Community IT Innovators Nonprofit Technology Topics

Resources shared in this episode: Gallop Poll January 2026 on AI use: https://apnews.com/article/ai-workplace-gemini-chatgpt-poll-4934bc61d039508db32bc49f85d63d99Build Consulting 5 Category AI Implementation Framework by Kyle Haines: https://buildconsulting.com/blog/a-strategic-framework-for-nonprofit-ai-investment/1: Return on Investment - what are you trying to do, and is an AI tool the best way to do it? 2. Technical and Data Feasibility - are you ready? Is your data ready? 3. Mitigating AI Risks - legal, ethical, reputational...4. Anticipating Costs - AI tools are not free5. Change Impacts - making sure intentional change management is in place.How AI is changing search, Yoast wrap up from 2025: https://yoast.com/seo-in-2025-wrap-up/ AI Literacy Measures and Suggestions from US Department of Labor: https://www.dol.gov/sites/dolgov/files/ETA/advisories/TEN/2025/TEN%2007-25/TEN%2007-25%20%28complete%20document%29.pdfAI Literacy Measures: 1. Understand AI Concepts2. Explore AI Uses3. Direct AI Effectively4. Evaluate AI Outputs5. Use AI ResponsiblyDelivery Principles for AI Literacy Growth1. Enable Experiential Learning2. Embed Learning in Context3. Build Complementary Human Skills 4. Address Prerequisites to AI Literacy5. Create Pathways for AI Learning6. Prepare Enabling Roles7. Design for AgilityWebinar: How to Use AI Tools Safely at Your Nonprofit with Matthew Eshleman. https://communityit.com/webinar-how-to-use-ai-tools-safely-at-nonprofits/ _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

In this episode host Carolyn Woodard is joined by Norwin Herrera, IT Business Manager and Team Lead at Community IT. Together, they walk through a real-world case study of a public charter school that implemented a Single Sign-On (SSO) platform called Clever that can solve cybersecurity and accessibility challenges for adult or child students.Strategic IT Leadership for NonprofitsUnlike a traditional account manager, an IT Business Manager (ITBM) acts as a strategic partner, helping nonprofit leadership understand the technology landscape and make informed decisions that align with their mission. The ITBM role is unique to Community IT and is an example of a commitment to partnering with clients over the long term.In this case, the goal was to find a SSO solution that could handle a complex mix of Chromebooks and Windows devices while remaining user-friendly for both adult students and faculty.The Power of Single Sign-OnSSO acts as one door for all of your doors. By using Clever as an identity manager, the organization was able to:Enhance Cybersecurity: Centralizing access allows for immediate offboarding. If a student or staff member leaves, closing one account automatically secures access to all others, prevents fraud, and saves money.Automate User Provisioning: Through zero intervention integration with the Student Information System (SIS), accounts are created or deactivated automatically based on enrollment status.Improve User Experience: Students no longer need to remember multiple different passwords for Google, Microsoft, Zoom, and Slack for example. One password provides access to all the apps they have access to as a student using a school device.Reduce Administrative Costs: Norwin breaks down the ROI of SSO, comparing a small per-user fee against the hundreds of hours of manual labor required to manage accounts individually.Change Management and Successful ImplementationA successful IT project is about more than just software; it is about people. Norwin explains why this project resulted in zero tickets and no complaints: it started with leadership buy-in and a commitment to clear communication.Whether you are an executive at a school or a volunteer board member at a community nonprofit, this episode offers practical insights into how integrated cybersecurity and strategic IT planning can save your organization time and money.Listen in to learn how your organization can move toward a more secure and efficient digital future by subscribing to the Community IT Innovators Technology Topics podcast. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Nonprofit AI: Vetting Your Tools and Understanding AI AgentsIn this midweek AI check-in, Carolyn Woodard explores how nonprofit leaders can make informed, safe decisions in an increasingly crowded technology landscape. The episode begins with a review of a new AI Tools Safety Guide specifically designed for the nonprofit sector. This resource evaluates popular tools based on the criteria that matter most to mission-driven organizations: data privacy, security, and ethical responsibility.Carolyn also demystifies the concept of AI Agents. By breaking down the hierarchy of AI—from simple bots and assistants to more autonomous agents—she explains how these specialized tools can eventually handle the busy work of repetitive tasks, such as cross-referencing spreadsheets or organizing files. Whether you are just starting to draft your organization's AI usage policy or you are looking for ways to streamline your internal workflows, this episode provides practical guardrails for navigating AI adoption at nonprofits.Featured ResourcesTool: AI Tools Safety Guide for Nonprofits Visit Meet the Moment A searchable directory of AI tools evaluated for trust and safety by reputable nonprofit technology experts. It's an ideal starting point for organizations with strict data handling needs and limited research time.Template: AI Acceptable Use Policy Download from Community IT IT is better to establish clear principles now than to wait for time to make a perfect policy. This template helps you communicate expectations to your staff and board regarding the use of generative AI.Community Discussion: Nonprofit IT Management Join the Reddit Community Have a specific question about an AI tool or a repetitive task you'd like to automate? Connect with Carolyn and other nonprofit professionals on our dedicated subreddit to share insights and ask questions. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Building Stronger Teams: Purposeful Connection in a Remote WorldHow do you maintain a cohesive, supportive team when the office is now spread across dozens of different locations? In this episode, Carolyn Woodard sits down with Saba Gebru, Vice President of Support Services at Community IT, to discuss the intentional work required to foster teamwork in a remote and hybrid environment.Saba shares how Community IT transitioned through the pandemic and emerged with a deeper understanding of why social connection isn't just extra—it's essential for better service delivery. When technicians feel supported and connected to one another, our clients benefit from the collective knowledge of the entire firm, not just a single individual. We also discuss how to keep team building from feeling mandatory by aligning activities with mission-driven values, such as local volunteerism and servant leadership.Featured ResourcesCommunity IT Values: Our Story | Read More Learn more about the core values that guide our team—including balance and transparency—and how these principles help us better serve the nonprofit community.Guide: Managing Remote Teams for Nonprofits | View Article For managers looking to refine their remote operations, this guide offers practical tips on the tools and cultural shifts necessary to keep a distributed workforce engaged and secure.Case Study: 100% Remote Work Implementation with Microsoft Cloud | Read the Case Study Transitioning to a fully remote model requires more than just a change in mindset; it requires a robust technical foundation. This case study follows a large nonprofit as they navigated a rapid shift to 100% remote work. By leveraging Microsoft Cloud tools the organization was able to deploy hardware and support staff across the country without ever needing to meet in person, proving that with the right roadmap, technology can bridge the gap between physical distance and mission-critical collaboration.Next Step for Your OrganizationBuilding a strong team culture is an ongoing process, especially in the remote era. If you haven't recently checked in with your staff about what they need to feel connected, consider making it a priority in your next departmental meeting. Start the conversation by asking for feedback on what types of optional social or volunteer activities might resonate with their values. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Nonprofit AI Check-in: Reclaiming Human Rights and Protecting Local CommunitiesIn this midweek check-in, Carolyn Woodard steps back from the technical "how-to" of AI to look at the "why" behind the ethical concerns many nonprofit leaders are feeling. This episode focuses on two significant areas where AI intersects with our core mission of serving others: the protection of basic human rights and the physical impact of the infrastructure that makes AI possible.First, we explore insights from human rights lawyer Malika Saada Saar on how we can reclaim AI to serve dignity and democracy rather than ceding it to companies that make a profit by exploiting sensitive and marginalized groups. Second, we look at the reality of the data centers powering these tools—specifically the environmental and economic pressures they place on local residents. Carolyn shares resources on creating Community Benefit Agreements (CBAs) with data centers as a path forward for local communities.Whether it's protecting a survivor's right to privacy or ensuring a local community has a say in how a data center is built, these are the human issues that will define how we use technology in the years to come.Featured ResourcesWebinar: Slow Violence, Fast Tech | Watch on YouTube In this 30-minute session from All Tech Is Human, human rights lawyer Malika Saada Saar discusses the "slow violence" of AI and how nonprofits can advocate for technology designed with consent and safety in mind, particularly for women, children, and marginalized communities.Report: Why Community Benefit Agreements are Necessary for Data Centers | Read at Brookings As data centers expand rapidly across the U.S., this Brookings Institution paper explains how "Community Benefit Agreements" (CBAs) can help local leaders and residents negotiate for transparency, environmental protections, and shared economic benefits.Community IT Resource: AI Ethics and Policy Webinar | View the Framework If you are ready to start moving from learning to doing, this webinar provides a practical framework for nonprofits to begin drafting their own AI use policies and start conversations around ethics.Next Step for Your OrganizationDoes your nonprofit have an AI ethics policy yet? If not, now is the perfect time to start the conversation with your leadership and board. You don't need to be a technical expert to advocate for your organization's values. We encourage you to use these resources to continue your education and ensure that your use of AI remains mission-aligned. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

In this special anniversary episode, we celebrate a major milestone: 25 years of Community IT. Founded on February 1, 2001, by David Deal as a mission-focused spin-out from Reliacom, Community IT has spent a quarter-century navigating the ever-changing tides of technology for nonprofits exclusively. CEO Johan Hammerstrom, who was one of the early employees to move from Reliacom to the new company, joins us to reflect on our journey from the early days of wiring offices for the internet to our modern role as a national provider of remote IT services and cybersecurity. We discuss how our bedrock foundation of servant-leadership has allowed us to remain a stable, trusted partner for the nonprofit community through dot-com busts, financial crises, and global shifts in how we work.Beyond the history of servers and software, this conversation focuses on the vibrant people who make our mission possible. Johan shares why it is useless to predict exactly where IT will be in five years, and why Community IT instead invests in the creative, dedicated staff who can guide nonprofits through whatever the future holds. Whether you have been a partner since our founding or are just joining our community, tune in to hear how our commitment to technology expertise ensures that nonprofits can stay focused on their missions, no matter how the digital landscape evolves. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

