Tag: Operations

As we shared back in March, a group of NTEN staff meet regularly as a diversity, equity, and inclusion taskforce. The work of this taskforce is to identify opportunities to make changes and implement them, big or small, to get us ever closer to living our values and DEI commitment. It is important to us that we are accountable to you all—our community—in this work. And to support that accountability, we want to provide some transparency into both the process of this work and the outputs.

The taskforce has been busy! We meet twice a month and have adjusted our meetings to have one long (60 minutes) meeting for new topics and discussion and one short (30 minutes) meeting for updates and final decisions. This has already proven to be a valuable change for our working styles and gives us time to dig deep into topics, identify work to be done outside of the meeting, and be accountable by reconvening to review and approve the work and next steps.

We’ve had some valuable conversations both as a taskforce and as a full team that haven’t resulted in tangible outputs yet but will continue to shape and inform our thinking and decisions to come.

These include conversations about feedback from community members illustrating the relative ease we have had at publicly championing conversations and actions around gender—and the challenges we’ve had in identifying or leading in similar ways around race. We aren’t, for example, going to put ribbons out at our conference and ask people to identify their race the way we do with pronoun ribbons. But we are committed to finding more ways to elevate racial equity.

Here’s a recap of some of the specific decisions and actions that have come from this work:

  • For a few years now, we have included pronoun ribbons for attendees at our annual conference, provided all gender restrooms, and so on. But we had not taken the important step to make some of those actions visible as staff year round. We now have a pronoun page on the website with information and links to resources. Staff are encouraged to include pronouns (and a link to that page) in their email and online community signatures..
  • Our DEI Commitment and associated policies guided us in identifying more opportunities to make our NTC session proposal, submission, and voting process more inclusive. It also informed the process we used for recruiting and selecting this year’s Session Advisory Committee. We received 785 total session submissions this year, over 200 more submissions than last year!
  • To be more transparent about the benefits we provide to staff, support potential job applicants in knowing whether working here would meet their needs and goals, and model our belief that all organizations should make their benefits public, we created a Working at NTEN page on our website.
  • We updated our Code of Conduct based on the DEI Commitment, to be consistent across these documents about the ways we reference diversity and make clear our community engagement expectations.
  • All of our Nonprofit Tech Club and online group organizer charters now include the DEI Commitment and the relevant policies.
  • Staff are better positioned to communicate our policy about participating in panels or events only if they are diverse—which has been a practice for longer than our stated policy—by now having the policy publicly listed on our website.
  • The NTEN Job Board now provides information about why including a salary range is important. This is a first-step measure to start educating job posters about this topic, recognizing that many of people posting the jobs are not necessarily the ones to make the decision about including that information. Our hope is that we can equip them with the right information to change their own internal practice around including salaries in job postings, and that we eventually change our job submission form to require a salary be listed.
  • In the past, we provided 10 paid holidays each year (in addition to paid time off) but the dates of those holidays were decided to match the federal calendar. Telling staff that they need to take December 25 off, whether that day has any significance to them or not, and that other days in December were not an equivalent holiday, was not aligned with our values nor our Commitment. Staff now have 10 holidays they can take each year (still in addition to PTO) but they are entirely flexible and can be used on any day of the year.

Some of the topics coming up in the next month or two for the taskforce include:

  • Continue working to normalize the use of pronouns in public ways like on the staff page, board page, in the online community, and in presentations.
  • We gathered great feedback from staff at our summer all-staff planning meetings about the policies included in the DEI commitment now that they had been in use for a few months. We will use that feedback to make edits and additions.
  • Outside of the taskforce, we are forming an Accessibility Committee for the NTC. Applications will be accepted until September, 28. The taskforce will support the committee and looks forward to learning from them, too.

Community members are welcome and invited to bring questions, concerns, feedback, or ideas to us anytime, and are invited to attend a meeting whether you want to add something to the agenda or not. You can contact us by phone (503-272-8800) or email (community@nten.org) at any time, or you can submit anonymous feedback by using this online form.

For the last ten years, NTEN’s research has helped identify the practices in technology staffing and management that indicate an organization’s adoption level and potential for effectiveness.

