View Video
Subscribe to our Youtube Channel here
Listen to Podcast
Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on Apple, Google, Stitcher, Pandora, and more. Or ask your smart speaker.
Panel Discussion with Matt Eshleman, Steve Longenecker, Jennifer Huftalen, and Carolyn Woodard
Our experts answered your questions about where nonprofit tech is going next.
AI, Cybersecurity, Google Workspace v Microsoft Office, Gemini v Copilot or ChatGPT or another generative AI tool, AI agents, AI FOMO, data data data, safety and security of your staff, budgeting for and maintaining basic IT, not to mention fancy IT … anything else you want to know about?
We don’t have a crystal ball but we do know our way around nonprofit IT.
We’ll look back at the trends of 2025 and what we got right last January, and we’ll look ahead to make predictions for 2026.
The nonprofit tech roundtable is always one of our most popular webinars every year.
Download slides (4MB pdf)
Q&A continues on reddit at /r/NonprofitITManagement.
As with all our webinars, this presentation is appropriate for an audience of varied IT experience.
Community IT is proudly vendor-agnostic, and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.
Presenters:
As the Chief Technology Officer at Community IT, Matthew Eshleman leads the team responsible for strategic planning, research, and implementation of the technology platforms used by nonprofit organization clients to be secure and productive. With a deep background in network infrastructure, he fundamentally understands how nonprofit tech works and interoperates both in the office and in the cloud. With extensive experience serving nonprofits, Matt also understands nonprofit culture and constraints, and has a history of implementing cost-effective and secure solutions at the enterprise level.
Matt has over 22 years of expertise in cybersecurity, IT support, team leadership, software selection and research, and client support. Matt is a frequent speaker on cybersecurity topics for nonprofits and has presented at NTEN events, the Inside NGO conference, Nonprofit Risk Management Summit and Credit Builders Alliance Symposium, LGBT MAP Finance Conference, and Tech Forward Conference. He is also the session designer and trainer for TechSoup’s Digital Security course, and our resident Cybersecurity expert.
Matt holds dual degrees in Computer Science and Computer Information Systems from Eastern Mennonite University, and an MBA from the Carey School of Business at Johns Hopkins University.
He is available as a speaker on cybersecurity topics affecting nonprofits, including cyber insurance compliance, staff training, and incident response. You can view Matt’s free cybersecurity videos from past webinars here. Matt is happy to again be part of the nonprofit tech roundtable at Community IT and loves talking about cybersecurity and other trends.
As Director of IT Consulting, Steve Longenecker divides his time at Community IT primarily between managing the company’s Projects Team and consulting with clients on IT planning. Steve brings a deep background in IT support and strategic IT management experience to his work with clients. His thoughtful and empathetic demeanor helps non-technical nonprofit leaders manage their IT projects and understand the Community IT partnership approach.
Steve also specializes in Information Architecture and migrations, implementations, file-sharing platforms, collaboration tools, and Google Workspace support. His knowledge of nonprofit budgeting and management styles make him an invaluable partner in technology projects.
Steve is MCSE certified. He has a B.A. in Biology from Earlham College in Richmond, IN and a Masters in the Art of Teaching from Tufts University in Massachusetts. He is a regular participant in the nonprofit tech roundtable at Community IT, drawing on his decades of experience interacting with clients on complex projects and IT management challenges.
Jenny Huftalen has been providing Account Management services for Community IT’s partner organizations since 2007. Now as Director of Client Services, she is responsible for ensuring those partner organizations are receiving the right combination of IT support services that meet their organizational needs and goals.
Before joining Community IT, Jenny worked in a similar role for a best practice healthcare research and consulting firm. Jenny enjoys Community IT’s commitment to serving progressive organizations that are devoted to making a positive impact on their communities and the world at large. She earned a BA in political science from Union College, with minors in economics and history. She is joining the nonprofit tech roundtable for the first time, bringing her 18+ years of experience talking with thousands of nonprofits on what about IT keeps them up at night.
