In pt 2 of this interview series, learn about cutting edge technology from 3 nonprofit tech experts with decades of experience and a deep interest in tech innovations. Johan Hammerstrom, CEO of Community IT Innovators, Steve Longenecker, our Director of IT Consulting, and Nura Aboki, Senior IT Business Manager and Consultant.
We start by exploring the way offices are working today and the changes that modern nonprofit offices have gone through to work remotely or with hybrid set ups or hoteling desks. We then discuss a topic that all nonprofits have to pay attention to: Cybersecurity protections. We also delve into crypto, touching on how nonprofits want to be able to accept donations, and also discuss blockchain applications for financial transparency and transactions. What is the future of Docusign? When will we go entirely paperless and what will documents look like then?
Is your nonprofit forward looking? Are you wondering what tech changes your nonprofit will be facing in the next 3-5 years and how our offices will keep changing to address cybersecurity and financial risks? Are you conflicted about crypto's impact on the environment, but interested in the financial transparency behind the hype?
Join us for a quick preview of where we think these technologies are going and how we expect this trendy tech to impact the nonprofit sector.
In part 3 of this series our experts will discuss Artificial Intelligence for nonprofits (AI) and Machine Based Learning innovations. Stay tuned!
_______________________________
Start a conversation :)
Thanks for listening.
In pt 2 of this interview series, learn about cutting edge technology from 3 nonprofit tech experts with decades of experience and a deep interest in tech innovations. Johan Hammerstrom, CEO of Community IT Innovators, Steve Longenecker, our Director of IT Consulting, and Nura Aboki, Senior IT Business Manager and Consultant.
We start by exploring the way offices are working today and the changes that modern nonprofit offices have gone through to work remotely or with hybrid set ups or hoteling desks. We then discuss a topic that all nonprofits have to pay attention to: Cybersecurity protections. We also delve into crypto, touching on how nonprofits want to be able to accept donations, and also discuss blockchain applications for financial transparency and transactions. What is the future of Docusign? When will we go entirely paperless and what will documents look like then?
Is your nonprofit forward looking? Are you wondering what tech changes your nonprofit will be facing in the next 3-5 years and how our offices will keep changing to address cybersecurity and financial risks? Are you conflicted about crypto's impact on the environment, but interested in the financial transparency behind the hype?
Join us for a quick preview of where we think these technologies are going and how we expect this trendy tech to impact the nonprofit sector.
In part 3 of this series our experts will discuss Artificial Intelligence for nonprofits (AI) and Machine Based Learning innovations. Stay tuned!
_______________________________
Start a conversation :)
Thanks for listening.
Transcription
Carolyn Woodard: Welcome. My name is Carolyn Woodard, and I am the Director of Outreach for Community IT. Thank you for joining us for part two of our series of discussions on high tech and cutting-edge nonprofit technology.
Today, our three senior experts will be discussing cyber, crypto and blockchain. If you missed part one on virtual reality, you can find it if you subscribe wherever you listen to podcasts. I’ll let our experts introduce themselves and get right into the discussion.
Johan Hammerstrom: My name’s Johan Hammerstrom. I’m the CEO at Community IT. I’m happy to be here today with Steve. Steve, you want to introduce yourself?
Steve Longenecker: Sure. I’m Steve Longenecker. I’m the Director of IT Consulting at Community IT.
Nura Aboki: My name is Nura Aboki. I’m an IT Business Manager and a Senior Consultant at Community IT.
Johan Hammerstrom: Well, I’m curious to hear about what Nura has been looking at lately in terms of new technology and specifically what some of the clients that he’s been working with are looking at.
What are some of the new things that a lot of nonprofits are starting to use that we maybe haven’t seen before? I’m curious to hear more about that.
Modern Office IT Concerns
Nura Aboki: One of the trends we’ve seen is certainly the hybrid work environment. What is that? What is it going to look like, two years from now or next year? Is it going to be more remote access, more adoption of social media tools, faster connections, virtual assistants?