Created by NTEN in partnership with The Forbes Funds, Tech Accelerate puts a decade of data and evaluation into a simple-to-use assessment, report, and benchmarking tool for the nonprofit sector. This free tool includes:

  • a comprehensive assessment about technology use and policies across four major categories of leadership, organization, infrastructure, and fundraising and communications
  • a full report that includes both overall and category rankings, prioritized areas of investment, and resources for next steps
  • benchmarking tools to explore your data in comparison to organizations like yours

Tech Accelerate is built with nonprofit staff in mind, whether you want to assess your current practices, identify areas for needed investment, or benchmark your adoption against other similar organizations. To start your first Tech Accelerate assessment, you will need to have an organization connected to your NTEN profile. You can invite other staff to help you complete the assessment online. When you are finished, submit your assessment to access your full report, including ratings, information about how to improve, and resources to guide your next steps.

Many nonprofit organizations today have a “Lifecycle Replacement Plan” for their physical assets. The process of “lifecycling” outdated computer technology in nonprofit organizations often looks something like this:

  1. Determine that the equipment is more than three years old.
  2. Get approval from the Board of Directors to dispose of the property.
  3. Donate said property to another “lucky” nonprofit.

But this process may not be the best solution for your organization. By making better technology decisions at the time of purchase, you can significantly increase the longevity, usefulness, and overall value of your technology investments.

How to get the best price and value

Think about the most recent purchases of significant value that you personally made. Did you shop around for the best price for the new car you bought? How many test drives did you make before you decided on the perfect vehicle for your family?

The same scrutiny should be applied when purchasing technology equipment. A sound practice involves comparing the best price and package from at least three or more reputable vendors.

Saving money does not mean shopping at big box stores with “extra low prices” for technology, either! Big box stores often receive bulk stock of computer equipment that is cheaper in quality and designed to sell for less. But you get what you pay for: Your computer equipment will become obsolete more quickly and will most assuredly have issues that require repairs just after the store warranty has expired.

It’s a best practice to shop directly from the manufacturer when investing in technology equipment so you can get the most up-to-date model, with a solid warranty plan. Outside of future software compatibility issues, your equipment could last 5, 7, or even 10 years!

When not to buy technology

Many nonprofits have a July to June fiscal period. Technology vendors are keenly aware of these fiscal cycles and often increase prices on their items during this time. Schedule your technology purchases during low-volume periods, such as January through March, to get the very best deals.

When you are ready to make your purchase, don’t be afraid to contact your vendor to ask for additional discounts or benefits that they may offer to the public sector!

When you must cycle out your technology

Once it’s time to cycle out your outdated technology, consider using a process that I like to call “leapfrogging.” You segment your equipment into one of three categories and then take the appropriate action:

  1. Oldest or worst-functioning: Purchase new equipment to replace the oldest or worst-functioning equipment.
  2. Functioning: Flag the “functioning” equipment for a future (next fiscal year) purchase. Upgrade this equipment with new components, such as more memory, as needed.
  3. Newest or best-functioning: Continue to utilize the “best” functioning equipment on your network. These systems will eventually fall to a lower category and be replaced in the future.

When you get rid of old equipment, make sure to recycle it appropriately or consider donating it to a refurbisher.

Here are a few of my favorite vendors for purchasing nonprofit technology:

With thoughtful preparation and a little research, you will see great savings in your future technology purchases.

A version of this post originally appeared on bethkanter.org and is reprinted here with permission.

In many of the workshops I’ve been facilitating based on the Happy Healthy Nonprofit: Strategies for Impact without Burnout, nonprofits are recognizing that offering some workplace flexibility to employees is not only an attractive benefit, but also can increase productivity and help prevent burnout. Many nonprofits allow staff to work remotely one day a week. Workplace flexibility creates a need for better skills in facilitating virtual meetings and hybrid meetings where some participants are in the room and others participate are using audio-only or video conferencing platform.

However, there are many challenges to running effective virtual or hybrid meetings. Virtual meetings which are not well implemented can mean a loss of productivity or create collaborative overload. Aside from technical issues, the biggest problem is engagement. As Hasan Osman points out in his Pyramid of Communication,  as you move to virtual modes of collaboration and communication, group cohesion and intimacy decreases. This makes it hard for people to fully engage with each other.

Here are some best practices for virtual meetings to get past the pain.

1. Co-create your team’s rules of engagement or virtual meeting norms

Rules of meeting engagement or “meeting norms” are stated standards that refer to processes, preparation, and communication practices which can apply to any meeting. Virtual meetings may have some specific norms, such as:

  • We will use the technology that most accessible to everyone on our team.
  • Test your technology before the meeting and resolve any technical issues.
  • Use a phone line with audio clarity and stability.
  • Do not multi-task (do other work) during the meeting.
  • Follow an organized line-up to ensure each person has a chance to respond.
  • Find a quiet space to participate.
  • Use the mute button at your site to prevent transmitting background noise.
  • Speak up to get attention if you have something to say.
  • Turn on your video whenever possible and be camera-ready.