To follow on from our recent discussions regarding the rapid adoption of artificial intelligence in the nonprofit sector, this episode explores the critical technical and privacy distinctions between public and enterprise AI tools. The CISA Incident and the AI Privacy GapLast week, news outlets including Politico reported that the interim director of the Cybersecurity and Infrastructure Security Agency (CISA), Madhu Gottumukkala, mistakenly uploaded sensitive government contracting documents into a public version of ChatGPT. This triggered automated security warnings designed to prevent the unintentional disclosure of government material.This incident highlights that anyone can mistakenly upload sensitive data to a public tool. Even the head of CISA.Key Differences Between Public and Enterprise AI:Data Privacy: Enterprise versions (like Microsoft Copilot for 365 or Gemini for Workspace) keep your prompts and data within your organizational "cloud boundary." Your information is not used to train the underlying public models.AI Search and Permissions: With Enterprise AI, the tool can surface any document a user has permission to see. This makes cleaning up your SharePoint or Google Drive permissions essential to avoid sensitive files being inadvertently surfaced via AI search. Pay attention to files that have been shared with "anyone with this link" because Copilot and Gemini will view that as granting permission to anyone searching. Finally, spend time on staff training on how to save and share files so that permissions will need less clean up going forward. Commercial Protections: Enterprise licenses include copyright indemnity that are absent in public versions.Security: Enterprise licenses give IT management and administrative controls which are essential to securing your nonprofit's valuable data. Resources:Trump's acting cyber chief uploaded sensitive files into a public version of ChatGPT from Politico by John Sakellariadis, published Jan 27, 2026. https://www.politico.com/news/2026/01/27/cisa-madhu-gottumukkala-chatgpt-00749361"The interim head of the country's cyber defense agency uploaded sensitive contracting documents into a public version of ChatGPT last summer, ... The material included CISA contracting documents marked 'for official use only,' a government designation for information that is considered sensitive and not for public release."Microsoft Copilot vs. ChatGPT: Data Protection Explained from Community IT."If you are using Copilot with a 365 subscription, your prompts and data are not used to train the underlying large language model. It keeps your data within your enterprise cloud boundary... This protection only applies when you are signed in to an eligible work or school account."Upcoming Webinar: Verifying Your AI SecurityJoin Community IT CTO Matt Eshleman on February 25th to learn how to distinguish between public and enterprise accounts. Register here: How to Use AI Tools Safely at Nonprofits _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Panel Discussion with Matt Eshleman, Steve Longenecker, Jennifer Huftalen, and Carolyn WoodardOur experts answered your questions about where nonprofit tech is going next.In part 1, Community IT senior staff discuss nonprofits and AI, and updated cybersecurity trends to be aware of. In part 2, they discuss updates to Microsoft and Google Workspace, and take audience Q&A. AI, Cybersecurity, Google Workspace v Microsoft Office, Gemini v Copilot or ChatGPT or another generative AI tool, AI agents, AI FOMO, data data data, safety and security of your staff, budgeting for and maintaining basic IT, not to mention fancy IT … anything else you want to know about?We don't have a crystal ball but we do know our way around nonprofit IT.We'll look back at the trends of 2025 and what we got right last January, and we'll look ahead to make predictions for 2026.The nonprofit tech roundtable is always one of our most popular webinars every year. As with all our webinars, this presentation is appropriate for an audience of varied IT experience. Community IT is proudly vendor-agnostic, and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

To follow on from last week's episode of the ethical issues around AI use and companies generally that nonprofits and the philanthropy sector need to discuss and evaluate through the lens of organization values and mission, here are some resources for moving forward with that discussion of ethics as you put your policy in place and refine it. How Nonprofits Can Resist the AI Efficiency Trap from Nonprofit Quarterly by James A Lomastro, published Oct 28, 2025.  https://nonprofitquarterly.org/how-nonprofits-can-resist-the-ai-efficiency-trap/ "Today, when nonprofits implement AI without protecting workers' judgment and autonomy, they facilitate a similar transfer of power. The tacit understanding of experienced staff—knowing which families need outreach, when silence signals distrust, and which community leaders bridge cultural gaps—is extracted into databases and algorithms....The “AI efficiency trap” plays out in familiar ways: Time savings often lead not to relief, but to higher expectations. Workers may feel more productive yet overwhelmed, as efficiency gains are absorbed into rising demands instead of reducing workloads. In nonprofits, if AI is used solely to expedite routine tasks, it can exacerbate burnout and diminish time for relationship building or advocacy—the work that drives lasting change...Steps leaders can take are:Invest in bias-aware AI governancePosition experienced staff as strategy guidesDevelop new productivity measurements."Other resources referenced in this episode: Ethics, AI Tools, and Policies Webinar from Community IT: https://communityit.com/webinar-nonprofit-ai-framework/AI With Purpose: How Foundations and Nonprofits Are Thinking About and Using Artificial Intelligence from the Center for Effective Philanthropy (with lots of other resources on their site for the sector) https://cep.org/report-backpacks/ai-with-purpose-how-foundations-and-nonprofits-are-thinking-about-and-using-artificial-intelligence/Humanity AI consortium project from 10 Foundations https://humanityai.ai/ Humanity AI is uniting philanthropy in a broad coalition to build a more human(e) future in which AI is shaped by and for people.Tech to the Rescue matchmaking ideal AI projects from the social impact sector with ecosystem partners for funding and expertise. https://techtotherescue.org/Board.dev matchmaking tech-savvy individuals looking to serve on nonprofit boards with the nonprofits that need their expertise. https://board.dev/Responsible AI Adoption for Nonprofits: a Holistic Support Model webinar Jan 28, 2026 with Tech to the Rescue and Board.dev. Register here: https://us02web.zoom.us/webinar/register/WN_DSDEIrLFQxSApI8zQIUhyA#/registration _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Panel Discussion with Matt Eshleman, Steve Longenecker, Jennifer Huftalen, and Carolyn WoodardOur experts answered your questions about where nonprofit tech is going next.In part 1, Community IT senior staff discuss nonprofits and AI, and updated cybersecurity trends to be aware of. In part 2, they discuss updates to Microsoft and Google Workspace, and take audience Q&A. AI, Cybersecurity, Google Workspace v Microsoft Office, Gemini v Copilot or ChatGPT or another generative AI tool, AI agents, AI FOMO, data data data, safety and security of your staff, budgeting for and maintaining basic IT, not to mention fancy IT … anything else you want to know about?We don't have a crystal ball but we do know our way around nonprofit IT.We'll look back at the trends of 2025 and what we got right last January, and we'll look ahead to make predictions for 2026.The nonprofit tech roundtable is always one of our most popular webinars every year. As with all our webinars, this presentation is appropriate for an audience of varied IT experience. Community IT is proudly vendor-agnostic, and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

