprofit staff and your nonprofit against attacks? And how do you, on top of all that, how do you maintain a healthy workplace with all of these mounting stresses and uncertainty? 

My name is Carolyn Woodard. I’m the Outreach Director for Community IT, and I’m the moderator today. And I’m very happy to hear from our Senior Consultant, Nura, who has been calming clients down for decades, and will help us sort through our priorities and how to think about making a plan. But first, I’m going to go over our learning objectives. Our learning objectives are, by the end of this session today, we’ll learn about 

We know we’re not going to be able to get into all of this. It’s only an hour, but we’re really happy that you’re spending the hour with us.

I want to acknowledge that this moment is suddenly very adversarial. In general, I have some friends who worked at nonprofits that were in certain advocacy areas where they knew going into it, they were going to have a lot of maybe adversarial attacks, a lot of politics involved. And they went into that job knowing that that was what they wanted to do, and they were okay taking that security risk to do the job, the advocacy that they were really passionate about.

But I feel like in the past year or so, the nonprofits that were never controversial before are suddenly facing maybe a lot more adversarial attacks online, in this administration, in this political environment than we’ve never faced before. So I just wanted to acknowledge that I know a lot of people are feeling a lot of stress. A lot of us are really scared about what’s going to happen to our job, to the sector, to our organization.

So I hope this webinar will help us breathe, prioritize and give ourselves some time in the midst of everything, being on fire all the time, to be together and talk this through, talk about what we’re going to do next. And what does any of this have to do with nonprofit IT?

I’m really happy that my colleague Nura is joining us today because as I said, in addition to his decades of experience in. IT and as a senior consultant with so many of our clients, he’s also very, very calm. So Nura, would you like to introduce yourself?

Nuradeen Aboki: Thank you, Carolyn. It’s been a pleasure being here. My name is Nuradeen Aboki, Senior Consultant in Community IT. I’ve been with Community IT for about 16 years, helping nonprofit organization clients in. IT planning, management, strategy, and overall just taking a look at that nonprofit. IT solutions and making sure they’re right fit to meet our clients where they need to be in terms of their mission and values. So today, I’m really thrilled to talk about these times that we’re in and how we can take a look at. IT and make the right investments and choices.

Carolyn Woodard: And I’ll go ahead and introduce myself. I’m Carolyn Woodard. I’m the Director of Marketing at Community IT. And before I was in marketing here, I worked for a couple of different nonprofits, a very small one and a large international one, working in IT. I was an IT director, if you can believe it, which just proves that you need to be a manager, not necessarily have a tech background, to be successful as a technology director, or to be helping a shepherd technology through at your organization.

I’m really happy to be here also, so thank you all to you for joining us today. Before we begin, if you’re not familiar with Community IT, I want to tell you a little bit more about us:

For these presentations, Community IT is vendor agnostic so we only make recommendations to our clients and only based on specific business needs. We never try to get a client into a product because we get an incentive or benefit from that. But we do consider ourselves the best of breed IT provider. It’s our job to know the landscape, to know what tools are available, reputable and widely used. And we make recommendations on that basis for our clients based on their business needs, their priorities and their budget.

And a little bit more about us. Our mission is to create value for the nonprofit sector through well-managed IT, and we also identify four key values as employee owners that define our company: Trust, knowledge, service and balance. We always seek to treat people with respect and fairness, to empower our staff, clients and sector to understand and use technology effectively, to be helpful with our talents. And we recognize that the health of our communities is vital to our wellbeing and that work is only a part of our lives. 

Nonprofit IT Governance Policies

And now I would like to ask everyone a thought question, which is: what nonprofit IT governance policies do you need?

And while you’re reflecting on that, don’t worry, on our next slide we’re going to tell you a little bit about some of the bedrock IT governance policies we recommend. And I just want to say before we really get into this, that Nuradeen and I did a webinar specifically on governance and policies last year, so we’re not going to go in depth on it here. If you’re in a situation where you need more information on these policies and governance, do go check that out on our website and I’ll put that link in our chat as well. 