Meeting norms should be shared with your agenda at the top of your meeting, used to reinforce different behaviors, help you improve your virtual meeting process, and should be a short list of no more than six. Meeting norms should be co-created and discussed with your team because for them to work, everyone has to own them.

A thirty-minute facilitated process can be used to discuss and create a draft for your meeting norms. Alternately, you can use a process called Gifts and Hooks where participants share what gifts they can bring to create an engaging meeting and what they need to be engaged.

2. Remember that virtual meeting design is more than agenda planning

While agenda planning covers what topics will be discussed for how long and by whom, virtual meeting design requires more designing. You need to think through purpose, roles, meeting norms, materials, facilitator agenda (specially if you are using online tools to do activities like brainstorming), technical, scheduling, and communication.

If you want to get better engagement, identify different people to assume different roles on a rotating basis. Roles may include:

  • Facilitator: Designs and facilitates meeting
  • Note taker:  Takes action notes/takeaways and emails them to everyone right after meeting
  • Technical support: Helps with technical troubleshooting
  • Bridge moderator: Someone who can assist remote participants in a face-to-face meeting or those unable to use a video conference platform or facilitates in the chat
  • Time keeper: Keeps time

Some teams appoint a “Yoda” to add some levity and increase human connection. A Yoda is the person who mentions the elephant in the room or calls it out when meeting norms are not being followed.

For more on designing your virtual meeting, read this helpful resource from Nancy White and colleagues.

3. Avoid technical and time-zone scheduling snafus

It isn’t a matter of whether or not technical problems will happen—expect them to happen and have a Plan B or a way to avoid falling into the pit of technical despair  where the meeting gets derailed because of one person’s technical issue or you experimenting with a new tool and it doesn’t work as planned. First, make sure everyone troubleshoots their technical issues before the meeting, if possible. Many platforms have a technical testing page and good tech support; include those links ahead of your meeting. And, if not, here’s a great infographic of common virtual meeting technical issues and fixes.

My secret is to write out a step-by-step facilitator agenda if using a new technical tool and rehearse it. And, always have a plan B. For examples, if your platform drops callers, be a little flexible with the agenda. If someone is supposed to share their screen and is having a technical problem, make sure people have copies of the document. As the facilitator, you should also have a copy so you can share your own screen if needed.

Many virtual meetings require working across time zones; my best tips and tools are in this recent post.

4. Always do a virtual icebreaker or check-in

A great meeting or training starts with a great icebreaker. Icebreakers are discussion questions or activities used to help participants relax and ease people into a group meeting or learning situation. It is important to build in time for an icebreaker because it can create a positive group atmosphere, break down social barriers, motivate, help people think about the topic, and get people to know and trust one another. Almost any icebreaker you do in a face-to-face meeting can also be done virtually.

But you can also have some fun with virtual icebreakers that build trust and engagement. For example, you can share photos of your workspace or your location.

5. Create a line for participants to follow

Establish a method to call in participants. This might include alphabetical order by first or last name, or if you are using a video conference platform, by order on the screen. If you are using an audio-only conference call platform, you can use the clock technique where you assign people numbers on the clock at the top of the meeting, then use that for introductions and later in the meeting to call on people as part of the discussion. Here are some more tips for making audio-only conference calls more effective.

Pro Tip: If you are using a video conference platform, watch for eye movement (means person is reading something), arms moving or typing sounds (they’re typing), or bored expressions. Don’t call out the person specifically, but remind people that one of your meeting norms is full attention.  Here are some more techniques to ensure your virtual meeting participants are listening.

6. Use techniques for virtual brainstorming, voting, feedback, and energizers

In face-to-face meetings, one way we get engagement is doing activities like brainstorming and sticky voting. Both of these activities can be done online using different tools. For brainstorming and sticky dot voting, there are many free, simple to use, and low cost tools you can use. My two favorite sticky note applications are BoardThing and  Linoit.The tool is the least of the requirements for an effective virtual brainstorm, you need to understand how to design and facilitate an effective process. If you are using a video conference platform, you can do a thumbs up or down vote.

