Nonprofit IT Essentials for Challenging Times with Nuradeen Aboki pt 2

Show Notes

Are you worried?

In part 1, Nura and Carolyn covered introductions, policies, and resources on three main categories you may be worried about - cyber, data, and staff safety. In part 2, they go over budgeting for IT when your budget may be up in the air, what to move into the "nice to have" and what needs to stay in the "must have" column, resources on how to stay mentally healthy under stress, and how to make a plan to move you and your nonprofit forward with confidence in your priorities. 

Where does your IT fit into this new world? Is your IT strategy flexible, and have you revisited your IT planning, performance, and policies? As you examine your finances, what IT is essential and where can you afford to pare back without hurting your productivity and morale? Do you have some smart savings opportunities lurking in your IT budget that could help your organization in this moment? Is your cybersecurity up to date and do your staff know how to protect your organization and data? Perhaps most importantly, how are your staff coping with all this stress?

What are the top steps to take NOW to adapt your IT quickly to the new nonprofit sector reality?

Join Senior Consultant Nuradeen Aboki who answers your questions about priorities, strategy, and next steps. Nura has been in nonprofit IT for decades and has enormous experience helping our clients’ executives strategize priorities and cut through the noise to the essentials. This is a perfect opportunity to get guidance and reassurance.

The current situation for the nonprofit sector is highly changeable and changing fast. Every day there’s a new worry turning up around your mission, your funding, and your future. 

What you are doing matters. Don’t burnout with worry but don’t leave your organization vulnerable either. 

Learn what Nura recommends and leave with a plan for your next few months and the resources to help you sort out your nonprofit IT essentials for these challenging times.

As with all our webinars, this presentation is appropriate for an audience of varied IT experience.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Transcript

I’m going to go quickly to this next slide, which I put a bunch of these links in the chat. But for those of you watching on YouTube or following this later, we have so many resources on our website. We really love to share these resources and hope to help the sector become better at all of these things around IT, around cybersecurity. So please check out these resources and they will be in the transcript as well.

Resources on Setting Priorities

Leadership: ​

·       https://communityit.com/video-design-an-it-roadmap-to-create-value/

Data Security:​

• https://communityit.com/blog-data-retention-policy-best-practices-in-uncertain-times/  ​
• https://communityit.com/podcast-nonprofit-data-retention-policy-and-cybersecurity-basics-with-ian-gottesman/ ​ 

Staff Security:​

• https://communityit.com/blog-protect-digital-identity/ ​
• https://communityit.com/podcast-anti-doxxing-and-nonprofit-staff-safety/ ​

Cybersecurity Basic Best Practices:​

• https://communityit.com/webinar-playbook-on-cybersecurity-readiness-for-​
  nonprofits/

How Do You Budget for Nonprofit IT?

Carolyn Woodard: I want to move on to a poll. How do you budget for IT? Right now, I think a lot of us at nonprofits are worried about the future. We’re looking at the stock market going up and down and thinking about how our major donors are feeling as well. I know a lot of foundations are stepping up. Some foundations are kind of stepping back. 

So, when you’re looking at your budget or revising your budget, how do you include IT as a strategic element in that budget? 

Here are some options. 

You might go to the finance people, and they take the amount that you spent last year and then they increase it or decrease it slightly. They might decrease it a lot. So that’s one way you can deal with your IT budget. 

You could have a break/fix approach. All of these categories, there is no shame involved. We know that all nonprofits are special flowers and different processes work for different organizations. But you could have this situation where when something breaks, you fix it, and if it breaks and it costs a lot, you just have to find the money somewhere. When someone wants to try a new tool, their department approves it, so you don’t really have an overall strategic plan, where you’re seeing how you can get value out of the new tools that people are looking for. It’s just department by department, sometimes person by person. They’re like, I want to use monday.com and so now they have a subscription to Monday. 

You could also have what we think is the best practice, which is your leadership meets with your stakeholders, updates your roadmap, your strategic plan, and communicates everything clearly. And then you’ve got kind of priorities in your budget. You’ve got this IT roadmap and every time you approve a new tool, it’s kind of working toward that overall goal that you have. 