Today we really wanted to especially touch on data retention policy, especially if you might be facing subpoenas or leaks, etc in the current environment. And I know policy sounds really boring at a time when we might feel like we just want to be out there taking action, writing to our congressmen and doing all the things that we need to do to protect our organization and our sector. Nura, I would like to ask you to draw on your experiences over the decades of advising our nonprofit clients, and just take it maybe back a step.

What kind of trouble can a nonprofit get into if they never get around to creating these essential policies?

Nuradeen Aboki: Well, fundamentally, having no policies can leave employees unsure of what to do in the event of an incident.

It could be a security incident as simple as, hey, I lost my laptop or it’s stolen, or what applications to use at the workplace? 

And then where do I store my data? Who do I share my data with?

So there are a lot of questions that employees are left with without any guidance or governance, especially without any IT policy. 

One of the biggest risks is actually data exfiltration or data leakage. 

So having an IT policy is foundational.

Every organization should spend time and make the investments to consider some essential policies, especially the ones that we’ve listed here on the slides. And I noticed on the chat that there’s a common theme such as acceptable use policies. Cybersecurity policies could include the data retention policy, privacy policy, as well as an AI acceptable use policy. 

So IT policy is to help protect the organization from honest mistakes, disgruntled staff, and security vulnerabilities.

Carolyn Woodard: I know of some cybersecurity liability policies where they will want to know that you have an acceptable use policy. And also, we have the new auditing guidelines for nonprofits that include IT risks.

And they’re also going to ask you, do you have an acceptable use policy? And if you don’t have one, you can’t really hold employees accountable. You can do training with them on how not to click on that link, or how to stay secure, where to keep their data and keep that secure. But you don’t have any recourse if something happens, if you don’t have a policy. 

Can you talk a little bit, just quickly, about what kind of barriers you see at our clients that kind of keep them from really having strong policies?

Nuradeen Aboki: So certainly leadership is one of the barriers, I think, lack of understanding from leadership. 

Why does IT require policies? Sometimes leaders are focused on their mission, and IT is given little or no attention.

Having leaders that do have an understanding of how important technology is to help their nonprofit achieve its mission, do give time and investments to that department. So you find that leaders that do understand how policies can influence the direction they go in terms of achieving their mission, also make the time and investments. 

One barrier is usually leadership and lack of understanding of how to go about creating an IT policy when they are simply focused on raising funds, for instance, for their nonprofit organization, helping end hunger across the globe. 

A lack of understanding that the space has been, and usually it’s not completely ignorant, it’s just they just don’t have the understanding of how important IT policies are, until recently, when we are seeing more awareness in terms of data, how data is the new currency. So you may find that nonprofit leaders are asking for assistance. They are reaching out asking their IT managers if they are large enough or asking their other colleagues within the space about what other nonprofit organizations are doing about securing their data from adversaries and so on.

Carolyn Woodard: That is a perfect segue to our next slide, where we’re going to talk about prioritizing. 

How to Prioritize IT and What to Prioritize

I think you just hit the nail on the head that, if you’ve just done a press conference because something is on fire in your sector and you’re trying to also manage your donations and your funding, carving out the time to write a policy is maybe the last thing on your list that you want to be doing. It really just leaves you so vulnerable if you don’t have those policies in place. At least a policy is a place to start, and then you can work from there toward training, making sure your staff are doing all of the acceptable use and best practices to keep your data safe, your organization safe, and then the staff safe as well. 

I think we would start out, as you were talking about Nura, the leadership and creating that IT roadmap. 

We just are going to scratch the surface again today. We do have a couple of webinars on how to create an IT roadmap. We talk a little bit more in there about how to get your leadership on board with it or help them. Maybe you have somebody on your nonprofit board who’s tech fluent, who can jump in and kind of help your executives make the time and space to do an assessment and create that roadmap.

And we know that that roadmap is going to be individual, right? You can’t just find a template online and make that your roadmap and those priorities are going to be unique to your nonprofit.

So, I think, Nura, when we were talking about doing this webinar, we identified several areas for focus, and it was reflected in the questions that people had at registration around cybersecurity, data security, and staff security. And of course, financial security, but that isn’t something that we can really help you with. Although if you have good cybersecurity, it might help your donors feel better that their money is going to get to you.