During face-to-face meetings, you can easily tell when participants are getting tired or the energy drops.  With virtual meetings, even with video conferencing, it is more difficult. You can ask people about their energy level and then ask them to do a simple stretch movement to help replenish energy. There are also some fun virtual energizers and games that make it fun.

7. Evaluate and continuously improve virtual meetings

Your nonprofit’s virtual meetings will get better over time if you allocate 5 or 10 minutes at the end of the meeting to evaluate how it went and what you need to improve. You can use the same methods you would use to evaluate any meeting or training. Here’s an example of using virtual sticky notes to evaluate meetings using two different methods, “Sad, Mad, Glad” and “Plus/Delta.”

8. Make sure virtual participants aren’t left out in hybrid meetings

When you have both remote participants and people in the room, use a bridge moderator (someone in the physical meeting) who ensures that there is a linkage between all participants. The bridge moderator reminds people in the face-to-face meeting that virtual participants are part of the meeting. They check to make sure that virtual participants can hear, see, and speak. If you’re using video conferencing, project remote participants on the screen or give them a seat at the meeting table.

9. Send meeting notes that people actually read

I’m sure you are not surprised: no one reads meeting minutes. Nonprofit professionals are so under-resourced and busy that they don’t often have time to go through meeting minute documents and reading them to figure out what they missed. Most people rely on what was mentioned verbally in a meeting, which can lead to miscommunication. A brief, concise follow-up email that summarizes who is working on what is a lot more more effective than meeting minutes. Here’s a good guide for meeting note taking.

Additional tools and techniques

If you are like me, you are always looking for more tools and techniques to increase engagement during virtual meetings, webinars, and workshops. Check out “The Ultimate List of Virtual Meeting Tools” or “The Ultimate List of Online Collaboration Tools” for more tools. If you want to evaluate meeting platforms, check out this list from Gartner or this curated list from Collaboration Super Powers. If you are looking for different facilitation techniques to adapt to virtual meeting spaces, check out “8 Fabulous Meeting Facilitation Playbooks.”

You wear many hats when you work for a nonprofit. I’m sure this is not breaking news for you. As an IT professional, the one hat that I wear every day is my “communications” hat.

The following tips are bite-sized truffles of hard-earned wisdom intended to help the IT professional communicate with staff members more clearly about technology projects.

1. Be an active listener

Have you ever been thinking of what you are going to say while you are looking directly at the person who is talking and giving you information you asked for? We have all done this. Seriously, active listening is a difficult skill that requires full concentration and practice.

The best definition of active listening I have found is, “the act of mindfully hearing and attempting to comprehend the meaning of words spoken by another in a conversation or speech.” This means that you look at the person who is speaking in the eyes (not in a creepy way) and focus your mind on the words they are speaking.

Active listening works best when you, the listener, review and restate what was said: a recap. Something like, “Okay, let me see if I understand correctly. So you need a membership report of all Californian constituents over the age of 45 by next Wednesday? Is that correct?” Active listening saves time, reduces stress, increases your colleagues’ confidence in you, and decreases the margin of error. It also takes a lot of practice, so start today!

2. Use plain English

Yes, plain English (sometimes called plain language) is a thing. The goal of plain English is to communicate in a simple way using common language so your message is easily understood. Simply put: use easy-to-understand language and cut the technical terms if you can.

Remember, the goal is not to display your vast knowledge of technology and look smart. We have all had an experience when a tech person totally spoke over our heads using tech jargon. That is exactly what we want to avoid. It is our job, as the communicator and tech professional, to make sure the recipient understands your message. Much like being an active listener, end your conversation with a recap to make sure that all topics have been covered and understood, and expectations have been set.

3. Set expectations right away

Misunderstandings happen but they can be minimized. It is always uncomfortable when you are working on rolling out a project on Monday that everyone expected last Tuesday. It’s stressful just thinking about that scenario.

One way to minimize misunderstanding is to set clear expectations right away. Expectations are not just what they should expect from you, but also what you expect from them. For tasks and smaller projects, a quick but thorough recap should do the job. I created a web form to keep track of my requests (see tip #4 below) and I have my colleagues fill it out every time they have a request – even if we had a meeting. For large projects, I suggest you draft a project charter and have all stakeholders sign off approving the project. For more on project charters, do an internet search for “project charter template.”

4. Set up a system and stick to it

We all like to be the hero and fix the problem right away. Whether you are a project manager, solo IT person, or an IT Director, your time is limited and you must prioritize in order to make deadlines.