You could also put in the poll answer, you’re not sure, you don’t know, this isn’t kind of part of something that you deal with, or maybe you haven’t thought about using your budgeting process as a way to think strategically about IT. It could be not applicable, or it could be something else. 

If there’s some other way that you deal with your IT and your budget, please put it in the chat. We love to have people learning from each other. We know that you guys have a lot of best practices also, or advice, or ideas. So go ahead and put that in the chat. We have some people who already use the chat. 

Someone says, we budget by a cost per staff member. So it’ll increase and decrease kind of automatically as staff numbers change. 

Someone says, we look at our annual recurring expenses and compare that to any projected staff size for the coming year, plus add in any special IT projects we’d like to consider.

That is a really smart way to go about it. Thank you. 

Someone else says, we do an evaluation of lifespan on computers and laptops to allocate sufficient funds for replacements.

Really good idea and one of our best practices. 

And we review upcoming projects and try to allocate funds for upcoming projects. 

Those are all really smart ways to do your budgeting.

All right Nura, can you read the answers? Can you see that? And can you read what we got?

Nuradeen Aboki: Yes. 44% of respondents said leadership meets with stakeholders and updates our roadmap strategic plan and communicating clearly. So, a large percentage actually do have leadership involved in that process. 

Second highest, we have 24% say finance takes the amount from last year and has an increase or decrease based on whatever projections they have. 

Then we do have a tie. Some say they’re not sure. Others put some of what you’ve described in the chat.

And then lastly there, we do have about 8% that says once something breaks, we fix. And that’s the approach they’ve taken in terms of IT budget. Thank you all for participating.

Carolyn Woodard: And that absolutely works for some organizations. So again, I want to say there’s no shade for a lot of organizations, especially smaller organizations. I mean, we do recommend as much as you can get into those kind of cycles. If you want to replace your laptops every three years, then if you replace a third of them every year, then you know about how much it’s going to be. That’s a good way to budget for it. But absolutely, sometimes it just makes the most sense to like ride it into the ground and when it breaks, you’re going to have to replace it. 

Budgeting for IT Support

I want to transition into talking about budgeting for IT support. 

Hardware

When we do an initial assessment with a client, we do take an inventory of all their devices, licenses, apps, platforms, and so on that the organization is using. 

You don’t need to wait for an assessment to do this. You can and should urge your nonprofit to create an IT inventory that helps you manage devices. You need to decommission your logons for staff who have left as part of their offboarding process. 

And if you don’t have this inventory, you’re not alone. Don’t worry. Creating this inventory is going to help you on your way to better managing your IT. And that’s one of those examples of where you can use a budget to find value.

As I said, we recommend that your laptop should not be more than three or four years old. Older than that, they have issues with updating their security patches. They’ll begin to be out of warranty. They just don’t work as well. They’re not as efficient. People can’t be as productive. They’ll start to slow down your stuff or they’ll need repairs. You’ll find that the help desk tickets from those older laptops are the ones that are taking a lot of time and people are just losing time working.

To budget for that strategically, you’re going to want to replace a percentage of those laptops every year, and that allows you to plan out your hardware. 

Personnel

Hardware, though, isn’t usually your biggest budget category. Usually, it’s your personnel.

Nura, do you want to talk a little bit more about personnel? Your IT personnel are going to be your greatest expense, and we know that hiring IT staff who will stay with a nonprofit is very challenging. So, what do we recommend? 

Nuradeen Aboki: Yeah. Challenging as it is, getting good talent has been, especially talent that can do your IT support, do proper documentation, do some technical escalation. Someone that does have that capability is likely going to be required a lot more, and to cost a lot more in terms of the compensation.

So if you’re a nonprofit organization, that is between the size of up to 20, 15 to 20, you may want to consider outsourced IT, like a managed service provider (MSP), who would provide you all the services I’ve mentioned here, technical support, management of your IT services, management of your inventory, ensuring that you have cybersecurity protections across your devices, your identity being protected as well. In that size, if you’re over 15 and 20 and up, you may want to consider MSP to take care of those costs for you. 

Smaller nonprofit organizations, however, we know there’s a struggle there. Because oftentimes, there’s a low budget, and access to the free applications is very tempting, or the nonprofit license applications are very tempting. 