Carolyn Woodard is currently head of Marketing and Outreach at Community IT Innovators. She has served many roles at Community IT, from client to project manager to marketing. With over twenty-five years of experience in the nonprofit world, including as a nonprofit technology project manager and Director of IT at both large and small organizations, Carolyn knows the frustrations and delights of working with technology professionals, accidental techies, executives, and staff to deliver your organization’s mission and keep your IT infrastructure operating. She has a master’s degree in Nonprofit Management from Johns Hopkins University and received her undergraduate degree in English Literature from Williams College. Every year she is thrilled to moderate this panel discussion nonprofit tech roundtable.
Full Transcript coming soon
Reddit and chat and Q&A for Jan 2026 webinar
Resources mentioned in webinar:
AI Acceptable Use Template from Community IT:
https://communityit.com/template-acceptable-use-of-ai-tools-in-the-nonprofit-workplace/
Microsoft Roadmap links:
Identity: https://learn.microsoft.com/en-us/entra/verified-id/
Google Roadmap links:
Calendar: https://workspaceupdates.googleblog.com/2025/08/pre-configured-appointment-booking-calendar.html
Dropbox in Google: https://workspaceupdates.googleblog.com/2025/11/migrate-files-from-dropbox-to-google-drive.html
Ransomware: https://workspaceupdates.googleblog.com/2025/09/ransomware-detection-file-restoration-google-drive.html
Sharing expirations for folders in shared drive: https://workspaceupdates.googleblog.com/2025/11/set-sharing-expirations-files-and-folders.html
Audience resources:
A really interesting read from Microsoft AI CEO of Copilot data. Largest survey of conversations. Also gives you a window on what can be done with the data in these tools. https://microsoft.ai/?post_type=new
Ai Driven Leader by Geoff Woods is a great book and talks a lot about what you shared Carolyn about using AI as your thought partner!
Audience examples of how to share AI training/policy discussions:
“I gave an AI presentation to our leadership team with some ways to be curious and experiment, how to guide their teams to use AI wisely (human in the loop, etc), and how to live within the means of the acceptable use policy but move forward with a proactive implementation of AI. We shared ways we (the technology team) could implement some use cases like agents, etc. We went over some basic definitions too. AI slop is really good to talk about and how it can affect culture and the way we work with each other. So many great conversations!”
“We sent out a survey to everyone in the organization, asking a wide range of questions about how they’re currently using AI; hopes/dreams/concerns, etc. We got wide range of feedback, all of it helpful in gauging where we are at the moment.”
“Had to do a lot of retroactive training to remind folks not to just enter any and all data into AI, especially potentially sensitive or proprietary information”
“We are using Community IT’s template to help us create an acceptable use policy, but have reached out to staff and consultants with some basic guidelines while we finalize the policy.
AI questions from registration and the webinar chat/Q&A:
Q: How do we prevent AI notetaking software during Zoom calls and is it appropriate to have a policy against this technology?
A: There are configurations for this if you are the Admin for the Zoom account, or host of a meeting. If you are only participating in a meeting, your option is to tell the host you are uncomfortable with AI note-taking and ask them to stop it. The host has control – not participants – and ultimately, your “control” is to leave the meeting. I personally find AI note taking to be the area I find AI most valuable, so I’d vote against a policy prohibiting them, unless your meetings are specifically sensitive (social work zoom calls with at risk youth comes to mind).
Q: Generative AI hasn’t been super useful as it’s too formulaic. What improvements should we expect to see in the next few years?
A: Generic generative AI is certainly churning out slop right now – I think a couple of improvements we’ll see rapidly are a) the further rise of AI Agents – specialized and customizable AI tools that work on a part of your own data and do a specific thing for you. And b) I think we’ll continue to see a rise in AI consulting – either offered by the tool you are using that has integrated AI and is offering more customer service to get you to use it more – which will help the user experience by guiding you through it rather than leaving it to chance – or independent consultants/services that will offer to assist in creating the AI Agent or teaching the AI you have to help you better.
Q: How “private” are subscription AI options?
A: (answered live) I mostly use the heuristic that if it’s subscribed to with a company account, it is enterprise. If you buy it personally, I’d consider it public, but I’d give credit that at least you are buying it so we hope the business model is subscription based (not data selling based). Free personal services are the ones were we should probably assume your data is the revenue stream.