The way I keep track of my requests is by using a web form. All my colleagues must complete this form and they must spell out what they want and how urgent the request is. I established an internal policy that all requests must be approved by a supervisor prior to submitting the web form request. This gives the staff member time to thoroughly review their requests resulting in a more complete form and fewer questions. This process may seem kind of corporate but it works for me.

5. Make no assumptions

Early in my previous career in sales, a mentor said to me, “If you were giving travel directions on the best way to get to your office, what would be your first question? Where are they coming from? You would give different directions to someone who is traveling from Portland than the person who is driving from San Francisco.”

The same goes for providing technology solutions. You must find out where your people are coming from before you start to provide instructions.

You also may want to confirm if they know where they are going! Knowing the end goal is always very important. Many of us miss this step; we assume that the person we are communicating with is tech savvy. Take the time to find out and make no assumptions.

6. Use standard operating procedures

We all use standard operating procedures (SOPs), right? If you do not, you need to get on it! SOPs are comprehensive instructions that are so clear, you could hand the instructions to a first-day employee and they would be able to perform the given task.

SOPs take a while to write but once done, they will save you hours of time. Make sure to include lots of pictures, arrows, comments, and tips and make sure to update them when processes change. I recommend using Snagit Screen Capture by TechSmith to snip and insert notes of anything on your screen. There are many free tools out there, including the free Microsoft Snipping Tool. I encourage readers do a little research to find the best tool for their needs.

7. Use your tech tools

Do you want to look like a technology rock star? Than you have to stay on top of your respective field by staying up to date with blogs, newsletters, old school print magazines and most definitely the NTEN community. Two tools that I use daily are Google Search Operators and Google Advanced Search. This will narrow down and speed up your search times tremendously.

 

The ability to communicate clearly and effectively will never go out of style. These seven tips have helped me and I hope they help you also.

I’ve noticed a common characteristic among the tech professionals in my life: they’re an inquisitive bunch. Take my husband, for example—a software engineer. I pose a challenge (tech or not) that I’m struggling with, and in the matter of a nanosecond I’m bombarded, in the most thoughtful way possible, with 50 questions. Five minutes later he’s uncovered the root cause of my challenge, given me three possible solutions with supporting evidence, and suggested a couple of tools I can use to tackle said challenge. To him, it’s no big deal. (“I just know what to Google for,” he says.) To me, it feels like a form of magic.

When the Taproot Foundation embarked on the development of a framework that could help nonprofits successfully complete tech projects by working with volunteer experts, we knew we had to capitalize on this inquisitiveness, this Jedi-level problem-solving ability. And so we racked the brains of the staff at VMware (thanks to their collaboration), and together fleshed out what we call the Discovery Assessment, our very own nonprofit-focused, problem-solving tool.

What’s the Discovery Assessment?

The Discovery Assessment is a tool that can help organizations prioritize their needs, uncover risks and constraints, and analyze the impact of a project on their current systems—all before diving into that project.

While this approach isn’t new to tech professionals, it’s a critical step that’s often skipped when nonprofits take on tech-related projects alone. This isn’t a dig on us nonprofit folks; we’re simply not experts in that field. We don’t know what we don’t know. We want a shiny new website (or a new email marketing platform, or a new CRM system…) like yesterday, but we don’t always fully understand what that means or have the words to explain what we’re really trying to solve for. That’s where being inquisitive comes into play.

The Discovery Assessment is made up of three steps:

  • Run: This step deals with your day-to-day. What tools do you currently use to get stuff done? What do you need immediately in order to keep your programs and services running? What’s just flat out not working? And is there a staff person who can address those issues?
  • Scale: This step addresses what you want to be doing more of and how your existing processes or systems can be expanded to make that happen. What annoyances do you have with your current system that could benefit from being changed? Are there tasks you do over and over again that take up enormous chunks of time? Are you behind on reaching goals because you’re lacking resources?
  • Transform: This step looks at what you can do to fundamentally change how you operate. What would you do with unlimited time and resources? How can you better engage with your stakeholders? What does success look like in a month or in five years? Look at organizations you admire and pinpoint what they’re doing that you’re not.

The Discovery Assessment is rad because it can be used for small and large projects, by tech and non-tech professionals alike, with or without the help of volunteer experts. And it can help just about anyone tackle any challenge.

What does the Discovery Assessment look like in action?