But then there’s also concern about training internally for staff. Because you’re small, you can train maybe a few employees, but then as you begin to grow and add more staff, then you’re likely going to run out of the capacity to actually manage a smaller nonprofit organization. In the beginning, that may seem attractive to save costs, but eventually you may want to consider looking at an MSP to grow. As you scale, the MSP can scale with you, because an MSP is agile, it can handle a lot more capacity for IT support.

Carolyn Woodard: Yeah, it kind of puts the burden on us to find the great people to hire. 

And also, when you’re looking for an MSP, I put some resources in the chat as well around, how do you know if you’re ready for an MSP, if it makes sense for you, some vetting questions to use, if you’re not happy with your MSP, you’re looking for a new one. We put together a download that has some questions to ask.

But I will also say that if you’re struggling to manage your IT and you’re under 15 to 20 staff, we did a webinar a little while back about using Google Workspace, which is very easy to set up on your own if you’re not an IT person. And how to manage that as you grow. And so that webinar I also put in the chat, you can delve in if that’s something that you’re dealing with.

The one thing about Google Workspace is it doesn’t really force you to put a lot of security in place. It can just kind of like, it’s very user-friendly. So it’s not going to tell you, oh, this isn’t secure, or you need to have an administrator doing this, that sort of thing, which on Microsoft side you do get.

We have some advice in that webinar about trying to make your Google Workspace as secure as you can. It is a secure platform. I’m just saying that because it’s so non-tech user-friendly, there may be some things in there that you have to think about or know to do to make it more secure.

And I also did a webinar a little while ago about training up internal managers. So, as you said, Nura, it can be hard to hire those IT specific people, but you may have some staff in your organization already that are, you know, like, they’re really excited about it or they’re first adapters. They’re already using AI tools. They just get excited about it. 

And we did a webinar a little while back about a friend of the organization, friend of the pod, who does these training sessions to help executives communicate better with maybe their internal person and maybe move somebody who’s an accidental techie in to get the training and the professional development so that they can manage the IT for a smaller organization. It’s one of the models that we have. So hopefully you can make it better. 

Budgeting for Fundamentals and/or Projects

And then we also wanted to talk a little bit about budgeting for IT support and this kind of fixed costs versus discretionary costs debate. When you’re facing challenges and financial challenges, it’s very natural to think, I’m just going to put off any projects, I’m going to hold on to that discretionary funding, you know, the nice-to-have instead of the must-have items for IT. And I’m going to wait until we have a better financial outlook, or we have some staff that are changing right now, or we have some other challenges going on. So, I’m going to put those off and I’m going to focus on the fundamentals.

But Nura, we wanted to talk a little bit about when your fundamentals are not up to speed, you may need to prioritize time and sometimes funding for a project to get your fundamentals to where you want them to be.So can you talk a little bit about that? 

Nuradeen Aboki: Yes. So the fixed costs are kind of obvious, but I think an assessment or at least you need to know what you need to keep the lights on. For instance, you need to make sure your licenses, the subscription you’re paying for, you pay them timely, you need to make sure people have robust equipment that they use or devices. Most likely having them on the warranty for any event that the hardware fails, you can get that replaced. 

But however, there are some additional costs in order to have a well-managed IT. You definitely want to consider some fundamentals such as having IT policies. And we can never emphasize enough the importance of IT policies because we’ve seen successful organizations having just, regardless of their size, but having those fundamentals actually thrive and they have a better managed IT or even well-managed IT because of those fundamentals.

There are cost components to it. First cost, we want to keep the lights on. We want to make sure that that is covered.  But we want to also strategically look at first year, second year, the decisions that we’re trying to make now, and spending a little bit more to get some of those fundamentals in place will help us in the future.

So really looking at those fundamentals and taking them seriously is what we want to emphasize here. That not only do you want to keep the lights on, but you also want to be strategic in ensuring the fundamentals are taken care of and you’re making strategic investments in them because they will help you in the future in improving their overall IT experience. Also, maybe save you some money because you’re no longer running into risks and wishing that you had spent that money earlier.

Carolyn Woodard: I think I’m always amazed how many clients come to us, and when we do that assessment, they sometimes have 20 or more licenses or accounts for people who have left their organization. 