Can you talk a little bit about these different categories: the cybersecurity, data security, and staff security, and kind of what we advise nonprofits to do in these realms right now?

Nuradeen Aboki: Yes, thank you. Certainly, security is a hot topic these days, and having an understanding of security is an umbrella that has many domains under it. And one big domain is data security.

Cybersecurity

But I will go back a step where we have cybersecurity here because it touches on the cyberspace, and most likely your behavior or your identity over the Internet. We know that these days a lot of nonprofit organizations leverage cloud applications or services to access their data, whether it’s email on Microsoft 365 or Google Workspace or files on Dropbox. They’re still using web services, cloud services to access that information.

So the identity is really very important. A lot of the cyber criminals these days try to steal your identity one way or the other. So having a way or solution to help you monitor that identity as the identity moves from one service to another and if there’s any compromise in the identity quickly, having a mitigation solution that would help you secure and protect and isolate that identity and resolve the issue. It’s a direction that we are seeing nonprofit organizations buy into. 

And those kind of monitoring solutions these days are pretty robust. You would be amazed at how quickly they are able to detect and attempt to hack into your account from a country. So no longer do you need a whole IT department just monitoring your identities, but you can actually get a service that can do that for you while you focus on your nonprofit’s mission and trying to help you achieve your goals.

Data Security

With data security, it’s important to make sure your data is contained, secured, and ensure that only the people that need access have access to your data. And a lot of the bad actors these days, they are looking to mine your data, so they can probably, get to your funders, get to your donors, and for at least some financial reasons. 

So having a way to ensure your data is encrypted, whether it’s at rest, it’s with a provider that actually cares about security, as of what a provider that actually can protect you, in case of a subpoena, it’s important.

Going back to that topic of an assessment, it does give you an evaluation of your current state, the gaps, and then a roadmap would help you identify where you need to make investments, the ones that you want to start in the first year, second year, third year, and down in the future.

Staff Security

Staff security is important. Certainly, the safety of your employees is necessary. These days, we do have work from home. So a lot of the infrastructure is basically the Internet connection that you have, and then the laptops, the people are using to connect to the Internet and the services that are provided. Oftentimes, that’s the model we see. A lot of nonprofit organizations will have that flexibility in terms of hybrid work environments, or some of them are fully remote. 

But the device that the staff use is important, and your role at the organization is also important. If you’re a finance staff or someone in HR, people and culture, you have high confidential sensitive data that you’re working with so you are likely going to be a target, because the bad actors are looking for high-value employees that could be a target. 

So ensuring that the safety of your staff is ensured that you make that investment, give them machines that are secure, give them high assurance security access, like multi-factor authentication that has its own kind of security key, so that whoever tries to break in and access that information, it’s harder for them to get any valuable information because you’ve made the right investment. 

Financial Security

The last piece of financial security, I’ll pass it back to you Carolyn, because as you said, it’s not our core. I’m sure there are other experts that can provide guidance

Carolyn Woodard: No, it’s not really our bailiwick. I guess I would just say, this is something that I’ve heard. It’s not like none of these things are easy. We can just sit here and say, oh, you should do this, you should do this, your executives should make a policy, and then you should all follow it. But if it were easy, we would all have already done it. So I want to just say we’re so proud of you for being this webinar and for doing what you’ve already done.

These are our recommendations for best practices, but you definitely need to find in your own nonprofit what will work in your culture. 

I’ve been to a couple of conferences recently where there seems to be more of an ability to really talk with your funders. And tell them what cybersecurity issues you’re worried about or facing because it’s their money too, so they have an interest in helping you. 

If it’s your staff security, you have staff that are being attacked online by online mobs, or if it’s just you want to get more training for your people to not click on those links that might be phishing. 

The good news is we just had Matt do our Cybersecurity Incident Report. Well, I don’t know that it’s good news, but he just did a webinar about it. And really 90 to 95 percent of the attacks that we’re seeing at our clients are still just financial. It really isn’t an adversarial, somebody trying to hack in and take all of your stuff. They really just want to take your money. And it’s just some random person following an algorithm, trying to get you to click on stuff and then get you to wire the money to the wrong vendor or whatever it is.