Q: How can non-profit IT integrate AI for case management? And, Is AI at a point to write a volunteer management program and if so, what is the best one to use?
A: My answer for using AI for case management or a volunteer program is going to be similar –
AI tools have so much promise. One of the most deceptive promises is that they are easy to implement and can do everything you want them to do, right away, with very little work on the part of the user.
A better way to think about AI tools is as with any other IT selection. You will need change management throughout the process. You will need leadership involvement and leadership leading. You will need to prioritize the time and staff energy to make the switch. And then you will need to do your research, experiment, do pilot programs, engage everyone who will be impacted, do training, roll out the new tool (which just happens to be an AI), do more training, take feedback, maybe re-iterate or tweak the process, the tool, the inputs, the training …
Our advice would be to network with other nonprofits who do case management or manage volunteer programs, see what they are doing with AI that works, what their experience has been. As always, talk to your funders! Have they seen an organization successfully implement an AI tool to do what you are trying to do? Lots of folks in nonprofits and philanthropy are really excited about a lot of these AI use cases, and eager to talk about them. So I guess that is also our advice, is AI implementation shouldn’t sit only with your IT team. You are going to get better outcomes if you really involve the people doing the thing, and if IT is assisting those people to use that AI safely and effectively.
Q: Do paid plan versions of Claude include extra security?
A: I’d check the terms of service (or ask an AI to check the terms of service – maybe more than one given AI is NOT a lawyer). I don’t know off the top of my head, but I’d be optimistic that it does.
File management and SharePoint questions from registration/audience:
Q: We’re interested to learn how other nonprofits approach digital file/asset management and cybersecurity for a small organization.
Q: Best practices for SharePoint structure in the world of Copilot 365 and avoiding oversharing with a distributed governance model?
A: The small organizations that Community IT works with mostly just use their main productivity platform’s regular file repository (Microsoft 365 SharePoint, Google Workspace Shared Drives) and use traditional folder hierarchies to organize files. The most organized nonprofits have some top-down organization-imposed folder structure (you need to save that kind of file HERE, not THERE) as well as a top-down organization-imposed naming convention for file and folder names. We see more sophisticated Digital Asset Management (DAM) systems at some of our larger clients, but it’s not common. FWIW – AI is making finding digital files/assets easier, even when they are disorganized, so in some ways the penalty for lack of organization is diminishing.
Q: I’ve found that it’s not clear how you transition from the Microsoft free business premium to the paid licenses in advance– can you give guidance on that?
A: It’s all handled through the license assignment. You can do it manually through the admin portal, or if you have larger groups you can do license assignments that way. The main difference will be the availability of desktop office software.
Cybersecurity questions from registration/Q&A in the webinar:
Q: What are the top 3 things that a small nonprofit needs to do for security?
A: Top three items for security would be
– IT Policy Foundation (Acceptable Use, Backup & DR Plan, Incident Response, AI Adoption)
– Security Awareness Training
– Implement Phish Resistant MFA for everyone
Q: When comparing between different SSO services for a Microsoft 365 org. do you lean towards MS or okta/duo external options.
A: For SSO services we typically use EntraID if an organization is already in Microsoft 365. Third party SSO solutions like OKTA or Duo or OneLogin can be helpful if there are more sophisticated requirements such as integrating a public facing directory for a public facing web platform or knitting together multiple M365 & Google Workspace tenants.
Q: Are physical keys the only form of phishing-resistant MFA? Not sure if our team is ready to adopt physical keys as a mandated requirement quite yet, but we have authenticator apps fully adopted at the moment.
A: Physical keys are nice because you can just provide them to staff without asking them to install an app on their personal phone. Yubico has a donation program for non-profits https://www.yubico.com/why-yubico/secure-it-forward/
Microsoft has enabled “Passkey”support in Microsoft Authenticator, which is pretty easy to setup and manage: https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-register-passkey-authenticator?tabs=iOS
General Nonprofit IT management questions from registration/audience questions:
Q: Can we be assisted with trainings?