As AI tools become more integrated into our nonprofits' daily workflows, it can feel as though the technology is moving faster than our ability to evaluate it. However, for mission-driven organizations, technology adoption isn't just a matter of efficiency—it's a reflection of our values. This episode steps back from the technical aspects of AI tools for nonprofits and explores the significant ethical questions that every nonprofit leader and board member should consider when shaping their AI policies.Carolyn explores the complex human issues that often get lost in the marketing noise, from the environmental and community costs of massive data centers to the inherent biases found in Large Language Models. She also discusses the potential risks to mental health and the concerns surrounding the concentration of power within a few global tech giants. Our goal isn't to steer you toward a specific choice, but to provide a framework for understanding how these tools may intersect—or conflict—with your commitment to equity, sustainability, and community trust.This conversation is designed to be a starting point for your internal discussions. We cover four major areas of concern: power imbalances, bias and exploitation, environmental impact, and the psychological effects of AI-human interactions. By acknowledging these challenges openly, nonprofit professionals can make more informed, intentional decisions about if, when, and how to use these tools in a way that truly serves their mission and the people they support.Resources: https://www.wired.com/ai-issue/ Imbalance of Power:https://www.forbes.com/sites/stevenwolfepereira/2026/01/20/davos-wont-save-us-from-ai-the-boardroom-might-be-our-last-hope/https://nonprofitquarterly.org/how-nonprofits-can-resist-the-ai-efficiency-trap/https://medium.com/@Craig_W/the-corporate-playbook-when-good-ai-goes-bad-by-design-aedf9621b07bBias and Exploitation: https://www.ibm.com/think/topics/ai-biasRacism, Surveillance and AI panel, Howard University, October 2025Environmental and Community Impact:https://news.mit.edu/2025/explained-generative-ai-environmental-impact-0117https://naacp.org/campaigns/stop-dirty-data-centersMental Health Impacts:https://jedfoundation.org/american-psychological-association-on-generative-ai/https://www.psychiatrictimes.com/view/preliminary-report-on-dangers-of-ai-chatbots _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Director of Client Services Jennifer Huftalen answers questions about the IT Business Manager role at Community IT. How is an IT Business Manager different from a vCIO or an account manager? Learn more from this conversation.The takeaways: The IT Business Manager is a unique role in the sector and at MSPs serving nonprofits. A combination of technology expertise and a business background make Community IT's IT Business Managers ideally suited to help our clients undertake strategic planning and management of their IT. Similar to a vCIO, like an account manager but so much more, the IT Business Managers work with the primary contact to manage and understand the costs and strategies of IT investment in addition to supporting the help desk team provide day-to-day support. The IT Business Manager comes in at onboarding and helps analyze the initial assessment. IT Business Managers at Community IT can spot trends, identify duplicate tools, extra licenses, help the client create an accurate inventory of devices and licenses, and basically work in manageable stages to move the nonprofits' IT to a “steady state” of well-managed IT.Community IT considers our clients our partners in managing IT. Nonprofits know what their ideal IT would look like. We find that a part time vCIO who parachutes in monthly or quarterly can't develop the deep understanding of that client's needs and pain points and help them invest wisely and manage change. The IT Business Manager at Community IT monitors trends in help desk tickets and identifies ways technology can make the nonprofit more efficient and secure. And the IT Business Manager documents everything, so you can ask any questions and understand how your processes work and what IT you are using. The IT Business Manager has a long term relationship with your organization and can develop 3-5 year planning in conjunction with your executive team that can be used for grant applications and funding support. For just one example, check out our case study on how an adult charter school in DC was able to implement a 4 year plan in 3 months to move all their students to remote learning in 2020.Using Community IT and having access to an IT Business Manager solves the nonprofit problem of trying to hire for this leadership position and find people with a technical AND business background and be able to retain these unique people. And the IT Business Manager at Community IT has the entire team as a resource and their experience at other clients, so you get the benefit of that network of information and expertise.Navigating the complexities of IT management doesn't have to be a solo journey for nonprofit leaders. By bridging the gap between high-level strategy and daily operations, the IT Business Manager ensures your technology is an asset rather than a cost. At Community IT, we believe the strongest solutions come from this kind of deep, human-centered partnership. To learn more about how our unique approach to IT management supports long-term mission success, we invite you to listen to our podcast episode or reach out to start a conversation today. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Whether you are an AI novice wondering how to catch up quickly, or an AI early adopter always looking for a new tool you can use at your nonprofit, we hope you will join us every Tuesday for another quick update on what is going on in the world of Nonprofits and AI. Takeaways and resources from Ep 2:MicrosoftTechSoup https://www.techsoup.org/: A membership driven nonprofit IT resource, particularly for discounted licenses, with a large knowledgebase on many IT tools nonprofits use. AI resources for Microsoft tools, including training: https://techsoup.course.tc/catalog/exploring-ai-with-microsoft-toolsGoogleGenerative AI training and help: extensive resources on using Gemini, including nonprofit-specific use cases and examples.The Human Stack Built around up-skilling your existing nonprofit staff to better manage IT, offers affordable workshops and classes, including a 60 minute course for getting better at AI. https://thehumanstack.com/Perplexity and Charity NavigatorPerplexity is an AI tool that announced a partnership with Charity Navigator to use the Charity Navigator database to improve outputs when asking about nonprofits. https://www.perplexity.ai/hub/blog/research-nonprofits-with-charity-navigator-on-perplexity As with all AI tools, follow your nonprofit's guidelines and policies when logging into non-enterprise accounts - enterprise licenses are more secure and offer more privacy, so use them when you can!Claude and CandidClaude is Anthropic's AI tool, and has partnered with Candid to improve outputs when researching nonprofits, grants, foundations, etc. To learn more: https://candid.org/blogs/claude-for-nonprofits-candid-mcp-connector-access-nonprofit-data-ai-assistant/Q&AWant to ask a question about nonprofit AI and get an answer on a future episode? Got a use case you want to share? A cautionary AI tale you want to warn other nonprofits about? Let's grow this community! Get in touch with Carolyn here, on our website, or on reddit https://www.reddit.com/r/NonprofitITManagement/ _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Learn how to manage valuable data every day at your nonprofit.Director of Data and Systems at the Greater Washington Community Foundation in Washington DC, Jenn Walen, discusses her role in managing data policies and training and supporting nonprofit staff in keeping data clean and organized.Jenn stresses that you need a single source of truth, standards for data entry, and policies. Spending the time to decrease the time spent pulling reports and seeing the whole picture is extremely valuable in this moment. Jenn shares advice and experiences in getting your nonprofit's data where you want it to be.Everybody wants to look good. Good data helps everyone at your organization look good – to your board, your executives, your donors, your constituents. And good data saves everyone time.Additionally, nonprofits looking for one thing they can do to protect themselves in this political environment should look to their data governance and standards. This project doesn't have to involve highly paid consultants or new expensive tools. It just takes prioritization, time, and good change management.Recommendations: Be consistent. Create standards and uphold them. No exceptions.If you need data governance documentation, templates and assistance are available online. You don't have to start from scratch, ask your colleagues. Kindness along the way is important. This is not easy. Data clean up is a pain. Everyone lending a hand can help create solidarity and a culture of accuracy. Support your colleagues!People learn in multiple ways and with multiple styles. Provide training and support to meet them where they are.Get support from leadership to emphasize data clean up priorities.It is so satisfying when the data is in good shape. The rewards for doing the hard work are great.Is there an AI tool that can do this for you? AI tools are helpful. Start with education and training on the tools you plan to use. The tools you can use will depend on your database. Get the training from your vendor on the AI that is being incorporated into your tool. Work with a data consultant to understand implementing AI to understand the implications, the security, and matching the tool to your needs and use policies.Every output from AI needs to have a human review. Don't expect to give AI your data and have it sort and clean it for you with minimum input from humans. Be careful. Respect confidentiality and follow your organization's data governance policies. Think about how you would want an organization to handle your own data. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Community IT is starting a new series today: Nonprofit AI. Midweek we will share 10-15 minutes of updates about AI and nonprofits - including current news stories, tips, definitions, use cases, frameworks, and resources.Whether you are an AI novice wondering how to catch up quickly, or an AI early adopter always looking for a new tool you can use at your nonprofit, we hope you will join us every Tuesday for another quick update on what is going on in the world of Nonprofits and AI. Takeaways and resources from Ep 1:1. How AI Works: The Fast-Paced LibraryThink of a Large Language Model (LLM) like a super-fast librarian who has read almost everything ever written. When you ask a question, the AI doesn't "look up" a file; it predicts the next word in a sequence. It processes your request into small "packets" of data (tokens) that are sent to massive datacenters. There, billions of mathematical calculations happen in milliseconds to return a response that sounds human.2. Embedded AI vs. Prompting AIYou are already using AI, even if you haven't opened a chatbot.Embedded AI: This is "hidden" technology inside tools you use daily, like Google Search algorithms, GPS route optimization, or even your email's spam filter.Prompting AI: This is "Generative AI" like ChatGPT or Gemini, where you actively start a conversation (a "prompt") to create something new, like a draft email or a report summary.3. Use Enterprise LoginsYou should use the Enterprise versions of tools like Microsoft Copilot or Google Gemini (logging in with your work account) rather than the free, public versions. This should keep your data "walled off." This ensures your donor information or internal notes aren't used to train the public model or seen by anyone outside your organization.4. Policies are Your Starting PointWhile many nonprofits are still catching up on formal IT governance or employee handbooks, AI represents a unique moment to start documenting your "rules of the road." You don't need a 50-page document, but you do need clear guidelines for your team on what data can be shared with AI, who is responsible for fact-checking AI outputs, and how your organization discloses AI use. 5. It is Okay Not to Know EverythingYour role as a leader is to focus on strategy and ethics, not the underlying code. It is perfectly professional to say, "I'm still evaluating how this tool fits our mission," or "I need more information on the privacy implications before we proceed."Resources:What is Generative AI? – IBMAI for Nonprofits: What You Need to Know – In the Microsoft/TechSoup Digital Skills CenterAI Is Already in Your Nonprofit – Community IT InnovatorsAI Suitability Kit for Nonprofits - NetHopeArtificial Intelligence (AI) for Nonprofits – The Nonprofit Alliance _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Community IT CEO Johan Hammerstrom walks through how to think about your nonprofit IT budget at any time, but particularly if you anticipate facing steeper challenges and may have to scale back. What are the three “buckets” of your IT needs, and how can you best manage your costs while keeping efficiency and functionality? What is a nonprofit IT budgeting strategy that will work for you in 2026? More extensive resource on nonprofit IT budgeting:Discovering the Value of Your Nonprofit IT Budget webinar with Johan Hammerstrom.Takeaways: In decades of assisting hundreds of nonprofit clients with putting an IT budget together – often coaching how to create and talk about the budget with stakeholders, executives, and board members – Community IT CEO Johan Hammerstrom has come to think of your nonprofit IT budget in three “buckets.” Every nonprofit has a different budget process, so take that into account when connecting your IT needs and priorities to your own process.Remember that your IT budget is not a technology task. It is a technology + business needs task. You need to incorporate the big picture. And don't forget that IT is just another strategic asset that you manage like your lease, your programs, your payroll. Don't make assumptions about what is “too expensive.” If you want to recommend something in your IT budget, make the case for itNecessity/Non-NegotiableLicenses and subscriptions are non-negotiable. Luckily, licenses are usually predictable, fixed costs per seat.Infrastructure needs to be current.Cybersecurity is non-negotiable. Make sure your protections are following best practices. Use your financial auditing process and insurance checklists to update and upgrade your cybersecurity.Can Postpone (and Plan For)Laptop replacements. Redesigning your website. Older server replacement/moving to the cloud for all functions. Everything that can be postponed should come down to a business decision.Discretionary (Can Postpone Indefinitely)Updating systems like a CRM or other software. Where there is no critical immediate impact of not updating, the organization can make a long term plan to do the updates relative to other, more critical and immediate needs, knowing that times and needs may change, costs may come down, AI may change the software/system landscape entirely.When facing difficulty with funding, you will need to prioritize immediate needs and long-term needs.Having a relationship with your funder where you can talk about your planning and decision making can help. Having a nonprofit IT Roadmap is a big help.Community IT knows 2025 was very challenging to our nonprofit sector. With all of the budget challenges our friends and colleagues are negotiating, we hope we can help nonprofit IT be the least difficult to manage. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Senior staff at Community IT share what happened in nonprofit IT in 2025: AI and non-AI. What tips and advice have you missed? Top Nonprofit IT Stories of 2025As is our tradition, we asked some of our senior staff to talk about the most important nonprofit IT stories of 2025. This year, Carolyn gave them two categories – something in AI – or something that might not have gotten as much attention because it wasn't something in AI.AI continues to be a really big story. It has been described as the water we are all swimming in, whether we like it or not. It's going to be impacting all of us, and transforming every sector that nonprofits care about, in the coming years. Education, environment, government, health, privacy and advocacy, immigration, the economy – its easier to ask what issue will not be transformed in 2026 by AI because the answer is none. And in addition to transforming the communities nonprofits care about, perhaps more immediately AI will be transforming the day-to-day work nonprofit staff do, in new and quickly evolving ways. Community IT will continue to be a trusted partner as you make AI decisions and learn AI tools for productivity and added value.In addition to reflecting on AI or giving advice on AI tools, many of our staff members gave practical tips on changes to look for in 2026, from budgeting for increasing costs of laptops because of increasing costs of RAM storage (caused by AI needs!) to the increased security of Microsoft 365 login protections, to data protection considerations and updates to look out for, including Microsoft Archive. Data security and the value of data to nonprofits will continue to be of high importance in 2026, as will the evolution of cybersecurity. Finally, we know 2025 was very challenging to our nonprofit sector. With all of the changes our friends and colleagues are negotiating, we hope we can help nonprofit IT be the least difficult to manage. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Are you the tech helper in your family? In your office? Community IT intern Jack Woodard on lessons learned over years of helping less-tech-savvy people learn the technology they need to do what they need and want to do.Takeaways on How to Be a Tech HelperBe patientPeople who are having trouble with tech get very frustrated, and they also get very down on themselves for not being able to understand it. They aren't setting out to be annoying or hard to deal with, but they can get very defensive or just have a lot of trouble following what you are asking them to do, especially if they have difficulty seeing or hearing. People having trouble with tech have a lot of anxiety around doing the wrong thing – especially with all the scams out there. But they also want to be participating – they don't want to miss out. So taking all that into account when you interact with any staff member or family member is good practice to help meet them where they are. Be a teacher, not a doerIf the less-tech-savvy person in your life is struggling to use tech, doing it for them will reinforce that they are not capable. Instead, do a lot of listening. Identify the real problem (it may not be what they think is the issue.) Then walk the person through how to do it by asking them to do it while you stand by ready to help. Describe what they need to click on. Don't use a lot of jargon. Have the person take notes, especially if they don't use this particular app or do this particular thing every day. The next time they need to do it, they can refer back to their written instructions.If they are upset by updates that change things, consider teaching them to use keyboard shortcuts where available, because these change less frequently.Help them get organized and put the apps and tools they use most frequently where they can find them quickly at a glance. Organizing is deeply personal – so don't impose your way of doing things on them. As a tech helper, follow their lead! Walk through each step with them. Most people will continue to do something “the way they learned how” indefinitely. Use that to your advantage if you want them to do it a new way. Make sure they have learned the steps and they will probably be able to repeat them time after time. Don't forget accessibility features. Many people who struggle with tech may be hard of hearing or have difficulty seeing. Modern tech has lots of features to help, like strong contrast, screen readers, and hearing aids that can be connected to other devices directly.Microsoft Accessibility KnowledgebaseGoogle Workspace Accessibility for Users (can also find the Accessibility Guide for Administrators)Mac Guide to Accessibility Community IT seeks to provide trusted advice and guidelines for nonprofit tech helpers around the holidays and throughout the year. If you have questions on staying safe with technology, especially in the age of AI, it is better to ask someone than struggle alone. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