Let’s look at a small arts organization. They’ve had their existing website for years, and they feel it’s time for a new one. Unfortunately they lack both staff capacity and expertise (not to mention $$) to address this challenge. Before jumping into the development of a new site with a volunteer or contracted design firm, they can use the Discovery Assessment to figure out how best to approach their challenge.

  • Run: The organization currently uses an outdated content management system. In order to address their immediate needs to keep things up and running, the organization finds a skilled volunteer who is familiar with the CMS to make critical content changes, overseen by a communications staff person.
  • Scale: Being able to refer their audience to the website for event information is a top priority for the organization, but the current site is hard to navigate and rarely updated (that gosh darn CMS). To help them scale given their current constraints, that same skilled volunteer adjusts the navigation menu as needed and coaches the communications staff person on how to update the website and improve SEO.
  • Transform: The organization finds other nonprofits they admire and notes what they do really well. They list all the ways a new website can help them better engage with their stakeholders and identifies what success looks like.

Depending on the outcome of their work, this arts organization may determine that with a few tweaks and the help of a skilled volunteer, their existing site will be sufficient for now. Or maybe they just burn the whole thing down. Either way, they’ve done their due diligence, asked themselves 50 questions, looked at all the possible solutions, and found the tools they can use to tackle. They’ve done some Jedi-level problem-solving on themselves.

So what’s next?

Nonprofits don’t need to stop at the Discovery Assessment! Taproot, with the help of the VMware Foundation, created a Solution Development Framework to not only discover but also design, implement, and maintain solutions to nonprofit tech challenges with the help of pro bono experts. This framework also includes resources to help organizations secure pro bono tech consultants and job descriptions to ensure that they find the perfect fit for their organization. Check out the free resource here, and happy discovery!

Back in 2012, we implemented an organization-wide password manager here at NTEN, finally replacing our comically insecure “Shared Passwords” document, and the all-too-common practice of reusing the same password across a variety of different sites.

The idea of using a password manager had been on our radar for several months, but we had any number of excuses for why “now” wasn’t the right time:

  • We’ve never had issues with our “Shared Password” document to this point.
  • No hacker wants access to our accounts as a small nonprofit, so “admin” is a fine password to keep using everywhere.
  • There are a lot of reports saying password managers themselves can be insecure.
  • We already have too many systems, so I don’t want to force staff to learn yet another one.
  • We’re too busy right now, so maybe we can implement this next year.

While some of these ideas may have contained grains of truth (e.g. password managers aren’t a perfect defense), they all quickly fell flat once we’d experienced the time-saving and security benefits of using a password manager.

Five years later, it’s not exaggerating to say this change may be the most significant stress-reducing and time-saving policy I’ve ever put in place at NTEN since I started working here more than 10 years ago.

Step 1: Make the decision

If you’re not part of the leadership team, you’ll need to convince someone who is to help you champion this project. Figure out who that person will be, and make sure they’re on board.

Step 2: Pick the right password manager

Security experts can’t agree on which password manager is the “best,” so as a non-security expert I’m in no position to help you with that decision. That said, as long as you pick a tool that’s well established, well reviewed, and has a history of being transparent and quickly fixing any security holes, you can’t really make a bad choice.

The other thing that will help is figuring out any must-have features that may be unique to certain tools. Your budget may be another factor depending on your needs. Many of the most popular tools do offer free versions, but proper implementation for your nonprofit may require a paid Pro or Enterprise license.

Here are a few features I wouldn’t have known to look for initially, but have proved quite valuable over the years:

  • Ability for the administrator to:
    • set specific security policies to meet your org’s needs (e.g. password length, multi-factor authentication, remember me settings)
    • take over a user’s account and remove access to shared passwords when an employee leaves
    • reset a user’s master password if needed
  • Shared folders or security groups to easily manage who can access specific shared accounts
  • Ability for staff to link a personal account to the organization’s account to improve workflow, but without mixing personal data with the organization’s data (since once staff see the benefits at work, they’ll likely want to start managing their personal accounts the same way).

Step 3: Create an implementation plan

Once you’ve decided on a tool, the next step is to create a plan for launching this tool across your organization. This is where having the champion you found in Step 1 will be helpful.

You’ll need a detailed implementation plan that documents the on-boarding process for users, organization-specific policies for how to use the tool, a migration plan to bring all your existing accounts into the tool, and finally, a plan to purge all your old, insecure passwords and replace them with secure, unique passwords.

Testing out the tool yourself is a great help in creating this plan. While you should make it as detailed and complete as possible, keep in mind that it’s a first draft and will almost certainly require substantial revisions after the next step.