Not only are you paying for those licenses you’re no longer using, but that’s basically an open door into your organization. Hopefully that person who left isn’t disgruntled. But even if they left and they’re fine, that’s just a login that’s hanging out there. And it could be breached, and you might not even know about it.

So make sure to do that assessment. 

And I didn’t put on here making that data map. Sit with your stakeholders, going through department by department and learning where the data is, what tools are they using that are storing something that’s important about your organization or your clients or your work.

You need to know where that data is, make the policy about retaining that data and keeping it secure. Knowing what vendors are storing your data, what accounts have access to your data, if your data is in these different silos, often that’s for a reason. Who has those admin accounts and who has the other, regular logins, you need a data map, then you need a plan, and you may need more training. You may need a different onboarding and offboarding process. You may need a different approval process for new tools so that they get properly vetted, that it’s a secure tool. I would think we’ve all seen some news reports recently of people using tools that weren’t that secure as they were supposed to be.

All of these are ways to protect your organization. I think in this moment, that’s one thing I want to convey is that nonprofits, maybe over for-profits, have this ethos of your staff who are really dedicated to what you do. And they really care about what you do in your organization. Enlisting them to help protect your organization is a lever that some for-profit companies don’t have. For them, it’s just a job. But for us, we really care. 

Self-Care in Nonprofit IT Roles

And speaking of caring, I’m going to move into this topic of self-care in nonprofit roles. 

I did a webinar on this last November. I learned so much. I challenged so many of my own assumptions about what you need to do to stay balanced, stay healthy, stay motivated, not burn out. I know we have a lot of stress all around us all the time. 

One thing that I learned in this webinar is that I thought you really need to have an hour-long massage or do an hour of yoga to reset. And what the research shows is that you really don’t need to take a big chunk out of your day. Doing a five-minute reset several times a day is as effective or more effective than taking a long pause. It is still important to eat lunch, not at your desk, not reading emails. Make time that you’re away from work to actually be away from work, and decompress and unplug. But definitely, there’s a lot of good stuff in that webinar. So I hope you’ll check it out if you’re looking for mental health and physical health advice. 

One thing I want to say is for leadership, if you’re in a leadership role, is definitely lead by example. Check in on the stress levels of your staff, share some de-stressing techniques, communicate, communicate, communicate, and practice good change management. 

In the best of times, change management around IT can be extremely stressful. But now when we have a lot of external stresses coming in, and you want to change something, you want to change a policy, change a tool, whatever it is that you’re working on that’s changed, make sure you do a lot of change management around it. So that your staff know what you’re doing, why you’re doing it, how it’s going to impact them, what they need to do to be part of the plan. So they feel heard and that they’re part of what you’re doing. 

Since the pandemic, luckily, and we’re all working from home, I think a lot of nonprofit staff are more likely to check in with each other and are more aware of the value of good physical and mental health in our workplaces. 

Definitely, if you’re an IT staff person, make sure that you’re putting self-care first on your daily list. I had a good friend who told me this a while back. If you don’t do your self-care first and you burn out, you’re not going to be helping anybody else on the help desk. You’re not going to be doing any more IT budgeting. You’re just going to be burnt out and need to take some mental health days. Making sure that you take care of yourself is really important at all times, but especially when there’s lots of stuff going on out in the world that’s impacting us.

I’m going to go ahead and share this link to that webinar that I did on stress and self-care. 

And then for funders, I don’t know if there’s any funders on the webinar today, but definitely understanding and prioritizing that IT support that you’re giving to your grantees. We’re really hopefully a lot of our funders have that trust-based philanthropy that they’re following, where they’re really listening and interacting to the grantees and finding out what the grantees really need from them 

And IT support, I can guarantee you a hundred percent, a hundred and ten percent, a hundred twenty percent is something that nonprofits need from their funders. So anything you can do to help them at this time is necessary. 

Essential IT for Nonprofits in Challenging Times Summary

All right, so now we’re going to move into our review.

We have a lot of free resources on our website around all of these issues. Nura, do you want to read through some of these bullet points, just to make sure people get them?

Nuradeen Aboki: Yes, this review is going to help us just make sure we have some take-home lessons here throughout the webinar. 