What scams are circulating and how can you protect yourself and your organization?Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman runs through common scams and new tactics that we are seeing at nonprofits and simple steps you and your staff can take at this time of year to be better protected.Takeaways on Nonprofit Cybersecurity for the HolidaysCommon scams“Your package couldn't be delivered” … this email tries to get you to click on a link or respond in some way, using social engineering/helpfulness/urgency to trick you into helping a colleague or sorting out a problem with a package. “The Executive Director needs to purchase holiday gift cards for staff” … a variation on the “gift card” scam oriented towards the end of the year, holiday parties, gifts for donors or volunteers.Pop-up “your computer has been compromised, call this number” scam … often the pop-up can't be closed (you should shut down and log back in, and alert someone on your actual IT help desk team.) New ScamsSpam bombs… followed by a helpful call from “the IT help desk” ... this scam will inundate your inbox with hundreds to thousands of spam email an hour. This scam tries to get the victim anxious at the spam attack and relieved when “the help desk” notices an increase in spam and reaches out to help. AI deep fake voice and video scams… growing in presence as the tools to create deepfakes become more available and affordable. Protections Against Holiday ScamsStay suspicious, particularly at the end of the day before a holiday break and the week before that break. Be particularly suspicious of in-bound calls and new contact information at any time of year, but particularly around the holidays. Do not give your log in credentials or other information to someone who called or texted you, claiming to be from IT or your bank. Review your incident response plan, particularly your phone tree, before the holidays. Make sure you know who to call to report a suspicion or problem, and make sure that your point of contact has a substitute for when they are out of the office for the holidays. Who is “on call”? Have strong cybersecurity already in place. Strong passwords, MFA requirements, physical MFA keys for staff who are particularly targeted like your Executive Director and CFO, staff training on the importance of cybersecurity to protect your organization – maybe even a quick training on holiday scams to watch out for … taking proactive steps will give you peace of mind during your holidays.Do not be tricked into using a work-around. Always use your established procedures. Do report something, using your incident response plan. If you did click on something suspicious at 5pm on a Friday, use your response plan to report it immediately to the person on call for your cybersecurity. Community IT seeks to provide trusted advice and guidelines for nonprofit cybersecurity safety around the holidays. If you have questions on cybersecurity assessments, staff training, incident response plans, or other cybersecurity topics, reach out and schedule a conversation or assessment with Matt. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Johan Hammerstrom hosts the podcast this week, interviewing Carolyn Woodard on her nonprofit IT management capacity growing pet project.100% of nonprofits struggle with IT management capacity – whether it's optimizing limited budgets, selecting the right tools, or building sustainable tech staffing models. Or just knowing where to turn for trustworthy, professional advice. We need structured connection to share best practices and elevate what works in IT management at nonprofits. We hope this community of practice will gather best practices and that it will snowball, attracting more participants with more experiences and ideas to share.By publicizing proven approaches, we can develop the scalable best practices the broader nonprofit sector needs. By sharing widely within the philanthropy sector, we can reach more nonprofits and stakeholders with the opportunity to manage IT effectively.Technology Association of Grantmakers (TAG) is a membership organization of foundations, funders, and vendors, that shares knowledge and experiences with technology in philanthropy.Carolyn Woodard has been working in collaboration with Jean Westrick and Gozi Egbuonu at TAG to create a community of practice around better defining the challenges around IT support for nonprofits and grantees, and to gather and better disseminate best practices. When nonprofits have functioning and strategic IT they are 4 times more likely to be effective at achieving their missions. How, as a community, can the stakeholders come together in partnership to grow IT management capacity, IT funding, and IT strategic planning as a leadership component of any effective nonprofit? Together, TAG and Community IT curated a series of three events around this topic: a panel discussion with experts from providers, foundations, and TAG laying the groundwork of the issue; a mini-convening meet-up of interested stakeholders at the TAG Conference in 2025; and the release of a white paper in early 2026 outlining the nonprofit IT management landscape, existing resources, and areas for building out best practices. To join this community of practice and stay updated on events and publications, get in touch with Carolyn, through our contact us page or on Linkedin. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Why a 2025 technology equity guide for nonprofits? Part 1 covers introductions and a deep discussion on the issues of equity in the technology your nonprofit staff use and how they use it. Part 2 delves into questions of funding tech at nonprofits and touches on creating technology tools and applications that can disrupt inequity in our communities, finishing with Q&A.Nonprofit technology is marked by inequities within our organizations and our sector.  You can see this in staffing and processes, and the way technology tools are implemented. Learn to use the free NTEN Equity Guide for Nonprofit Technology as an active and regular part of your strategy discussions and policy review processes and as a resource for evaluation.Join Tristan Penn to learn how nonprofit staff can use technology strategically in racially equitable ways to meet our missions and community needs.Worried about inherent bias and inequity built in to the technology your nonprofit uses? Wondering how to implement strategies and frameworks to make sure your technology use aligns with your organizational values? Navigating technology can be challenging for nonprofits, especially with the inequities in our sector. How can you use technology as strategically and equitably as possible to advance your mission? This session will explore how to use the NTEN Equity Guide as a key part of your strategy and policy reviews. You'll learn how to implement technology in racially equitable ways to better meet community needs. Get a head start on building a more equitable tech future for your organization.Presenter:Tristan Penn is the Equity and Accountability Director at NTEN, where he works to promote, coordinate, and evaluate best practices that support Diversity, Equity, Inclusion, Accessibility, and Liberation. His work focuses on equitable development and capacity building within the nonprofit sector. He manages a staff, community, and board-specific DEI Taskforce, creating long-term work plans and goals for equity initiatives both within NTEN and across the broader community.In his role, Tristan supports and coaches conference speakers and course faculty on creating equitable presentations and manages an annual community survey to gather demographic data and assess customer satisfaction and goal alignment. He is also responsible for designing and implementing audit processes to evaluate the staff, board, and volunteer policies outlined in NTEN's Equity Commitment, and for developing appropriate methodologies to measure the impact of NTEN's equity efforts. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Why a 2025 technology equity guide for nonprofits? Part 1 covers introductions and a deep discussion on the issues of equity in the technology your nonprofit staff use and how they use it. Part 2 delves into questions of funding tech at nonprofits and touches on creating technology tools and applications that can disrupt inequity in our communities, finishing with Q&A.Nonprofit technology is marked by inequities within our organizations and our sector.  You can see this in staffing and processes, and the way technology tools are implemented. Learn to use the free NTEN Equity Guide for Nonprofit Technology as an active and regular part of your strategy discussions and policy review processes and as a resource for evaluation.Join Tristan Penn to learn how nonprofit staff can use technology strategically in racially equitable ways to meet our missions and community needs.Worried about inherent bias and inequity built in to the technology your nonprofit uses? Wondering how to implement strategies and frameworks to make sure your technology use aligns with your organizational values? Navigating technology can be challenging for nonprofits, especially with the inequities in our sector. How can you use technology as strategically and equitably as possible to advance your mission? This session will explore how to use the NTEN Equity Guide as a key part of your strategy and policy reviews. You'll learn how to implement technology in racially equitable ways to better meet community needs. Get a head start on building a more equitable tech future for your organization.Presenter:Tristan Penn is the Equity and Accountability Director at NTEN, where he works to promote, coordinate, and evaluate best practices that support Diversity, Equity, Inclusion, Accessibility, and Liberation. His work focuses on equitable development and capacity building within the nonprofit sector. He manages a staff, community, and board-specific DEI Taskforce, creating long-term work plans and goals for equity initiatives both within NTEN and across the broader community.In his role, Tristan supports and coaches conference speakers and course faculty on creating equitable presentations and manages an annual community survey to gather demographic data and assess customer satisfaction and goal alignment. He is also responsible for designing and implementing audit processes to evaluate the staff, board, and volunteer policies outlined in NTEN's Equity Commitment, and for developing appropriate methodologies to measure the impact of NTEN's equity efforts. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Technology Association of Grantmakers held their 2025 Conference in Atlanta. Jenny Huftalen and Carolyn Woodard attended and share the takeaways and trends in philanthropy for tech.The takeaways: Technology Association of Grantmakers (TAG) convenes members bi-annually to share knowledge and experiences on technology used at foundations and funders. Four trends stood out from this year's conference: AI, Data, Cybersecurity, and our own health.Almost every session and keynote spoke to the prevalence of AI in our lives, in philanthropy, and in the nonprofit space. If you are feeling FOMO or feeling that you don't know enough about AI, rest assured no one really knows what they are doing either. We also heard several fascinating use cases where nonprofits in partnership with funders are using AI in thoughtful and impactful ways. Data and database cleaning and organizing was also a trending topic. Several presentations stressed the need to work on your data processes and governance before throwing an AI product at your data and expecting it to clean it up for you. Again, thoughtful attention to the human side of data is necessary to make the AI work well. Several speakers stressed the need to weave cybersecurity throughout your operations and realize that IT and cybersecurity touch every staff member at your organization. Starting with anti-virus software not being built-in to your purchase, IT has constantly packaged cybersecurity as something additional and separate. But that is an inadequate viewpoint. Weave cybersecurity into everything and keep yourself and your organization better protected.Finally, our health. IT in philanthropy is all about people. People need to be healthy, which can require a pause to reflect even in chaotic and stressful times. Several speakers and attendees talked about the need, as ever, to re-focus on the essentials: the communities we partner with, the deep knowledge we have about the assets we hold and the challenges we face, and that we do this work because we have hope for a better future.It's clear that the intersection of technology and philanthropy is evolving rapidly. These trends can feel like a lot to navigate, but remember that the strongest solutions always come from a thoughtful, human-centered approach. Community IT is here to help your nonprofit or foundation thoughtfully weave technology into your operations so you can focus on your mission. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

What Do Nonprofits Need to Know About Penetration Testing?Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman explains what penetration testing is, why some nonprofits may need it, and why other nonprofits may not, or may not need it until after a basic assessment and vulnerability scanning. Do you have someone urging you to get expensive pen testing, and you aren't sure if you really need it, or if it is just checking a box on an insurance form? This podcast should give you more information on what the pen test tests, and how to match your investment in cybersecurity to your nonprofits' risks and needs. Takeaways on Pen Testing for Nonprofit CybersecurityWhat is penetration testing? When nonprofits hosted a server on premises, penetration testing was a step that could be taken to look for vulnerabilities such as open ports on the local network.Pen testing, as the name implies, involves finding vulnerabilities and exploiting those openings to show how far into your system a hacker could get. Usually a pen testing company will provide a long and very technical report about the client's cybersecurity configurations. Now that most nonprofits are working in the cloud, there is less to test in a pen test. Vulnerability scanning and a basic assessment can usually create a more valuable list of vulnerabilities and remediation suggestions, for a more affordable price. An assessment will provide a more comprehensive and holistic report on the cybersecurity practices at your nonprofit.If you have been told you “need” to have a pen test, make sure you understand why and the ROI return on investment the pen test is expected to provide.Pen testing has definite value, but that value is very specific to certain types of organizations; with on-site servers, and with certain technical needs and risks. The most likely source of compromise and fraud at most small- to mid-sized nonprofits is going to be malicious phishing email leading to wire fraud or compromised credentials. If you have a limited budget to put toward cybersecurity practices, it makes sense to invest in staff training to decrease the risks of clicking on a bad link, and “basic” cybersecurity to protect account credentials and user ID. In general, Community IT would recommend starting a cybersecurity improvement journey with a basic assessment, adding vulnerability scanning, and only after addressing any vulnerabilities discovered at that level, determining whether a pen test is a valuable tool to learn more about your system security and resilience.Community IT hopes that we can provide trusted advice and guidelines for nonprofit safety and security. Your cybersecurity risks and needs will be individual to your nonprofit. If you have questions on pen testing, vulnerability scanning, and basic assessments, reach out and schedule a conversation or assessment with Matt. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