Step 4: Do a trial implementation with a small team

There’s no quicker way to sour your co-workers on a new system than a poorly delivered implementation. If a new tool adds to their stress or workload, as soon as you turn your back, they’re going to stop using it and go back to what they know.

To avoid this potential landmine during NTEN’s implementation, I chose a small group of trusted staff members to help test out my plan prior to the big launch. This exercise helped me identify and fix several incomplete or rocky patches in my plan. Perhaps more importantly, it also created a committed group of converted staff that were able to help answer questions and train other staff later.

Step 5: Launch it to the whole organization

Now that you have your revised and improved plan in place, along with a small team of staff eager to see this new tool implemented, you’re ready for the official launch. There are sure to still be unanticipated bumps in the road, but as long as you have the right people on board and have carved out the time to make sure everyone is trained effectively, your coworkers should quickly start seeing the benefits of the new tool.

This is where all the work you’ve done is rewarded, often with glowing smiles and relieved sighs emanating across the office as users realize the burden of remembering countless passwords has been lifted, and that their accounts are actually going to be significantly more secure.

Step 6: Provide continued training and improvement

Bask in the joy of accomplishment for a few minutes, but then get back to work. While it may seem like everything is safe, easy, and wonderful after implementation, it’s critical you don’t become indifferent to the risks that still exist. In reality your users are all going to have different levels of adoption, and your organization is only as safe as your least secure user.

To combat this, most password management services have tools you can use to monitor how secure each user’s account is (e.g. master password strength, reused passwords, multi-factor authentication usage), so you can use those to identify and follow up with any users who seem to be falling behind the curve.

You’ll also need to keep your policies up to date to match new needs or discovered security risks, and offer routine refresher trainings to staff. For example, I’m pondering removing the mandatory password change requirement from our policy and replacing it with mandatory multi-factor authentication. And don’t forget to keep staff trained about related risks like phishing and baiting.

Conclusion

If you’ve read this far, but still haven’t made the decision to implement a password management system for your organization, please make that decision now.

Seriously though, whenever I read a “password best practices” type of article and their first piece of advice isn’t to use a password manager (which surprisingly is the majority of them), I cringe a little for anyone who’s still attempting to follow all those oft-repeated rules on their own (such as using a passphrase, changing your passwords every 30/60/90 days, or using a combination of letters, numbers, and symbols).

Those rules all still make sense of course, but in 2017—when we all have hundreds of different accounts across the internet—it’s impossible for any mere mortal to actually follow all those rules to the letter without a password manager.

We are all looking for ways to save money and to use our (often) limited resources to most effectively serve our mission. We often find that our mission doesn’t wait for the technology resources we use to catch up to the innovative ideas that we fundraisers have, so we come up with these ad hoc solutions. The next thing you know, you have more fundraising platforms and vendors than you know what to do with because there isn’t one platform that does everything well. Then you look at your expenses and go “ugh.”

The following is not an endorsement or a knock against any of the platforms mentioned: each one has served a need. Rather, it’s to share with you a case study of sorts: the changes we have made and continue to make to keep up with the evolving needs of our events, our participants, and our donors.

Where we started

When I came to Covenant House in 2013, our peer-to-peer fundraising program was still very new. We had only been doing peer-to-peer fundraising events for two years and we were growing at a sometimes intimidatingly fast rate.

Because each of our peer-to-peer and event initiatives has a specific set of technology needs and there were no event staff with technical expertise, we were using three different fundraising platforms. Two of these were one-stop shops, First Giving and Event Journal, which required very little work from staff but were limited in what they could provide in customized reporting. The third fundraising platform, Blackbaud’s TeamRaiser, was managed by one staff member and a vendor, because the customizations were seemingly endless.

Then, we decided to revamp our DIY program and needed a more robust platform that allowed for customization and provided more complex reporting, so we partnered with DonorDrive. Then we were required to use a specific fundraising platform (Crowdrise) by our charity endurance partner and all of a sudden we had 5 fundraising platforms, leading to more expense and more duplication of work.

How we consolidated our fundraising platforms

Our program was (and is still) growing and so is our team. We now have several people on our team with various levels of technical knowledge. We took the time to look at our programs, our expenses, and our staff knowledge in the context of trying to get our communications and digital properties to look like they are all part of the same family.

After many conversations and frustrations regarding the lack of customized reporting for our charity endurance program, we decided that we could create an affiliate site on DonorDrive. We also recently learned that we are no longer required to use Crowdrise, allowing us to consolidate the program’s tech needs.