So those are the kinds of things I basically researched and I have key points that I would want to share in this conversation.
Johan Hammerstrom: So as a senior consultant, you work with many of our largest clients and as you mentioned, help them with roadmap development and planning for the future.
And I’m curious, what are you seeing now? Are there any new technologies or technology solutions that you’ve seen in the last year or two in the work that you do that are maybe new or that you were kind of surprised to see?
Nura Aboki: Well, in the past few years, we’ve been hit hard by the pandemic, we can’t escape that fact. And that has really created the need for cloud adoption. Several nonprofit organizations have really invested in making sure that they have business continuity. And those investments are typically with software as a service solution providers. Primarily, we’ve seen this across Microsoft products, Google products. Those are big players that we have seen clients moving from on premises solutions that they typically would have been using back when we were mostly in the office to switching to using cloud-based solutions or software as a service.
In addition to that, departments across nonprofit organizations, especially departments that deal with people and culture, departments that deal with finance, are also investing in cloud-based software as a service solution.They are integrating their business processes with those solutions.
Now, two years after the pandemic, we have seen clients thinking about going back into the office. And that also begs the question, what would the office look like where you have people transitioning from being fully remote to having a sort of hybrid work environment? Some clients that had a hybrid environment have been making investments in ensuring there’s fast connectivity in the office.
Because they still want employees to have that hybrid experience where they’re able to access services remotely, as well as when they are in the office. That fast connectivity to access cloud services is there for them. We are seeing investments in increasing the bandwidth speeds. And that is also interesting because bandwidth used to be expensive. Now, it’s becoming cheaper and cheaper and more accessible. Even smaller nonprofits have more options in selecting their internet service provider that will give them the most reliable, fast connections.
Just to touch on a little bit on specifics, the hybrid work environment investment would be something like, hey, we have a lease on the office, for instance.
A client will say, well, we’re going to have a lease on the office, but the office furniture is not fully utilized. Office space is not fully utilized. So there is that consideration of some clients saying, let’s bring in some sub tenants.
Or, maybe we should have a way of having applications that will allow us for hoteling some of the desks in the office or office space. No single employee owns the space, but rather it’s a shared workspace. I think there’s a heavy utility in that kind of thinking and investment.
There are staff applications or software service applications out there tailored to provide efficient ways of using your office space. So that’s one specific example that I can share.
Johan Hammerstrom: Yeah, I’ve seen something similar where at the start of the pandemic, we went from working at an office to working at home, and then as the pandemic has started to recede, organizations, especially larger organizations, aren’t going back to working from the office. They’re instead moving into this mode of working from anywhere where one day you might be working at home the next day you might go into the office, but you might work at a desk that you reserve through a reservation system, like the kind you’re talking about.
And then two days later, you might travel to another city to visit another customer or client that you have in that city. And then the next day you come back and you work from home. And so the work environment, especially the computing work environment has to work from a variety of different locations, and in a variety of different environments.
And so that’s something that requires not just a reliable laptop, it’s not just about having the laptop. It’s like you’re saying: how do you connect to the internet from all of these different locations and how do you reserve locations to work from, and how do you work productively from those locations? While also like connecting with people and other people in the organization and in other organizations who are also working from a wide range of different locations?
It has introduced more complexity in some ways into the work environment. And as we know, one of the great strengths of IT is its ability to assist with managing complexity. And so having a solution that enables an organization to manage desk reservations at their office space is going to be effective. Those sorts of solutions are going to be important.
Cyber Security
Nura Aboki: That’s exactly right. Thank you, Johan, for really expanding on that. And it presents complexity and concerns in terms of security. I think investment in security has increased as well, because the threat landscape is now broader and wider.
We talked about people working from anywhere. So how do you ensure that their access to the network service is secure and not compromised? In my conversation with senior leaders at nonprofit organizations, they are asking questions about security.
And one element to it is how do we ensure our employees are educated enough? They are sort of aware of the threat landscape and the risk that is out there. And in particular, we are seeing companies or clients sign up for security awareness training programs.