October is ESOP Employee Owner MonthAn Employee Stock Ownership Plan, or ESOP, is a legal structure used in the U.S. to create an employee-owned company. Essentially, an ESOP is a type of retirement plan that invests primarily in company stock, holding the assets in a trust for the staff. Community IT is 100% employee-owned. This structure means our staff participates in the company's success. Not all ESOPs are 100% employee-owned. Our CEO Johan Hammerstrom walks through the decisions and concerns of our founder, David Deal, that the mission of the company always remain focused on serving nonprofits with well-managed IT. The best way to preserve that mission when he sold the company in 2012 was to sell it entirely to the staff. Being an ESOP is fundamentally important to Community IT because it ensures we maintain the stability and focus required to serve the nonprofit sector best. This structure guarantees we control our own destiny, allowing us to prioritize long-term, excellent service to nonprofit organizations over external pressures like seeking to be acquired or maximizing short-term profits for outside owners. Further, it enhances our culture by aligning the incentives of our passionate employees with our mission, empowering independent decision-making and ensuring that clients benefit from a dedicated, resourceful, and stable team that is invested in the organization's lasting success.Join CEO Johan Hammerstrom as he explains what October being ESOP employee owner month means to Community IT, our clients, and our dedication to providing excellent outsourced IT services.Interested in the ESOP structure advantages and how to become an ESOP? Contact Johan directly, he is always happy to talk about our ESOP. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

A Panel Discussion with Matthew Eshleman and Ian Gottesman.In part 1, Ian and Matthew discuss an approach to cybersecurity for nonprofits, taking the first steps, and 3 steps you can take to prevent at least 80% of attacks. In pt 2, they talk about making cybersecurity training more engaging, and lessons learned this year. They finish by taking audience questions.Our nonprofit cybersecurity experts discuss the current state of risks, and the best counter-measures nonprofits should have in their toolboxes. Learn what are cybersecurity essentials for nonprofits, and how your nonprofit organization can meet the moment. Keep your staff, your networks, and your data secure in an insecure world.Worried about nonprofit cybersecurity?You aren't alone. The nonprofit sector is seeing new attacks and politicization of work that was never political before. Most attacks we are seeing in our networks are still financial, not political – but that doesn't make being a victim of these attacks better. AI is changing cybersecurity needs rapidly.If you aren't sure what you need to know, or who to ask, learn from our expert panel in this webinar where we will discuss cybersecurity essentials for nonprofits in accessible language, and lay out a plan for any nonprofit to put the basics of cybersecurity in place.Secure your devices. Secure your accounts. Secure your data. In this new webinar, expert panelists discuss cybersecurity essentials and take Q&A.As with all our webinars, this presentation is appropriate for an audience of varied IT experience.Community IT is proudly vendor-agnostic, and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