The big win came with the evaluation of alternatives for Event Journal. The event and its technology needs have changed over the past couple of years, so we were keeping our eyes open for a platform that could provide more robust reporting as well as assist in overall project management. We were introduced to Greater Giving and after several demos and more conversations, we decided to move forward to transition our traditional events. We are still in the early stages of this transition, but it has already allowed for more customization, includes features for which we previously had to use additional software, and has provided more resources.

What’s next for our organization

All of these changes added up to $15,000 in savings, noted within one fiscal quarter for the organization. It also made it easier to ensure our digital event fundraising platforms have consistent messaging and branding to best promote our mission.

We continue to evaluate our platforms and related costs and we like to learn about new products. It’s good to know what is out there. It may not meet a need right now, but with the ever-evolving landscape nonprofit fundraising, one never knows.
How do you decide which platforms to keep or how many to use? What are your tech wins and challenges? Join the discussion and share your experience!

There’s a new wave of ransomware sweeping the globe. Last week, more than 200,000 computers were infected in 150 countries by the WannaCry Decryptor, which encrypts users’ files while the attackers extort money to unlock them.

Many nonprofits don’t realize they’re vulnerable until it’s too late. In fact, nonprofits are often at greater risk:

  • Nonprofits typically lack IT and IT security knowledge.
  • Nonprofits tend to have fewer IT-related staffing resources.
  • Hackers can steal as much information from 10 small nonprofits as they can from one large business.

We are discounting our Intro to IT Security course, which starts next week, to help more nonprofits gain access to the tools and skills they need to protect themselves from cyber attacks like WannaCry. Leon Wilson, a nonprofit IT security expert with more than 20 years of experience, will share resources and practical tips on how you can protect yourself and your organization.

Use the discount code protect and get a 25% discount. Sign up today and make sure your nonprofit is prepared.

Still can’t afford it? Contact us at training@nten.org and tell us a bit about your work and why you want to take this course.

Most people will say security is important, but if pressed, chances are they don’t really know what that means. What is IT security, exactly, and what’s the worst that can happen? Most pressingly: How can often cash-strapped nonprofit organizations keep their information—and their clients’ or donors’ information—safe and sound?

Leon WilsonLeon Wilson, Chief for Digital Innovation & Chief Information Officer for the Cleveland Foundation and past NTEN Lifetime Achievement Award winner, is leading an online NTEN course on security basics for nonprofits: Intro to IT Security, in May. He was kind enough to answer a few questions about IT security and the special considerations for nonprofit organizations.

Why are nonprofits at greater risk of information breaches and other hacks?

Because hackers know that they’re easy prey; that is, they presume that nonprofits not only don’t have a sophisticated or a secure environment as say a bank or hospital, but that they aren’t even performing the basics well enough. Also, nonprofits have a trove of donor and client information that can be pilfered for identity theft and social media trolling.

What are the potential consequences to nonprofits and their clients?

Loss of trust between the nonprofit and their client that can lead to loss of donors/donations and loss of business/clients wanting to work with the nonprofit.

What are a few things that nonprofits can do to assess their risk?

1) Hire a credible IT consultant to perform a comprehensive IT security & risk assessment; 2) Identify any compliancy regulations they must conform to (e.g. HIPPA, PCI-DSS, Personally Identifiable Information (PII) pertaining to kids).

Why is having an IT security strategy important?

Most, if not all, IT security experts will tell you that these days, it’s not a matter if you’ve been hacked, but when. It’s nearly inevitable in this day and age. Therefore, having a “constantly” current IT security strategy is akin to being a fiscally responsible organization.

What’s the first step that at-risk nonprofits should take to improve their practices?

I can’t say it enough: You don’t know how bad of a situation you have until you assess the situation. Thus, the first step is for nonprofit leadership to take IT security seriously and have a IT security assessment performed. A good IT security assessment should not only identify your vulnerabilities, but rank them by severity. Tackle the severe ones first.

What is the number one pitfall or roadblock for nonprofits implementing an IT security policy?

Unfortunately, it’s a four-way tie: a) lack of awareness, b) not knowing who to turn to for help; that is, finding a good IT security consultant that will help them identify and plug any holes without going overboard, c) lack of finances to perform a good IT security assessment, and d) funding to implement those changes warranting additional technology solutions and consulting work.

View our courses page to find the next Intro to IT Security course with Leon.