And then the other good news, if it can be good news, is we do have the Cybersecurity Playbook that’s free to download from our site. And we really think, and Matt has crunched some numbers on this, that if you follow these best practices, you’re really going to prevent 80 to 90 percent of those risks and scams coming in. And a lot of the best practices aren’t really expensive, like doing your staff training, having the policies in place, following just the guidelines in our free Cybersecurity Playbook.

And if you can prevent 80 to 90 percent of the risk, like please go ahead and do that. 

I’m going to go quickly to this next slide, which I put a bunch of these links in the chat. But for those of you watching on YouTube or following this later, we have so many resources on our website. We really love to share these resources and hope to help the sector become better at all of these things around IT, around cybersecurity. So please check out these resources and they will be in the transcript as well.

Resources on Setting Priorities

Leadership: ​

·       https://communityit.com/video-design-an-it-roadmap-to-create-value/

Data Security:​

Staff Security:​

Cybersecurity Basic Best Practices:​

How Do You Budget for Nonprofit IT?

Carolyn Woodard: I want to move on to a poll. How do you budget for IT? Right now, I think a lot of us at nonprofits are worried about the future. We’re looking at the stock market going up and down and thinking about how our major donors are feeling as well. I know a lot of foundations are stepping up. Some foundations are kind of stepping back. 

So, when you’re looking at your budget or revising your budget, how do you include IT as a strategic element in that budget? 

Here are some options. 

You might go to the finance people, and they take the amount that you spent last year and then they increase it or decrease it slightly. They might decrease it a lot. So that’s one way you can deal with your IT budget. 

You could have a break/fix approach. All of these categories, there is no shame involved. We know that all nonprofits are special flowers and different processes work for different organizations. But you could have this situation where when something breaks, you fix it, and if it breaks and it costs a lot, you just have to find the money somewhere. When someone wants to try a new tool, their department approves it, so you don’t really have an overall strategic plan, where you’re seeing how you can get value out of the new tools that people are looking for. It’s just department by department, sometimes person by person. They’re like, I want to use monday.com and so now they have a subscription to Monday. 

You could also have what we think is the best practice, which is your leadership meets with your stakeholders, updates your roadmap, your strategic plan, and communicates everything clearly. And then you’ve got kind of priorities in your budget. You’ve got this IT roadmap and every time you approve a new tool, it’s kind of working toward that overall goal that you have. 

You could also put in the poll answer, you’re not sure, you don’t know, this isn’t kind of part of something that you deal with, or maybe you haven’t thought about using your budgeting process as a way to think strategically about IT. It could be not applicable, or it could be something else. 

If there’s some other way that you deal with your IT and your budget, please put it in the chat. We love to have people learning from each other. We know that you guys have a lot of best practices also, or advice, or ideas. So go ahead and put that in the chat. We have some people who already use the chat. 

Someone says, we budget by a cost per staff member. So it’ll increase and decrease kind of automatically as staff numbers change. 

Someone says, we look at our annual recurring expenses and compare that to any projected staff size for the coming year, plus add in any special IT projects we’d like to consider.

That is a really smart way to go about it. Thank you. 

Someone else says, we do an evaluation of lifespan on computers and laptops to allocate sufficient funds for replacements.

Really good idea and one of our best practices. 

And we review upcoming projects and try to allocate funds for upcoming projects

Those are all really smart ways to do your budgeting.

All right Nura, can you read the answers? Can you see that? And can you read what we got?

Nuradeen Aboki: Yes. 44% of respondents said leadership meets with stakeholders and updates our roadmap strategic plan and communicating clearly. So, a large percentage actually do have leadership involved in that process. 

Second highest, we have 24% say finance takes the amount from last year and has an increase or decrease based on whatever projections they have. 

Then we do have a tie. Some say they’re not sure. Others put some of what you’ve described in the chat.

And then lastly there, we do have about 8% that says once something breaks, we fix. And that’s the approach they’ve taken in terms of IT budget. Thank you all for participating.