A: Community IT does trainings for our own MSP clients but as a company we don’t have a training program. My suggestion would be to talk to your funder about your IT training needs, often funders can help or can connect you to other grantees who may have suggestions/recommendations. Check with local community colleges about tech training, and also check the free online trainings and knowledgebase available from Microsoft and Google to help customers use their tools better. I can also recommend The Human Stack online training on better managing nonprofit IT and on AI tools. The trainings are affordable and can help up-skill your team in very positive ways. https://thehumanstack.com Tech Soup has free or affordable trainings too: https://www.techsoup.org
Q: Please assume a no knowledge starting base!
A: of course! We try to meet everyone where you are at.
Q: Where does a small 501 (c) 3 nonprofit start?
A: If you mean regarding IT, looking through our free resources and attending webinars is a good start!
I know it is hard to build up an IT roadmap and priorities but it is really essential, and we have a great webinar on how to do it – it will be unique to your nonprofit so try https://communityit.com/video-design-an-it-roadmap-to-create-value/
I want to say – don’t feel like you can’t do this if you don’t have a technical background. Managing IT is like managing anything else, you find trusted helpers and get advice and then you manage it. For HR you might have to talk to a lawyer for stuff you don’t know about, for IT you might have to talk to a provider or consultant – the key is, you are the manager and you can do it! Your nonprofit is probably tackling harder and more intractable challenges in the mission you follow! IT is just hard bc it is intimidating and because some IT providers kind of make it more intimidating than it should be by using lots of jargon.
Other resources you can turn to as a small nonprofit – ask your board and your funders for help. Clearly outline where your IT challenges are. Do you need more skills internally? Prioritize training and apply for classes and certificates! Do you need a more reliable budget? Try putting in place a device management policy – replace 1/4 of your laptops every year so that none of them are more than 4 years old and they can all get all the security updates! Do you worry about security because of the work you are doing? Staff training, putting phish-proof MFA and a data retention policy in place and complying with it could be your priorities.
Q: What tools are best practice for a nonprofit that has a low budget for IT?
A: Having a low budget for IT as a nonprofit is the norm, not the exception! We’re working as a sector to change that, but unfortunately, it is the case that many nonprofits have the double punch of not having a high budget and not having a lot of tech savvy staff. Which is not a criticism – you probably have staff who are amazing at seeing a challenge in your community, fundraising, grant writing, networking, working tirelessly in the community – all the things that make a nonprofit run. It is kind of unreasonable to expect community organizers to ALSO be tech-whizzes too!
Our best practices are:
Use trusted, reliable, and well-known technologies, like Microsoft or Google, and all your other apps and tools like a CRM or productivity tool should be standard and well-used technologies. This protects your organization and gives you options of support. Customized solutions can really lock you in to higher costs and frustrations.
Secure your devices: own and manage your computers and devices, establish a replacement policy (we recommend replacing 1/4 of laptops every year so none is more than 4 years old)
Secure your accounts: train staff, use phish-proof log in authentication, and monitor accounts and licenses (don’t set it and forget it)
Secure your data: have backup and recovery, manage permissions and logins, and officially onboard and off board staff to protect accounts.
IT Governance policies are essential. Along with your employee handbook, acceptable use policies protect your organization and your staff.
Q: How can one get 365 help without having to be a full on MSP client? Is there hourly help anywhere?
A: A really good aspect of using the Microsoft 365 stack as a nonprofit – and one reason why we recommend using a well-established IT stack – is that there are lots of consultants and providers who can help with Office 365.
After decades of working with IT in nonprofits, I don’t recommend relying on a volunteer. Your IT will be better managed and your outcomes will be much better if you commit to paying for 365 help so that it will be consistent and have accountability.
If you are part of a local nonprofit network, ask around. Maybe there are other organizations that also need this help, and if you go in on a local consultant together that person would have enough hours that they’d take the job. Ask your funders who their other grantees use. You can also ask Tech Soup, and NTEN has local groups, so you might be able to find a part time IT support person in one of those locations. Keep asking! The more people know you are looking the better chance someone will make an awesome referral and get you the part time help you need! NTEN: https://www.nten.org
Photo by Nellie Adamyan on Unsplash