A Panel Discussion with Matthew Eshleman and Ian Gottesman.In part 1, Ian and Matthew discuss an approach to cybersecurity for nonprofits, taking the first steps, and 3 steps you can take to prevent at least 80% of attacks. In pt 2, they talk about making cybersecurity training more engaging, and lessons learned this year. They finish by taking audience questions.Our nonprofit cybersecurity experts discuss the current state of risks, and the best counter-measures nonprofits should have in their toolboxes. Learn what are cybersecurity essentials for nonprofits, and how your nonprofit organization can meet the moment. Keep your staff, your networks, and your data secure in an insecure world.Worried about nonprofit cybersecurity?You aren't alone. The nonprofit sector is seeing new attacks and politicization of work that was never political before. Most attacks we are seeing in our networks are still financial, not political – but that doesn't make being a victim of these attacks better. AI is changing cybersecurity needs rapidly.If you aren't sure what you need to know, or who to ask, learn from our expert panel in this webinar where we will discuss cybersecurity essentials for nonprofits in accessible language, and lay out a plan for any nonprofit to put the basics of cybersecurity in place.Secure your devices. Secure your accounts. Secure your data. In this new webinar, expert panelists discuss cybersecurity essentials and take Q&A.As with all our webinars, this presentation is appropriate for an audience of varied IT experience.Community IT is proudly vendor-agnostic, and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Today Carolyn talks with Johanny Torrico about her recent promotion to an executive position that the Community IT Board created for her: President and Chief Operations Officer.This conversation provided an opportunity to delve into Johanny's strategic vision for the company's future. We explored how the new position was created to recognize her role guiding the company through a period of significant growth and innovation in the past few years, ensuring that we continue to provide the highest level of service and support to the nonprofit community. We also touched on the challenges and successes of our expansion at Community IT, doubling both staff and clients served in the years following the pandemic. From scaling our services to meet increasing demand to fostering a cohesive culture as our team grows, Johanny shared valuable insights into the dedication and strategic planning that was required to navigate this dynamic landscape.Our President and COO shared personal reflections on her extensive career in IT and operations, highlighting pivotal moments of challenge and the principles that have led to her success. This led to insights on what it takes to recognize and nurture talent within an organization, offering practical advice for HR professionals, managers, and job seekers alike. We also explored the unique benefits of being a 100% employee-owned company. This model is a cornerstone of our internal culture, fostering a deep sense of ownership and commitment among our staff. Ultimately, this shared purpose and dedication not only helps us attract and retain top talent but also directly translates into the exceptional service and long-term partnerships we provide to our nonprofit clients.Johanny has a lot to say on the benefits of a culture that encourages staff to be happy and capable, and the focus at Community IT on customer service – the face to face interactions of people with people. “As an employee owned company, we all have a stake in the success of our company. For sure, that is something that has contributed to the culture that we have. A culture of work-life balance. A culture of team building, of learning together. I think that part of staff development, that part of working together for the better good, supporting nonprofit organizations, is definitely what makes Community IT unique in the sector.”– Johanny Torrico, COOSpeaker:Johanny Torrico brings over thirty years of experience managing teams and operations to her role as President and Chief Operating Officer at Community IT, where she leads the largest internal team providing services to clients. A calm and organized leader, Johanny is responsible for the service and technical operations for all the teams at Community IT. She also leads staff development and internal business processes, with a focus on staff retention and career mentoring.As Chief Operating Officer Johanny played a critical role in leading the dramatic expansion of our service operations.  She established new teams, expanded company management and led the successful adoption of a wide range of new technologies.  Johanny has a special ability to promote standardization of our services in ways that add value for our clients. Johanny brings decades of experience, professional maturity and tremendous skillsets as a business leader. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman offered his take on these trends. Listen for expert advice on avoiding new computer viruses and making sure your organization is protected from Attacker-in-the-Middle attacks on MFA (Multi-Factor Authentication), particularly for important accounts like your Executive Director and CFO.Fighting VirusesVirus attacks have been increasing. These computer viruses are no longer just malware that “infects” your network through an email link or website. Bad actors know we are suspicious of links in our email and that these days most malicious emails are stopped from reaching our inboxes. As a work around, they have started sending a document with instructions to open the document with a “secure code” – actually a malicious code. In this way, they trick the victim into running the attack against themselves. To resist this attack, always think – if the document you need to open is legitimate, and the person emailing it to you is genuine, they can send you a pdf. You should be very suspicious of any attachment that requires another set of steps to open, particularly executing code on your computer.Other ways you may pick up a computer virus: downloading something malicious online. Be careful to double check you are on a legitimate site before downloading anything. Better yet, use the App Store where possible. We are also seeing an increase in malicious pop-ups. If a window opens on your computer saying you have a virus, it can be scary. Always contact your own IT provider. Do not follow the directions the pop up is giving you to get “support,” or you will be calling the scammer. Using Phish-Resistant MFACommunity IT continues to recommend that all users use a Multi-Factor Authentication method on all accounts.Because MFA is so effective, it is not surprising that attackers are trying to work around it. In the past few years Attacker-in-the-Middle attacks have been on the rise. In this attack, the bad guys trick a user into “logging in” in a way that exposes their secure token for the attacker to steal. The attacker can then login as the user from a different device and gain access to anything the user has access to.Phish-Resistant MFA, like using a passkey or Microsoft Hello, will only allow the MFA to be authenticated from the device where you are. You can also use a physical key like Ubikey or FIDO, which must be present to allow the login.Community IT is recommending at a minimum that all accounts with access to sensitive data such as Executive Director, CFO, maybe Board members, the executive team, should use Phish-Resistant MFA to best protect the organization. Of course, any access to your network is a risk, so where possible, investing in Phish-Resistant MFA for all staff is a good investment.Training on Phish-Resistant MFA can lessen the friction or feeling that an extra step is required. Most Phish-Resistant MFA is quick to use and easy to learn. Peace of mind is worth it. Community IT hopes that building this culture of care at your organization makes it easier for you to update your staff on new threats and scams through your regular training program.  _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Change Management Lessons with Debbie CameronBuild Consulting Partner Debbie Cameron and change management expert in a webinar on when you can rescue a nonprofit technology project using change management techniques. In part 1, Debbie describes the philosophy of change management and how these techniques work in helping the people at your organization understand and adapt to big changes. In part 2, she discusses how to rescue a failed project and some techniques to turn a project around. She also gives a mini-case study and takes audience questions.It is never too late to go back and re-assess where change management best practices can help.Learn how to use change management principles to get more out of your nonprofit technology investments and rescue a tech project that hasn't succeeded – yet.Do you have a technology tool that is not living up to expectations?In an ideal world, change management would help inform three main phases of technology project implementation: planning, during, and after go-live. Build Consulting curated a three-part video series with Debbie Cameron, change management expert at Build Consulting, walking through the Build philosophy and providing best practices and examples at each stage of nonprofit tech project management.But what if you weren't present for the entire project? What if you are facing a project that isn't going well – that you inherited – a technology tool that your organization is paying for but everyone hates – a tool your organization is stuck with … is there still a role for good change management? Is it too late to use change management best practices to rescue these projects?In this new webinar, Debbie shares techniques and tools to help analyze where change management can support implementation after technology change. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Change Management Lessons with Debbie CameronBuild Consulting Partner Debbie Cameron and change management expert in a webinar on when you can rescue a nonprofit technology project using change management techniques. In part 1, Debbie describes the philosophy of change management and how these techniques work in helping the people at your organization understand and adapt to big changes. In part 2, she discusses how to rescue a failed project and some techniques to turn a project around. She also gives a mini-case study and takes audience questions.It is never too late to go back and re-assess where change management best practices can help.Learn how to use change management principles to get more out of your nonprofit technology investments and rescue a tech project that hasn't succeeded – yet.Do you have a technology tool that is not living up to expectations?In an ideal world, change management would help inform three main phases of technology project implementation: planning, during, and after go-live. Build Consulting curated a three-part video series with Debbie Cameron, change management expert at Build Consulting, walking through the Build philosophy and providing best practices and examples at each stage of nonprofit tech project management.But what if you weren't present for the entire project? What if you are facing a project that isn't going well – that you inherited – a technology tool that your organization is paying for but everyone hates – a tool your organization is stuck with … is there still a role for good change management? Is it too late to use change management best practices to rescue these projects?In this new webinar, Debbie shares techniques and tools to help analyze where change management can support implementation after technology change. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Do you have important files in your nonprofits' Google Drive that are associated with their owners' personal gmail address? Google lets you migrate those files to Shared Drive so your organization never loses access to them. Google Workspace is fantastically easy for nonprofit start ups to set up and doesn't take a lot of technical know-how to manage until you grow to a larger staff size. One of the common issues we run into is ownership of files. In Google world, the creator “owns” the files even when shared or saved on a shared Google Drive, and if that owner leaves the organization – through any number of scenarios – the organization no longer has access to those files. Depending on how important the files are, that can cause problems! For example, if you are using an outsourced CFO – or if a photographer “shared” files with you – you can lose access. A while back Google created “Shared Drive” and we recommend moving files from individually shared folders to organizationally owned folders. In this podcast, Steve shares a Google Drive trick for nonprofits on migrating those files to Shared Drive relatively easily, by making the owner a temporary manager of the new folder. The takeaways: Google regards the “owner” of files as the creator. Various options for sharing files may not grant complete access to those files for as long as they are needed. Community IT recommends creating Shared Drive in Google Workspace and migrating individual files and folders there to preserve organization access to them. This changes the “owner” from the individual to the organization. If you are running into migration issues with shared files disappearing, it is probably because the file was “owned” by someone outside your organization, or even someone within your organization using an individual gmail account to access Google. It is very easy to mistakenly log in to Google under other accounts to do your work!To migrate files in that situation, Google makes it possible to solve the ownership problem without a third-party tool. Staying within the Google universe preserves the file formats and makes migration easier. Links remain valid as will dynamic connections within Google Sheets.Community IT recommends creating a Shared Drive and temporarily making those external people managers with their individual gmail account. That gives them the ability to move whole folders of their files into the Shared Drive, where they become “owned” by the organization even after the individual leaves. This also helps clear up files created by external vendors where ownership needs to sit with the organization not with the individual owner, such as photos.It sounds complicated, but Steve walks through how to approach “ownership” in the Google Workspace universe and make data management as easy as possible. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Vanguard Communications' Chief of Innovation Brenda Foster shared tips and practical advice on getting started using generative Artificial Intelligence AI tools at your nonprofit in a way that matches your mission and values.Learn how to prompt, when and how to use AI tools, and when not to. Learn how to evaluate the outputs and feel good using AI at your nonprofit.In part 1, Brenda explains the various types of AI and walks through the ethical considerations and trade offs for the environment, community justice, human creativity, privacy and security, and bias. She presents a five question framework for creating your nonprofit AI policy. In part 2, Brenda explores good prompting and the differences between tools in this moment, and takes audience Q&A.Are you wondering where to start with AI?Chances are you and your colleagues are already using it for some things, and wondering how to use it better, or whether you should be using it at all. Your organization may be ambivalent or aghast at AI, have already embraced it, or be unsure where to start. You may have colleagues that are using AI for everything and others who won't touch it.Brenda Foster is a PRSA-NCC Hall of Fame inductee who has specialized in nonprofit communication for decades. In this webinar, she shares tips and best practices on improving your AI prompts for communication success and explores situations where AI can improve the day-to-day job satisfaction for nonprofit staff. You can hear more from Brenda in our podcast discussion of AI tips here.How can your nonprofit get started ?In this webinar learn how to prompt, when and how to use AI tools, and when not to. Learn how to evaluate the output and ensure that your team feels confident and comfortable using AI to make their jobs more interesting and to better support your mission.As with all our webinars, this presentation is appropriate for an audience of varied IT experience.Community IT is proudly vendor-agnostic, and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.Learn how to create an AI Acceptable Use Policy here. The nonprofit sector is deeply concerned with ethics, accountability, the environment, and systemic change. Learn more about ethical AI frameworks here. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Vanguard Communications' Chief of Innovation Brenda Foster shared tips and practical advice on getting started using generative Artificial Intelligence AI tools at your nonprofit in a way that matches your mission and values.Learn how to prompt, when and how to use AI tools, and when not to. Learn how to evaluate the outputs and feel good using AI at your nonprofit.In part 1, Brenda explains the various types of AI and walks through the ethical considerations and trade offs for the environment, community justice, human creativity, privacy and security, and bias. She presents a five question framework for creating your nonprofit AI policy. In part 2, Brenda explores good prompting and the differences between tools in this moment, and takes audience Q&A.Are you wondering where to start with AI?Chances are you and your colleagues are already using it for some things, and wondering how to use it better, or whether you should be using it at all. Your organization may be ambivalent or aghast at AI, have already embraced it, or be unsure where to start. You may have colleagues that are using AI for everything and others who won't touch it.Brenda Foster is a PRSA-NCC Hall of Fame inductee who has specialized in nonprofit communication for decades. In this webinar, she shares tips and best practices on improving your AI prompts for communication success and explores situations where AI can improve the day-to-day job satisfaction for nonprofit staff. You can hear more from Brenda in our podcast discussion of AI tips here.How can your nonprofit get started ?In this webinar learn how to prompt, when and how to use AI tools, and when not to. Learn how to evaluate the output and ensure that your team feels confident and comfortable using AI to make their jobs more interesting and to better support your mission.As with all our webinars, this presentation is appropriate for an audience of varied IT experience.Community IT is proudly vendor-agnostic, and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.Learn how to create an AI Acceptable Use Policy here. The nonprofit sector is deeply concerned with ethics, accountability, the environment, and systemic change. Learn more about ethical AI frameworks here. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Does your nonprofit know what to do when a staff person clicks on a suspicious email and instantly regrets it? David Dawson is a Senior Engineer at Community IT on the escalation team for our help desk. Recently he led the response to a cybersecurity incident at a nonprofit client. In this Community IT podcast, he answers Carolyn's questions about the flow of the response, best practices, and gives tips on how your nonprofit can be prepared to respond to phishing or hacking attempts. Knowing who to call and how to respond to a cybersecurity incident at a nonprofit can be the difference that makes a quick and complete recovery.The takeaways: When staff know what to do and who to call it saves valuable time and leads to more confidence in your response. Cybersecurity Awareness Training – particularly anti-phishing training – is a crucial part of your nonprofit cybersecurity defense. Having a single point of contact handling the communication at the nonprofit was important both to provide helpful information back to the IT provider quickly and to communicate effectively with 100+ staff that the incident was being resolved and what they needed to do. Of course, if your single point of contact is on vacation it can complicate your response. Having an Incident Response Plan with multiple backups will help guide your response.If you haven't reviewed your Incident Response Plan recently, you should! Better yet, gather the stakeholders and hold a tabletop exercise to run through some scenarios and see how your team would handle them. This kind of an exercise doesn't cost anything to run except your stakeholders' time, and can help identify single points of failure or areas where the plan is good but your staff need training on what is in it.Many nonprofits initially handle their IT management internally. As your nonprofit grows, consider when it becomes appropriate to call on a trusted partner like Community IT to help with cybersecurity, help desk, and strategic planning. Are your cybersecurity investments up to date? What does your cyberliability policy cover? Could you resolve and recover from a cybersecurity attack? _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Peter Campbell is the principal consultant at Techcafeteria, a micro-consulting firm dedicated to helping nonprofits make more affordable and effective use of technology to support their missions. He recently published a free download powerpoint on Managing AI Risk and had time to talk with Carolyn about his thoughts on developing AI policies with an eye to risk, where the greatest risks lie for nonprofits using AI, and how often to review your policies as the technology changes rapidly.The takeaways: AI tools are like GPS (which is itself an AI). You are the expert; they are not able to critically analyze their own output even though they can mimic authority. Using AI tools for subjects where you have subject expertise allows you to correct the output. Using AI tools for subjects where you have no knowledge adds risk. Common AI tasks at nonprofits move from low-level risks such as searching your own inbox for an important email to higher-risk activities more prone to consequential errors, such as automation and analysis.Common AI risks include inaccuracy, lack of authenticity, reputational damage, and copyright and privacy violations.AI also has risk factors associated with audience: your personal use probably has pretty low risk that you will be fooled or divulge sensitive information to yourself, but when you use AI to communicate with the public, the risk increases for your nonprofit.How to Manage AI Risks at Nonprofits? Start with an AI Policy. Review it often as the technology and tools are changing rapidly.Use your own judgement. A good rule of thumb is to use AI tools to create things that you are already knowledgeable about, so that you can easily assess the accuracy of the AI output. Transparency matters. Let people know AI was used and how it was used. Use an “Assisted by AI” disclaimer when appropriate.Require a human third party review before sharing AI created materials with the public. State this in your transparency policy/disclaimers. Be honest about the roles of AI and humans in your nonprofit work.Curate data sources, and always know what your AI is using to create materials or analysis. Guard against bias and harm to communities you care about.“I've been helping clients develop Artificial Intelligence (AI) policies lately. AI has lots of innovative uses and every last one of them has some risk associated with it, so I regularly urge my clients to get the policies and training in place before they let staff loose with the tools. Here is a generic version of a powerpoint explaining AI risks and policies for nonprofits. “Peter Campbell, Techcafeteria _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