Carolyn Woodard: And that absolutely works for some organizations. So again, I want to say there’s no shade for a lot of organizations, especially smaller organizations. I mean, we do recommend as much as you can get into those kind of cycles. If you want to replace your laptops every three years, then if you replace a third of them every year, then you know about how much it’s going to be. That’s a good way to budget for it. But absolutely, sometimes it just makes the most sense to like ride it into the ground and when it breaks, you’re going to have to replace it. 

Budgeting for IT Support

I want to transition into talking about budgeting for IT support. 

Hardware

When we do an initial assessment with a client, we do take an inventory of all their devices, licenses, apps, platforms, and so on that the organization is using. 

You don’t need to wait for an assessment to do this. You can and should urge your nonprofit to create an IT inventory that helps you manage devices. You need to decommission your logons for staff who have left as part of their offboarding process. 

And if you don’t have this inventory, you’re not alone. Don’t worry. Creating this inventory is going to help you on your way to better managing your IT. And that’s one of those examples of where you can use a budget to find value.

As I said, we recommend that your laptop should not be more than three or four years old. Older than that, they have issues with updating their security patches. They’ll begin to be out of warranty. They just don’t work as well. They’re not as efficient. People can’t be as productive. They’ll start to slow down your stuff or they’ll need repairs. You’ll find that the help desk tickets from those older laptops are the ones that are taking a lot of time and people are just losing time working.

To budget for that strategically, you’re going to want to replace a percentage of those laptops every year, and that allows you to plan out your hardware. 

Personnel

Hardware, though, isn’t usually your biggest budget category. Usually, it’s your personnel.

Nura, do you want to talk a little bit more about personnel? Your IT personnel are going to be your greatest expense, and we know that hiring IT staff who will stay with a nonprofit is very challenging. So, what do we recommend? 

Nuradeen Aboki: Yeah. Challenging as it is, getting good talent has been, especially talent that can do your IT support, do proper documentation, do some technical escalation. Someone that does have that capability is likely going to be required a lot more, and to cost a lot more in terms of the compensation.

So if you’re a nonprofit organization, that is between the size of up to 20, 15 to 20, you may want to consider outsourced IT, like a managed service provider (MSP), who would provide you all the services I’ve mentioned here, technical support, management of your IT services, management of your inventory, ensuring that you have cybersecurity protections across your devices, your identity being protected as well. In that size, if you’re over 15 and 20 and up, you may want to consider MSP to take care of those costs for you. 

Smaller nonprofit organizations, however, we know there’s a struggle there. Because oftentimes, there’s a low budget, and access to the free applications is very tempting, or the nonprofit license applications are very tempting. 

But then there’s also concern about training internally for staff. Because you’re small, you can train maybe a few employees, but then as you begin to grow and add more staff, then you’re likely going to run out of the capacity to actually manage a smaller nonprofit organization. In the beginning, that may seem attractive to save costs, but eventually you may want to consider looking at an MSP to grow. As you scale, the MSP can scale with you, because an MSP is agile, it can handle a lot more capacity for IT support.

Carolyn Woodard: Yeah, it kind of puts the burden on us to find the great people to hire. 

And also, when you’re looking for an MSP, I put some resources in the chat as well around, how do you know if you’re ready for an MSP, if it makes sense for you, some vetting questions to use, if you’re not happy with your MSP, you’re looking for a new one. We put together a download that has some questions to ask.

But I will also say that if you’re struggling to manage your IT and you’re under 15 to 20 staff, we did a webinar a little while back about using Google Workspace, which is very easy to set up on your own if you’re not an IT person. And how to manage that as you grow. And so that webinar I also put in the chat, you can delve in if that’s something that you’re dealing with.

The one thing about Google Workspace is it doesn’t really force you to put a lot of security in place. It can just kind of like, it’s very user-friendly. So it’s not going to tell you, oh, this isn’t secure, or you need to have an administrator doing this, that sort of thing, which on Microsoft side you do get.

We have some advice in that webinar about trying to make your Google Workspace as secure as you can. It is a secure platform. I’m just saying that because it’s so non-tech user-friendly, there may be some things in there that you have to think about or know to do to make it more secure.