And even if they have not been thinking about it, or they feel like well, you know, I’m no threat. My organization is just volunteers. We provide food to poor people – that kind of mindset and thinking. Still the organization can be at risk, because you may have personally identifiable information on the database that can be hacked or theft of identity or they can be used as proxies.
We’ve seen increased attacks: phishing attacks, spear phishing attacks, fraudulent emails being sent, impersonation of employees. And for that reason, companies are investing in security awareness programs.
They feel the first line of defense is the employee, if the employee is able to detect social engineering, because they’re probably sitting somewhere on a beach working remotely. They understand, are well-trained and aware of threats that may come their way. So that is another angle to the complexity that it adds more support, more complexity,
But then indeed, security is also an area where CEOs and Executive Directors, higher level staff are thinking about.
Would you agree, Johan, that you also see that up and up increased investment in cybersecurity?
Johan Hammerstrom: I totally agree. I think there’s an increased awareness when it comes to cybersecurity. And I think what’s most interesting is that you have to up your cybersecurity game. It’s not enough to have MFA anymore; multifactor authentication, which is something that a lot of organizations adopted over the course of the pandemic.
There was a growing awareness that if my staff can log into their email from home, or from anywhere, then a hacker, a threat actor, could log into our email from anywhere. And so there was an increased awareness that having multifactor authentication was an important security protection to add. Now, what we’re seeing is that not all multifactor authentication methods are created equal, and not all MFA approaches to MFA are equally secure.
And this became really clear with the Uber hack, where they were able to basically access Uber’s credential database – the database that had all of their security credentials. Even though it was protected through MFA, the hackers found a way to bypass that MFA because of how the MFA was implemented.
It’s cat and mouse, every time you have a new protection people find ways to bypass it, and then you need to make the protection stronger. The code-based MFA, where it’s sending a code to your phone, has been found to be fairly weak, especially when it comes to a determined threat actor who wants to hack into your system. More advanced implementations of MFA are being developed and deployed. And that’s something that I think is going to be important for organizations to look at and to start implementing over the next few years.
Nura Aboki: Excellent point. Thank you, Johan.
Johan Hammerstrom: I also think another area of security that’s important is encryption. I know we’ve started to use both. Disk level encryption is something that organizations have been doing for a while. I think it’s something that also has become a lot more common in the last few years. And then file level encryption. We’ve definitely started to use it more here at Community IT.
I’m curious if you’ve seen that in any of the organizations that you work with or if you’ve seen any use cases where file level encryption would be beneficial?
Nura Aboki: Yeah, a good question, again, Johan. I certainly have seen encryption in some of our clients, and some of them really collect a lot of information about their donors, collect information about their members. That information can be personally identifiable information, social security perhaps, or credit card information, address, something you can build a profile that is at risk or sensitive information that could be at risk when it falls into the wrong hands.
So, clients have asked about a variety of ways to secure that data, whether it is through encryption at rest of the files that are stored on either a cloud files storage solution. A variety of them are out there, quite frankly, that typically would have the encryption at rest.
They are concerned that if they are sharing information or sharing links, are these links secure? They’re concerned about the file’s encryption in transit. Is it really happening?
How can they be sure that no man in the middle attack or spoofing attack or some sort of cyberattack can be launched to capture that data in transit? So cloud providers are stepping in to ensure that there is encryption in transit as well.
Now, the disk encryption that you had mentioned, which we’ve seen, device encryption is a no brainer. Organizations that do have users using mobile devices like laptops, for instance, should really consider getting that. It’s available within the operating system and can be easily implemented and deployed. So we advise our clients to prioritize if they haven’t, disk or device encryption, for all the laptops that they have, and even for stationary devices.
If it’s a stationary device and there is likely going to be some sensitive information, disk encryption is important. And device encryption can be enabled, as long as you have the right partner that has the right skill sets to get that rolled out. As clients use more of the cloud, the cloud providers need to provide some evidence of encryption. They typically have, whether it’s 256-bit AES encryption, or it’s 128, they do have some level of encryption.