• Make a strategic plan for your IT, your IT roadmap is important because it gives you a plan of execution. Prioritize and understand the dependencies. You build on a foundation and then you keep increasing and scaling up and improving the overall IT experience and making sure you have well-managed IT for your organization. Ensure that you make those investments and having an IT roadmap. Then agreeing on the priorities with stakeholders. 
• Don’t let IT needs coast while distracted by a public crisis. Certainly IT can be left behind, because there are many other priorities. But think of IT as integral to actually helping you achieve your mission, and then IT is going to get that priority and a much-needed investment. Then prioritize leadership time to create and review policies.
• Policies, policies, policies. They are part of your fundamentals. We are highly recommending that you make those investments, and leadership needs to make that time to create them.
• Performing an assessment. An assessment will help you know your current state, will help you identify the gaps. Also take a look at some recommendations around consolidation of systems. You may be coming out of a legacy on-premise infrastructure into a cloud. Maybe you have many services that you’re using the cloud, where there are duplication of services. So, an assessment will help you identify those gaps and where you can consolidate and save money. 
• Then understanding your inventory. And I think the assessment also has a component of helping you build out an inventory. But if you don’t have an assessment done, you need to spend time to identify having that data map, knowing your license subscriptions, your hardware, and keeping a track of all of these different domains across your inventory, ensuring you know what you have, and then making sure you are making the right investments in that space.
• Then use your budget to review fixed IT costs and discretionary spending. That’s what we highlighted there. You should have a good understanding of what your fixed IT costs are. And then knowing that you want to look at that discretionary spending and making the right investments and spending money wisely there. Know that you may need to spend money and time on a project to improve your fundamentals. 
• And then lastly there, it says stay healthy. You know, that’s very important. We can’t help anyone after being burnt out. So we clearly want to be healthy and in the right state of mind. 

Q&A 

Carolyn Woodard: Thank you. We have a great question who just came in. I’ll say to everybody else; we’re in the Q&A section right now. If you have some questions for Nura, please go ahead and put them in. 

How to Manage Up and Convince Nonprofit Leadership to Invest in IT

Chandra asks, what tips do you have for managing up and helping leadership understand why invest time and money in IT? And actually, for a lot of things we talked about today, it’s mostly time, getting that committee together, putting aside that hour a week or a month to do these things.

Why is investment in IT security so essential? And she says, there’s often pushback when we introduce this topic. 

In your work with clients, do you have some tips, a couple of things that you can tell them to try?

Nuradeen Aboki: Usually leadership, from my little experience, like a story. They like to know the risks. 

• What is the risk to the business?
• How is this security essential not having them?
• How is not having a good security essential or fundamentals risky to our business? 
• Is it going to harm our reputation? 
• Is it going to damage the work that we do? Is it going to hurt our data? 
• Is it going to affect our funders?

And then look at other similar nonprofit organizations that have faced security threats, or have been compromised due to lack of investment. As leadership see these realities, they are smart enough, they are clever to make those choices given the time. Because those are the realities that they will have to deal with if it comes to the organization being impacted by security risks.

Carolyn Woodard: I would say in my experience too, and I’m going to talk a little bit about our next webinar in a moment. But if you can find other champions or cheerleaders for you, they can kind of triangulate and keep presenting this as a problem, as a business problem that needs an executive solution. If there’s somebody on your board that understands that maybe your technology isn’t where it needs to be. 

Actually somebody on a podcast that I was listening to said, just put that meeting on somebody’s calendar. Just say, I need to meet with you once a week until this is over, or once a month or however often it is. And just get the time on their calendar. And then go in there and talk about it. Just making that a regular occurrence can help make it a priority. 

And also, if it’s monthly or however often you decide to do it, that executive has time for it. You know, they don’t have to do anything in between (don’t give them homework). They can just come into that meeting and then be ready to tell them, lay out the story as Nura was saying. And then the next month, it’s going to be easier because they have that background. And then you can come in and start doing things and getting things changed. 

But it’s really, really, really hard. So keep at it. That’s all I can say is keep at it. It’s hard when you’re the person who can see the technology path and you have to get the other people to come along with you. So it’s not easy.