And I also did a webinar a little while ago about training up internal managers. So, as you said, Nura, it can be hard to hire those IT specific people, but you may have some staff in your organization already that are, you know, like, they’re really excited about it or they’re first adapters. They’re already using AI tools. They just get excited about it. 

And we did a webinar a little while back about a friend of the organization, friend of the pod, who does these training sessions to help executives communicate better with maybe their internal person and maybe move somebody who’s an accidental techie in to get the training and the professional development so that they can manage the IT for a smaller organization. It’s one of the models that we have. So hopefully you can make it better. 

Budgeting for Fundamentals and/or Projects

And then we also wanted to talk a little bit about budgeting for IT support and this kind of fixed costs versus discretionary costs debate. When you’re facing challenges and financial challenges, it’s very natural to think, I’m just going to put off any projects, I’m going to hold on to that discretionary funding, you know, the nice-to-have instead of the must-have items for IT. And I’m going to wait until we have a better financial outlook, or we have some staff that are changing right now, or we have some other challenges going on. So, I’m going to put those off and I’m going to focus on the fundamentals.

But Nura, we wanted to talk a little bit about when your fundamentals are not up to speed, you may need to prioritize time and sometimes funding for a project to get your fundamentals to where you want them to be.So can you talk a little bit about that? 

Nuradeen Aboki: Yes. So the fixed costs are kind of obvious, but I think an assessment or at least you need to know what you need to keep the lights on. For instance, you need to make sure your licenses, the subscription you’re paying for, you pay them timely, you need to make sure people have robust equipment that they use or devices. Most likely having them on the warranty for any event that the hardware fails, you can get that replaced. 

But however, there are some additional costs in order to have a well-managed IT. You definitely want to consider some fundamentals such as having IT policies. And we can never emphasize enough the importance of IT policies because we’ve seen successful organizations having just, regardless of their size, but having those fundamentals actually thrive and they have a better managed IT or even well-managed IT because of those fundamentals.

There are cost components to it. First cost, we want to keep the lights on. We want to make sure that that is covered.  But we want to also strategically look at first year, second year, the decisions that we’re trying to make now, and spending a little bit more to get some of those fundamentals in place will help us in the future.

So really looking at those fundamentals and taking them seriously is what we want to emphasize here. That not only do you want to keep the lights on, but you also want to be strategic in ensuring the fundamentals are taken care of and you’re making strategic investments in them because they will help you in the future in improving their overall IT experience. Also, maybe save you some money because you’re no longer running into risks and wishing that you had spent that money earlier.

Carolyn Woodard: I think I’m always amazed how many clients come to us, and when we do that assessment, they sometimes have 20 or more licenses or accounts for people who have left their organization. 

Not only are you paying for those licenses you’re no longer using, but that’s basically an open door into your organization. Hopefully that person who left isn’t disgruntled. But even if they left and they’re fine, that’s just a login that’s hanging out there. And it could be breached, and you might not even know about it.

So make sure to do that assessment

And I didn’t put on here making that data map. Sit with your stakeholders, going through department by department and learning where the data is, what tools are they using that are storing something that’s important about your organization or your clients or your work.

You need to know where that data is, make the policy about retaining that data and keeping it secure. Knowing what vendors are storing your data, what accounts have access to your data, if your data is in these different silos, often that’s for a reason. Who has those admin accounts and who has the other, regular logins, you need a data map, then you need a plan, and you may need more training. You may need a different onboarding and offboarding process. You may need a different approval process for new tools so that they get properly vetted, that it’s a secure tool. I would think we’ve all seen some news reports recently of people using tools that weren’t that secure as they were supposed to be.

All of these are ways to protect your organization. I think in this moment, that’s one thing I want to convey is that nonprofits, maybe over for-profits, have this ethos of your staff who are really dedicated to what you do. And they really care about what you do in your organization. Enlisting them to help protect your organization is a lever that some for-profit companies don’t have. For them, it’s just a job. But for us, we really care. 

Self-Care in Nonprofit IT Roles

And speaking of caring, I’m going to move into this topic of self-care in nonprofit roles. 