On September 30th Microsoft will only support a new unified multi-factor authentication control configuration. What does this mean for your nonprofit?In March 2023 Microsoft announced that after September 30th, 2025, they would no longer automatically support “legacy” multi-factor authentication controls in the Microsoft 365 Entra ID and General Admin administration portals. The methods your staff are using now will not automatically roll over to be allowed via the new admin dashboard after that date. Steve Longenecker, Community IT's Director of IT Consulting, explains to Carolyn the implications for nonprofits of this change and the Microsoft unified security administration deadline.The takeaways: The new unified authentication dashboard is available now to Microsoft 365 admins.The new Authentication Methods page does not inherit methods allowed in the legacy controls. An administrator needs to manually enable the MFA methods your organization wants to allow. Old MFA options your staff are using now will not roll over automatically to the new dashboard.Microsoft and Community IT are pushing admins to use this opportunity to to exclude less secure MFA methods. Community IT advises against allowing SMS texting and one-time codes sent to personal email addresses as MFA methods. You can upgrade and implement the new MFA and password reset options at any time, and we advise you to do this before September 30, whether or not Microsoft grants an extension of the deadline.If you just started using Microsoft 365 for Nonprofits, you don't need to worry about the deadline because your initial configuration would already be using the new Authentication Methods page. If you haven't made the change or don't know, you need to check before September 30, 2025.This change is visible only to Microsoft administrators, who should be making the change and informing staff where appropriate. If you are a nonprofit leader or board member and have not heard from your IT Director or outsourced IT, check with them to understand the plan for your organization. If you are a nonprofit staffer, pay attention to directions on using the safest MFA to protect your nonprofit.While not directly impacted by this deadline from Microsoft, Carolyn and Steve discuss the importance of “phish-resistant” MFA, preventing Attacker-in-the-Middle (AitM) attacks, for executives and staff working in finance, IT and other highly targeted areas of your operations. NOTE: The timelines on Microsoft changes do sometimes shift, and we are working to keep you updated. Please check for the most recent blog or podcast from us to ensure you have the most recent update. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Learn how to run this valuable training tool from Community IT Chief Technology Officer and resident cybersecurity guru Matthew Eshleman, who explains how to carry out a cybersecurity tabletop exercise for your nonprofit and why this type of active testing is so valuable to your security planning. In pt 1, Matt and Carolyn go over what a tabletop exercise is and how they fit into your cybersecurity planning for your nonprofit. In pt 2, Matt describes 3 scenarios specific to nonprofits that you can use, and reviews general lessons learned and best practices from his work with clients.Make regular cybersecurity tabletop exercises part of your nonprofit incident response plan.Do you regularly practice your nonprofit's cybersecurity incident response?If you haven't had a cybersecurity incident yet, count yourself lucky. If you have, you probably encountered some questions you wish you had had the answers to before the incident began to unfold.That's where a cybersecurity tabletop exercise for nonprofit has enormous value. A cybersecurity tabletop exercise simulates a cybersecurity incident in a controlled environment so you can practice your response and discover weaknesses before they become damaging. For example, a staff member alerts you that they clicked on a malicious link in an email and now their laptop is “acting funny.” Do you have a phone tree of the people you need to contact? What if someone important is on vacation, who do you contact then? What if everyone's laptops are frozen, can you still access important contacts? What do you do next? Cybersecurity tabletop exercises can be elaborate or simple, run by a consultant or run from within. It is surprising how many nonprofits that regularly review and evaluate their programming never use the same principles to evaluate their basic cybersecurity preparedness.How can your nonprofit get started on this practice?If you've never walked through a cybersecurity tabletop exercise at your nonprofit, you may be intimidated at the prospect or have trouble prioritizing it and carving out time on everyone's calendar. In this webinar, Matt introduces some popular resources, describes common examples of tabletop exercises, and explains how to adapt this skill-building exercise for nonprofits. Matt Eshleman has run through cybersecurity tabletop exercises with many nonprofit clients and guides you through best practices and first steps to get started. Don't wait to introduce this valuable training tool to learn where you can strengthen your practices and better protect your organization in these challenging times.As with all our webinars, this presentation is appropriate for an audience of varied IT experience.Download the free eBook on Cybersecurity at Nonprofits: https://communityit.com/download-cybersecurity-readiness-for-nonprofits-playbook/ _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Learn how to run this valuable training tool from Community IT Chief Technology Officer and resident cybersecurity guru Matthew Eshleman, who explains how to carry out a cybersecurity tabletop exercise for your nonprofit and why this type of active testing is so valuable to your security planning. In pt 1, Matt and Carolyn go over what a tabletop exercise is and how they fit into your cybersecurity planning for your nonprofit. In pt 2, Matt describes 3 scenarios specific to nonprofits that you can use, and reviews general lessons learned and best practices from his work with clients.Make regular cybersecurity tabletop exercises part of your nonprofit incident response plan.Do you regularly practice your nonprofit's cybersecurity incident response?If you haven't had a cybersecurity incident yet, count yourself lucky. If you have, you probably encountered some questions you wish you had had the answers to before the incident began to unfold.That's where a cybersecurity tabletop exercise for nonprofit has enormous value. A cybersecurity tabletop exercise simulates a cybersecurity incident in a controlled environment so you can practice your response and discover weaknesses before they become damaging. For example, a staff member alerts you that they clicked on a malicious link in an email and now their laptop is “acting funny.” Do you have a phone tree of the people you need to contact? What if someone important is on vacation, who do you contact then? What if everyone's laptops are frozen, can you still access important contacts? What do you do next? Cybersecurity tabletop exercises can be elaborate or simple, run by a consultant or run from within. It is surprising how many nonprofits that regularly review and evaluate their programming never use the same principles to evaluate their basic cybersecurity preparedness.How can your nonprofit get started on this practice?If you've never walked through a cybersecurity tabletop exercise at your nonprofit, you may be intimidated at the prospect or have trouble prioritizing it and carving out time on everyone's calendar. In this webinar, Matt introduces some popular resources, describes common examples of tabletop exercises, and explains how to adapt this skill-building exercise for nonprofits. Matt Eshleman has run through cybersecurity tabletop exercises with many nonprofit clients and guides you through best practices and first steps to get started. Don't wait to introduce this valuable training tool to learn where you can strengthen your practices and better protect your organization in these challenging times.As with all our webinars, this presentation is appropriate for an audience of varied IT experience.Download the free eBook on Cybersecurity at Nonprofits: https://communityit.com/download-cybersecurity-readiness-for-nonprofits-playbook/ _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Most nonprofits will be asked about vulnerability scanning when they renew cybersecurity liability insurance or complete an annual audit. Do you know what it means and what you should do to comply? The takeaways: There is no one-size-fits-all vulnerability scanning app for your entire organization. You will need to do vulnerability scanning on various systems and the scanning will be different. As part of your incident response planning you should have an inventory of your general vulnerabilities – website, any custom apps, any customized anything, and then other apps and tools. Check in with your IT team and stakeholders. If you are being asked to check off a box on your cyberliability insurance or part of your annual financial audit, talk with the auditors or your insurance broker to get more clarity.In addition to checking this necessary box, vulnerability scanning is an important layer of protection to have around your organization and your mission. Take it seriously, but realize that as a buzzy term, you may be approached by vendors overselling what you need. A trusted IT partner – whether a board member, IT director, or outsourced IT provider – can help you wade through the options and choose the one that fits your budget, risk profile, and the specifics of your IT set up.Vulnerability scanning is the process of using automated tools to scan for weaknesses in computer systems, apps, networks, and platforms. It is particularly necessary for websites, to avoid falling victim to hacks and ransom extortion. It is a proactive approach to finding these flaws and vulnerabilities before outsiders and hackers can. Doing vulnerability scanning will help your nonprofit learn where risks may hide, and allow you to take proactive steps to mitigate risks and correct errors in configuration. Vulnerability scanning providers will need access to your systems and will provide a comprehensive report on vulnerabilities found, often arranged by most immediate risks or risks most potentially damaging.Many security regulations and standards require periodic vulnerability scanning. Nonprofits are being asked to complete vulnerability scanning as part of renewing cyberliability insurance or complying with enhanced annual audits as part of SAS145 guidelines. Vulnerability scanning helps prioritize remediation efforts by highlighting the most critical vulnerabilities, and should be a continual process renewed periodically to help improve nonprofits' security posture. Many providers will use the label “vulnerability scanning” so it is important to understand what is meant by this term and what the provider will do and report on. There is no one universal vulnerability scanner. Different systems must be scanned with their own automation. If you have questions that aren't answered by this podcast, talk to us! On our site we have free resources on basic cybersecurity and IT governance policies. You can use our downloadable Cybersecurity Playbook or other online resources, or schedule time with our Cybersecurity Expert Matthew Eshleman to ask your questions. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Many nonprofit staff are facing increased stress and multiplying concerns about privacy, security, and vulnerabilities. What should you be tackling first in this new political environment? The takeaways: Most attacks are still financially based: criminals want you to wire money to the wrong account. The good news is that cybersecurity basics that protect you from fraud also protect your organization from politically motivated attacks.Taking action – even modest first steps or reading up on the issues – goes a long way to assuage fears and stress. But when the stress is all around us, it is hard to prioritize the boring, back-office tasks like reviewing your incident response plan or acceptable use policies, or updating your cybersecurity awareness training. Working with an accountability partner can help! To find motivation to carve out the time to gather stakeholders together, remind them that as Jenny says, a trip in an ambulance to the emergency room costs way more than an annual check up. The cost of a breach will likely be a lot more than the time it would take your team to strengthen your security. There are lots of resources available – here on our site we have free resources on basic cybersecurity, anti-doxxing resources, staff training, and governance policies. If you need motivation to start, listen to this podcast and take those first steps.Presenter:Jennifer Huftalen is a 17-year veteran at Community IT and is our Director of Client Services. She speaks daily with clients about their needs and fears and shares her insights in this podcast interview with Carolyn. The good? news is that our fundamental recommendations on foundational cybersecurity still stand, and will protect most nonprofits from most threats, financial or political. More good news? Basic solutions do not have to be expensive, in fact in our experience, most nonprofits worried about cybersecurity need to walk – put fundamentals in place – before they can run – engage vendors in expensive comprehensive testing when an assessment could have already revealed those weaknesses, for less.Bottom line, it feels good to take action, and Community IT has lots of resources on taking your first steps. If you have questions that aren't answered by our downloadable Cybersecurity Playbook or other online resources, schedule time with our Cybersecurity Expert Matthew Eshleman, no strings attached. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

NOTE: The Microsoft policy on the end of their donation program for the free and discounted Microsoft Office 365 Business Premium and E1 licenses for qualified nonprofits is shifting frequently, and we are working to keep you updated. Please check for the most recent blog or podcast from us to ensure you have the most recent update.This podcast provides updates to our episode from June 13th about the changes to Microsoft's donation program for nonprofit licenses. The active date of July 1st has now passed and we are learning more about Microsoft's approach to rolling over or just canceling existing licenses on their anniversary/renewal date.Steve Longenecker, Community IT Director of IT Consulting, explains our updated understanding and advice on how to handle the changes to these licenses on your anniversary/renewal date. We will continue updating our podcasts and blog posts as soon as we learn more information from Microsoft and as we begin to learn best practices from our clients who are renewing and changing these licenses. Check back if you have questions not answered in this podcast, we'd love to hear from you! Some Key Takeaways:Check your licenses through your Microsoft admin portalCheck the renewal dateCheck the license types -look for "donation" or "discounted"If you are currently using Microsoft 365 Business Premium licenses you were getting 10 free licenses. Any licenses over the first 10 that you are using are being billed at a discounted nonprofit annual rate. When your licenses renew after July 1, 2025, NONE of them will be free.Microsoft says that your 10 free licenses will be automatically cancelled on your renewal date.You don't need to do anything to make this happen. However, we recommend actually cancelling your donation licenses about 2 weeks before your renewal date. That will ensure (we hope) that you don't get charged somehow if Microsoft automatically converts those free licenses to discounted licenses. About 2 weeks before your renewal/anniversary date, you should purchase the equivalent number of discounted Business Premium licenses. Your finance team needs to be aware that going forward, your payment method on record will be charged an annual renewal fee for ALL your Microsoft 365 Business Premium licenses. We recommend using the free licenses until about 2 weeks before your renewal date, then purchasing the equivalent number of licenses you need. Why pay for the new licenses early? Save your money until the free licenses are about to expire. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Board.dev Co-Founder and CEO Alethea Hannemann on how to recruit tech leadership to join your nonprofit board, and why you should have tech leaders an/or a tech committee on your board helping your organization to grow and thrive.In part 1, Alethea presents research on the benefits of board members with tech experience and gives two case studies. In part 2, she delves into how to recruit a tech-savvy board member and takes audience questions.Do you have tech expertise on your nonprofit board?Board.dev was founded to help nonprofits recruit and engage tech leaders for your board—so you can fully and responsibly harness the power of technology to maximize your impact. Board.dev also helps educate tech leaders from the for-profit world on the benefits of joining a board, and helps train them to help them be effective quickly in the nonprofit world.Alethea Hannemann is the co-founder and CEO of Board.dev and an architect of the pro-bono service movement, with a career in nonprofits, investing, and advising. She will share Board.dev's insights into the necessity of having board members fluent in tech and nonprofit needs, and how to build tech expertise on your board. Why tech board leadership? Why now?Technology is increasingly a key differentiator for nonprofit performance, from operational efficiency to better service of the community. Yet too few nonprofits have the technology resources they need to achieve their missions.Board service is a high-potential lever for tech capacity-building in social sector organizations. By placing a tech leader on your board, you bring a unique technology perspective to board conversations, add to your general business knowledge, and engage a valuable strategic technology planning partner to the CEO. Making technology risk and opportunity a regular topic at the highest levels of leadership can transform an organization, driving mission success and building greater support for the community.As with all our webinars, this presentation is appropriate for an audience of varied IT experience.Community IT is proudly vendor-agnostic and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Board.dev Co-Founder and CEO Alethea Hannemann on how to recruit tech leadership to join your nonprofit board, and why you should have tech leaders an/or a tech committee on your board helping your organization to grow and thrive.In part 1, Alethea presents research on the benefits of board members with tech experience and gives two case studies. In part 2, she delves into how to recruit a tech-savvy board member and takes audience questions.Do you have tech expertise on your nonprofit board?Board.dev was founded to help nonprofits recruit and engage tech leaders for your board—so you can fully and responsibly harness the power of technology to maximize your impact. Board.dev also helps educate tech leaders from the for-profit world on the benefits of joining a board, and helps train them to help them be effective quickly in the nonprofit world.Alethea Hannemann is the co-founder and CEO of Board.dev and an architect of the pro-bono service movement, with a career in nonprofits, investing, and advising. She will share Board.dev's insights into the necessity of having board members fluent in tech and nonprofit needs, and how to build tech expertise on your board. Why tech board leadership? Why now?Technology is increasingly a key differentiator for nonprofit performance, from operational efficiency to better service of the community. Yet too few nonprofits have the technology resources they need to achieve their missions.Board service is a high-potential lever for tech capacity-building in social sector organizations. By placing a tech leader on your board, you bring a unique technology perspective to board conversations, add to your general business knowledge, and engage a valuable strategic technology planning partner to the CEO. Making technology risk and opportunity a regular topic at the highest levels of leadership can transform an organization, driving mission success and building greater support for the community.As with all our webinars, this presentation is appropriate for an audience of varied IT experience.Community IT is proudly vendor-agnostic and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