Someone also says in chat is sharing that each leader, person, decision maker also has a number of times that they need to hear something before they make that shift. 

That is definitely true. The more often you hear it, you know, in your personal life, too. The fifth time you hear something, you think, oh, I actually have to do something about that. For sure, that can help. 

Cybersecurity can also be your way in because it really is top of mind for a lot of people, and especially in this environment. 

And I’ll just tell the short anecdote that I did a podcast with somebody who was telling me that they had a board member for this nonprofit organization, who was sued by somebody else for something else. But through the discovery for that lawsuit, all of their board e-mails also were discovered, had to be turned over to the subpoena. 

I don’t like to scare people, because we also say that if you’re doing the fundamentals, if you follow the playbook, you can protect yourself from 80 to 90 percent of the threats against you. This is not something that’s impossible to do. But definitely sometimes that exposure to risk can be a lever that you can use with your executives as well. 

Learning Objectives Recap

I want to make sure that I have time to tell you about our next webinar and go over the learning objectives. 

• We wanted to learn about IT governance policies, why they’re an absolute necessity. We talked about a couple of the reasons why some nonprofits don’t have them. But hopefully, this will spur you to get those policies in place. Policies, policies, policies. It doesn’t do any good if they’re just sitting there and no one ever looks at them after their first day at work. They say, I have the employee handbook, and then I never refer to it again. Make sure that you’re checking on compliance. You have somebody who owns that policy and is looking back, are we using AI the way that we have said that we want to? Are we checking our vendors where our data is stored to make sure they have cybersecurity on their end? All of those sorts of good things. 
• We wanted to learn what to prioritize in our IT. Nura did a great job talking about cybersecurity, data security, staff security, other basics. 
• We wanted to learn about budgeting for IT and where you can find some value and some more resources on how to budget. If you’re undergoing budget review, depending on what’s happening at your nonprofit. 
• We wanted to talk about staying healthy and motivated and review how to make a plan to move forward. 

I’m really excited to talk to you about next month’s monthly webinar. I want to invite you back for a special webinar led by Alethea Hanneman from Board.dev. It’s an organization formed to educate for-profit tech leaders on how to join nonprofit boards and help them utilize technology to achieve their mission, which is something we’re really excited about. 

But Board.dev also educates nonprofits on all the good reasons to recruit someone fluent in tech to your board and how you might go about doing that. And they also make introductions and will help train your new board members on the ways nonprofits are different from for-profit boards and try to help them get up to speed on the lingo and make them a success helping you with your technology. 

They have pulled together a lot of research on how a tech-fluent board member can really help nonprofits succeed, but they don’t just try to convince you. They do help you take those steps and are part of the process of making the introductions. That’s going to be on Wednesday, June 18th at 3 p.m. Eastern, Noon Pacific. You can register on our website now and check out communityit.com/webinars for all our past webinar videos and to register for our monthly webinar series. Our podcasts are on there too. We’d love to hear you on the podcast. We’re on LinkedIn. Follow us. We share a lot of content and resources there as well.

We just love sharing with our community. 

I want to thank you, Nura, so much for spending this hour with us and sharing your expertise with us.

Nuradeen Aboki: Thank you, Carolyn. Thank you for having me.

Carolyn Woodard: I want to thank everyone who joined us today. It was an hour out of your day. I really appreciate you giving us the gift of spending your time with us. I hope that something in our webinar today was useful. It’s something that you’ll be able to take home and use at your organization. 

I hope that you’re able to continue feeling healthy, finding joy, doing the things that you love. Even in, as I say, it’s a polycrisis. There are lots of things going on all at the same time. We know there’s a lot of stress out there. We were hoping that this webinar would help take a little bit of stress out. 

I want to say that when you take action, it really helps you feel better. Some of these actions, if you’ve been going from press release to crisis meeting, to figuring out your budget, to trying to serve the people that you serve, putting aside an hour a week to just sit and do your data map, it can be a time to decompress, and slow down, but you’re still taking action. You’re not vegging out, you’re just like doing something that needs to get done, but it’s a kind of a different part of your brain that’s doing it. So maybe that’s another way to find the time to prioritize this. 

I want to thank everybody again for joining us and I’ll let you go on to the rest of your afternoon. Thank you so much.