I did a webinar on this last November. I learned so much. I challenged so many of my own assumptions about what you need to do to stay balanced, stay healthy, stay motivated, not burn out. I know we have a lot of stress all around us all the time. 

One thing that I learned in this webinar is that I thought you really need to have an hour-long massage or do an hour of yoga to reset. And what the research shows is that you really don’t need to take a big chunk out of your day. Doing a five-minute reset several times a day is as effective or more effective than taking a long pause. It is still important to eat lunch, not at your desk, not reading emails. Make time that you’re away from work to actually be away from work, and decompress and unplug. But definitely, there’s a lot of good stuff in that webinar. So I hope you’ll check it out if you’re looking for mental health and physical health advice. 

One thing I want to say is for leadership, if you’re in a leadership role, is definitely lead by example. Check in on the stress levels of your staff, share some de-stressing techniques, communicate, communicate, communicate, and practice good change management. 

In the best of times, change management around IT can be extremely stressful. But now when we have a lot of external stresses coming in, and you want to change something, you want to change a policy, change a tool, whatever it is that you’re working on that’s changed, make sure you do a lot of change management around it. So that your staff know what you’re doing, why you’re doing it, how it’s going to impact them, what they need to do to be part of the plan. So they feel heard and that they’re part of what you’re doing. 

Since the pandemic, luckily, and we’re all working from home, I think a lot of nonprofit staff are more likely to check in with each other and are more aware of the value of good physical and mental health in our workplaces. 

Definitely, if you’re an IT staff person, make sure that you’re putting self-care first on your daily list. I had a good friend who told me this a while back. If you don’t do your self-care first and you burn out, you’re not going to be helping anybody else on the help desk. You’re not going to be doing any more IT budgeting. You’re just going to be burnt out and need to take some mental health days. Making sure that you take care of yourself is really important at all times, but especially when there’s lots of stuff going on out in the world that’s impacting us.

I’m going to go ahead and share this link to that webinar that I did on stress and self-care

And then for funders, I don’t know if there’s any funders on the webinar today, but definitely understanding and prioritizing that IT support that you’re giving to your grantees. We’re really hopefully a lot of our funders have that trust-based philanthropy that they’re following, where they’re really listening and interacting to the grantees and finding out what the grantees really need from them 

And IT support, I can guarantee you a hundred percent, a hundred and ten percent, a hundred twenty percent is something that nonprofits need from their funders. So anything you can do to help them at this time is necessary. 

Essential IT for Nonprofits in Challenging Times Summary

All right, so now we’re going to move into our review.

We have a lot of free resources on our website around all of these issues. Nura, do you want to read through some of these bullet points, just to make sure people get them?

Nuradeen Aboki: Yes, this review is going to help us just make sure we have some take-home lessons here throughout the webinar. 

Q&A 

Carolyn Woodard: Thank you. We have a great question who just came in. I’ll say to everybody else; we’re in the Q&A section right now. If you have some questions for Nura, please go ahead and put them in. 

How to Manage Up and Convince Nonprofit Leadership to Invest in IT

Chandra asks, what tips do you have for managing up and helping leadership understand why invest time and money in IT? And actually, for a lot of things we talked about today, it’s mostly time, getting that committee together, putting aside that hour a week or a month to do these things.

Why is investment in IT security so essential? And she says, there’s often pushback when we introduce this topic. 

In your work with clients, do you have some tips, a couple of things that you can tell them to try?

Nuradeen Aboki: Usually leadership, from my little experience, like a story. They like to know the risks. 

And then look at other similar nonprofit organizations that have faced security threats, or have been compromised due to lack of investment. As leadership see these realities, they are smart enough, they are clever to make those choices given the time. Because those are the realities that they will have to deal with if it comes to the organization being impacted by security risks.

Carolyn Woodard: I would say in my experience too, and I’m going to talk a little bit about our next webinar in a moment. But if you can find other champions or cheerleaders for you, they can kind of triangulate and keep presenting this as a problem, as a business problem that needs an executive solution. If there’s somebody on your board that understands that maybe your technology isn’t where it needs to be. 