When do your licenses renew? What kind of free or discounted licenses do you have? What are your options? Microsoft announced in the spring of 2025 that after July 1st two classes of nonprofit discounted licenses would be changing. Steve Longenecker, Community IT's Director of IT Consulting, explains how the license discount and donation program is changing at Microsoft, and how to form a plan of action before your renewal date in this podcast with Carolyn Woodard.Steve reviews the history of the Microsoft donation and discount programs for nonprofits and how they have changed over the years. Microsoft's office suite is of course one of the industry standards and very reliable, reputable, and very affordable for nonprofits who qualify for discounts and donated licenses. Steve then reviews the two types of licenses that are affected, and our advice for each.Some Key Takeaways:Check your licenses through your Microsoft admin portalCheck the renewal dateCheck the license typesIf you are currently using Microsoft 365 Business Premium licenses you were getting 10 free licenses. Any licenses over the first 10 that you are using are being billed at a discounted nonprofit annual rate. When your licenses renew after July 1, 2025, NONE of them will be free.Microsoft says that your 10 free licenses will be automatically rolled over into discounted nonprofit licenses on your renewal date.You don't need to do anything to make this happen, and your staff using the licenses will not see any interruption in their services.Your finance team needs to be aware that on your renewal date, your payment method on record will be charged an annual renewal fee for ALL your Microsoft 365 Business Premium licenses. Make sure your payment method is up to date in your account before your renewal to avoid problems with the rollover.If you are currently using free nonprofit Office 365 E1 licenses for some staff, those also will roll over to discounted licenses on your renewal date after July 1, 2025.Because Microsoft 365 Business Basic licenses are very similar to Office 365 E1 licenses, and are free for qualified nonprofits for up to 300 licenses, we recommend procuring Microsoft 365 Business Basic licenses and unsubscribing from Office 365 E1 before your renewal date. Changing licenses can be done at any time before your renewal date, so you can go ahead and do it now rather than risk rolling over to paying for E1 licenses.Steve walks through the steps he likes to take to change these licenses over for our clients. It is not difficult but not automatic.For further clarity or support, contact your IT provider, IT staff, or Microsoft account manager. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Are you worried?In part 1, Nura and Carolyn covered introductions, policies, and resources on three main categories you may be worried about - cyber, data, and staff safety. In part 2, they go over budgeting for IT when your budget may be up in the air, what to move into the "nice to have" and what needs to stay in the "must have" column, resources on how to stay mentally healthy under stress, and how to make a plan to move you and your nonprofit forward with confidence in your priorities. Where does your IT fit into this new world? Is your IT strategy flexible, and have you revisited your IT planning, performance, and policies? As you examine your finances, what IT is essential and where can you afford to pare back without hurting your productivity and morale? Do you have some smart savings opportunities lurking in your IT budget that could help your organization in this moment? Is your cybersecurity up to date and do your staff know how to protect your organization and data? Perhaps most importantly, how are your staff coping with all this stress?What are the top steps to take NOW to adapt your IT quickly to the new nonprofit sector reality?Join Senior Consultant Nuradeen Aboki who answers your questions about priorities, strategy, and next steps. Nura has been in nonprofit IT for decades and has enormous experience helping our clients' executives strategize priorities and cut through the noise to the essentials. This is a perfect opportunity to get guidance and reassurance.The current situation for the nonprofit sector is highly changeable and changing fast. Every day there's a new worry turning up around your mission, your funding, and your future. What you are doing matters. Don't burnout with worry but don't leave your organization vulnerable either. Learn what Nura recommends and leave with a plan for your next few months and the resources to help you sort out your nonprofit IT essentials for these challenging times.As with all our webinars, this presentation is appropriate for an audience of varied IT experience. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Are you worried?The current situation for the nonprofit sector is highly changeable and changing fast. Every day there's a new worry turning up around your mission, your funding, and your future. Where does your IT fit into this new world? Is your IT strategy flexible, and have you revisited your IT planning, performance, and policies? As you examine your finances, what IT is essential and where can you afford to pare back without hurting your productivity and morale? Do you have some smart savings opportunities lurking in your IT budget that could help your organization in this moment? Is your cybersecurity up to date and do your staff know how to protect your organization and data? Perhaps most importantly, how are your staff coping with all this stress?What are the top steps to take NOW to adapt your IT quickly to the new nonprofit sector reality?Join Senior Consultant Nuradeen Aboki who answers your questions about priorities, strategy, and next steps. Nura has been in nonprofit IT for decades and has enormous experience helping our clients' executives strategize priorities and cut through the noise to the essentials. This is a perfect opportunity to get guidance and reassurance.In part 1, Nura and Carolyn cover introductions, policies, and resources on three main categories you may be worried about - cyber, data, and staff safety. In part 2, they go over budgeting for IT when your budget may be up in the air, what to move into the "nice to have" and what needs to stay in the "must have" column, resources on how to stay mentally healthy under stress, and how to make a plan to move you and your nonprofit forward with confidence in your priorities. What you are doing matters. Don't burnout with worry but don't leave your organization vulnerable either. Learn what Nura recommends and leave with a plan for your next few months and the resources to help you sort out your nonprofit IT essentials for these challenging times.As with all our webinars, this presentation is appropriate for an audience of varied IT experience. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

A week in the life of the On Site Support Team - what do they do?We're inordinately proud of our On Site Support Team (OSST), who work with clients who need IT help in person, particularly at the nonprofit schools we serve in the DC area.So many of us work remotely - but many nonprofits do work that can't be remote, and many of them need IT support at the office or workplace. For those clients, Community IT is proud to employ a team of customer service professionals that travel on site to keep IT running smoothly and answer questions in person.In fact, all our On Site Support Team members have achieved HDI Customer Service Certifications. Listen to this presentation, meet our team, and learn about a typical week filled with teamwork, expertise, partnerships with our clients, and love of helping people that goes into providing excellent IT support service. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

New auditing requirements SAS145 require nonprofit auditors to consider IT risks in addition to financial risks and mitigation. Learn from Darren Hulem, cybersecurity guru and senior manager in risk advisory at GRF CPAs and Advisors on the new requirements and how they may impact cybersecurity at your nonprofit.Darren also explores and describes other cybersecurity threats that are targeting nonprofits, and best practices to defend against them. Darren is a certified ethical hacker and certified information systems auditor.SAS145 is a statement on accounting standards that provides guidelines on a more holistic view of your risks and defenses that includes IT risks. This is a welcome move since for a decade at least IT risks have been growing in impact on financial crimes targeting nonprofits such as phishing email initiated wire fraud, account compromise, spoofing, and other financial compromises and crimes.Darren provides an overview of the types of risks he sees at nonprofits and some simple steps organizations can take to vastly decrease those risks.  _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Media expert and self-taught "AI Evangelist" Brenda Foster spoke to Carolyn about ways to help nonprofit staff explore and begin using AI tools to work smarter, calling AI your new assistant. In addition to serving as Vanguard Communications' Chief of Innovation, she is a communications researcher and strategic planner who has shaped direction and messaging for numerous successful national nonprofit and government campaigns. A former broadcast journalist, Brenda is a sought-after producer and speech, script and media writer for clients and spokespeople that include celebrities, CEOs, farmers, caregivers, advocates and youth.Have you been dabbling in AI but don't really know what to try next? Are you worried about the impact of AI tools on your nonprofit but don't really know what questions to ask? Concerned about security? Have you set up your AI Acceptable Use policy yet? Brenda walks through these considerations and more, while firmly coming down on the side of enabling your staff - no matter your general tech-savviness - to learn to use the AI tools you want and feel comfortable with, to achieve your mission and decrease the "busy work." Listen for Brenda's "Five Questions to Ask" mid-episode, which distill her experience adopting AI tools at Vanguard and with their clients into questions to use to inform your philosophy, policies, training, and expectations around AI.  _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

2025 Nonprofit Cybersecurity Incident Report: Keeping Your Nonprofit SecureCommunity IT CTO and cybersecurity expert Matt Eshleman delivered our annual report on trend lines and took questions live and online in this popular annual webinar. In part 1, Matt discusses the landscape and background of cybersecurity attacks nonprofits face now, goes over the lingo and acronyms, and introduces new trends in attacks and protections. In part 2, Matt discusses the data from 2024 and takes questions.Is your nonprofit prepared?Drawn from anonymized data from the calendar year 2024 of cybersecurity incidents across end users in hundreds of our small and mid-sized nonprofit clients, this report shows changes in attacks and emerging threats.Using this real and timely data, Matt walks through recommendations and outlines the practical steps your organization can take to prevent the most frequent attacks. He covers new threats and training best practices for your nonprofit staff around evolving cybersecurity issues, including a spike in online and in-person harassment, wire fraud, AI-enabled scams, smishing and vishing, adversary-in-the-middle MFA attacks, and other new and disturbing trends.You may also be interested in downloading the free Cybersecurity Readiness for Nonprofits Playbook to review a framework for focusing on your cybersecurity fundamentals, or using any of our free cybersecurity webinars and podcasts to learn more about specific protections you can take.As with all our webinars, this presentation is appropriate for an audience of varied IT experience.Community IT is proudly vendor-agnostic and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.