Some organizations that have compliance requirements, there may be some minimum requirements to meet that compliance. And they need to evaluate the vendor that is providing that storage capability for their files in the cloud to ensure that their data is secure.
There are some high security nonprofit organizations that are really security conscious, and they are worried that their data can be shared with some of the third party cloud providers. So they also need to closely evaluate, to see how they can bring in their own encryption keys so they are the only ones that have the private keys to decrypt any data. Even the provider doesn’t know what’s there. It’s encrypted. All they know is there are files on there stored by X client. But they can’t decrypt and read any of their data.
So there are levels. But that evaluation needs to be done with an IT partner that actually has the experience to provide that guidance.
Crypto for Nonprofits
Johan Hammerstrom: Switching gears a little bit, I wonder if any of your clients have asked you about blockchain or crypto currency? Is that something that you ever get asked about?
Nura Aboki: Well, as I’m looking at data on my computer, we recently experienced some crypto exchange that actually went into trouble [FTX Meltdown]. And so that excitement is there.
The questions I typically get about crypto is, is it possible for us to have a secure, clean way to accept donations?
So that is the fundamental question: how are we going to raise funds? Is crypto a donation option for us?
And it’s under consideration, I would say. I’m not aware of any of my clients accepting crypto as a method of providing donations. But the confidence level that people had is still there, it’s just that recently, the news hasn’t been good for the crypto community.
And so the growing concern is: who is the legitimate sort of regulated crypto exchange provider where we accept donations in crypto currencies, and we can convert it into fiat currencies at the other end and use it to fund our programs easily? That’s the extent to where I’ve seen those conversations happen.
Blockchain for Nonprofits
But I know investments are being made by the tech community to provide solutions around blockchain transactions so they can easily be audited. Know your customer, know where the source of the funds is coming from, who it’s exchanged with and how the transaction is done. Blockchain technology has so much potential in providing that transparency.
Johan Hammerstrom: Yeah. I agree. I think blockchain’s very interesting. I don’t know nearly enough about it to really weigh in on its technical merits.
For example, going back to the DocuSign, where we sign documents with this weird, sort of grainy click,
Steve Longenecker: Click, yeah. It’s the click that counts.
Johan Hammerstrom: Right, exactly. It’s the click that counts and the click is verified by sort of this poor facsimile of a written signature.
If blockchain technology can create some sort of universal verification method; contracts seem like an area that seems right for innovation. If contract storage could be centralized and done in a secure way and there’s a ledger that tracks all the contracts that are getting signed in the world or something like that. That seems like an efficiency gain over what we have with DocuSign right now, which is like the fax machine in some ways. So I would assume that DocuSign is looking closely at blockchain and figuring out how we can innovate to the next level with all of this. So I think it’s important to separate blockchain, the technology, from the crypto currency…
Steve Longenecker: Financial boondoggle?
Johan Hammerstrom: Well, I think there’s people who are true believers when it comes to what crypto is supposed to be able to do, in terms of global currency systems. I think they are…
Steve Longenecker: Freeing us from the nation state monopoly on monetary systems right now. Yeah. I get that. And it’s an interesting idea.
Johan Hammerstrom: Well, I think it’s really naive. And I think, human history and human behavior being what it is, low and behold, a lot of crypto currencies are actually fraudulent and they’re failing and they’re crashing like every other new financial instrument that’s ever been invented in the history of financial instruments.
So, I think it’s easy to look at all that and say, well, it’s a bunch of hype and it’s just fraudulent. But, I think behind the way in which this blockchain technology is being used, there could be a legitimate technology that in the hands of companies, it’s going to be tech companies, could end up being put to a use that a lot of organizations find helpful.
Carolyn Woodard: Thank you for joining us for part two of this discussion of high tech and nonprofits. You can find parts one and three if you subscribe wherever you listen to podcasts, or on YouTube, or on our website.
Get in touch with us on our website [right here!] to suggest future topics you’d like us to talk about.