Actually somebody on a podcast that I was listening to said, just put that meeting on somebody’s calendar. Just say, I need to meet with you once a week until this is over, or once a month or however often it is. And just get the time on their calendar. And then go in there and talk about it. Just making that a regular occurrence can help make it a priority. 

And also, if it’s monthly or however often you decide to do it, that executive has time for it. You know, they don’t have to do anything in between (don’t give them homework). They can just come into that meeting and then be ready to tell them, lay out the story as Nura was saying. And then the next month, it’s going to be easier because they have that background. And then you can come in and start doing things and getting things changed. 

But it’s really, really, really hard. So keep at it. That’s all I can say is keep at it. It’s hard when you’re the person who can see the technology path and you have to get the other people to come along with you. So it’s not easy.

Someone also says in chat is sharing that each leader, person, decision maker also has a number of times that they need to hear something before they make that shift. 

That is definitely true. The more often you hear it, you know, in your personal life, too. The fifth time you hear something, you think, oh, I actually have to do something about that. For sure, that can help. 

Cybersecurity can also be your way in because it really is top of mind for a lot of people, and especially in this environment. 

And I’ll just tell the short anecdote that I did a podcast with somebody who was telling me that they had a board member for this nonprofit organization, who was sued by somebody else for something else. But through the discovery for that lawsuit, all of their board e-mails also were discovered, had to be turned over to the subpoena. 

I don’t like to scare people, because we also say that if you’re doing the fundamentals, if you follow the playbook, you can protect yourself from 80 to 90 percent of the threats against you. This is not something that’s impossible to do. But definitely sometimes that exposure to risk can be a lever that you can use with your executives as well. 

Learning Objectives Recap

I want to make sure that I have time to tell you about our next webinar and go over the learning objectives. 

I’m really excited to talk to you about next month’s monthly webinar. I want to invite you back for a special webinar led by Alethea Hanneman from Board.dev. It’s an organization formed to educate for-profit tech leaders on how to join nonprofit boards and help them utilize technology to achieve their mission, which is something we’re really excited about. 

But Board.dev also educates nonprofits on all the good reasons to recruit someone fluent in tech to your board and how you might go about doing that. And they also make introductions and will help train your new board members on the ways nonprofits are different from for-profit boards and try to help them get up to speed on the lingo and make them a success helping you with your technology. 

They have pulled together a lot of research on how a tech-fluent board member can really help nonprofits succeed, but they don’t just try to convince you. They do help you take those steps and are part of the process of making the introductions. That’s going to be on Wednesday, June 18th at 3 p.m. Eastern, Noon Pacific. You can register on our website now and check out communityit.com/webinars for all our past webinar videos and to register for our monthly webinar series. Our podcasts are on there too. We’d love to hear you on the podcast. We’re on LinkedIn. Follow us. We share a lot of content and resources there as well.

We just love sharing with our community. 

I want to thank you, Nura, so much for spending this hour with us and sharing your expertise with us.

Nuradeen Aboki: Thank you, Carolyn. Thank you for having me.

Carolyn Woodard: I want to thank everyone who joined us today. It was an hour out of your day. I really appreciate you giving us the gift of spending your time with us. I hope that something in our webinar today was useful. It’s something that you’ll be able to take home and use at your organization. 

I hope that you’re able to continue feeling healthy, finding joy, doing the things that you love. Even in, as I say, it’s a polycrisis. There are lots of things going on all at the same time. We know there’s a lot of stress out there. We were hoping that this webinar would help take a little bit of stress out. 

I want to say that when you take action, it really helps you feel better. Some of these actions, if you’ve been going from press release to crisis meeting, to figuring out your budget, to trying to serve the people that you serve, putting aside an hour a week to just sit and do your data map, it can be a time to decompress, and slow down, but you’re still taking action. You’re not vegging out, you’re just like doing something that needs to get done, but it’s a kind of a different part of your brain that’s doing it. So maybe that’s another way to find the time to prioritize this. 

I want to thank everybody again for joining us and I’ll let you go on to the rest of your afternoon. Thank you so much. 

Photo by Artem Beliaikin on Unsplash