NONPROFIT TECHNOLOGY
Turn technology into a strategic advantage — not a source of risk or overwhelm. This collection of expert-led videos helps nonprofit leaders use digital tools to strengthen operations, streamline communication, protect data, and guard against fraud.
Explore real-world guidance on choosing the right software, automating workflows, securing donor and client information, managing compliance, and building a more efficient tech stack. Our nonprofit technology experts break down what matters most: from CRM systems and AI tools to cybersecurity, backups, and fraud prevention.
Whether you’re selecting your first platform, improving internal processes, responding to a data breach, or preparing your team for digital transformation, these sessions make technology accessible, mission-driven, and safe — so your organization can operate with confidence and keep the focus on impact.
A visit with Doug Chapiewsky, CEO & President of Kanso Software, and Cameron Bowman, CAAS Solutions Consultant at JMT Consulting, for a fast-moving, systems-first conversation on one thing every nonprofit runs on: trustworthy data.
Cameron frames the moment we’re in as “the golden age of software”—more tools, more dashboards, more integrations, and more AI than ever before. But that abundance comes with a price: fragmented systems, duplicated entries, and competing versions of the same truth. His fix is refreshingly operational. Data integrity isn’t a buzzword; it’s a checklist: accurate, complete, consistent across systems, timely, and traceable/auditable. When any one of those breaks, nonprofits pay for it in grant compliance headaches, restricted-fund confusion, audit stress, and board decisions made on shaky information.
Doug brings the lens of housing—where data errors don’t just create inconvenience; they disrupt funding, compliance, and real people’s stability. Kanso’s mission is to simplify a highly regulated, high-stakes domain where sensitive data is everywhere and staffing capacity is often thin. As Doug puts it, “Trust outweighs technology… and if we don’t have that trust, it really gets right to your mission.” The episode drills into the reality that single-vendor “one system does it all” is fading fast; modern organizations operate in an ecosystem. That’s why both speakers prioritize open systems paired with serious guardrails—especially when handling social security numbers, income data, and family composition.
The conversation turns tactical with a Business Process Review (BPR): mapping where data originates, how it moves, who owns it, what controls exist, and where manual workarounds (shadow spreadsheets, email approvals, offline tracking) weaken audit trails and invite risk. Cameron lands a line every operations leader should post near their monitor: “Technology will amplify your process. It won’t correct your misaligned workflows.”
Finally, the duo urge nonprofits to build a cadence—monthly, quarterly, at least annually—to revisit processes, configuration, and integrations as funding rules, reporting needs, staff, and tech keep shifting. The message is clear: clean data isn’t a finance luxury—it’s a mission accelerant.
#TheNonprofitShow #NonprofitTechnology #DataIntegrity
AI isn’t a “someday” conversation for nonprofits anymore it’s a right-now operational decision with governance, risk, and staff behavior at the center. Joshua Peskay, Co-Founder of Meet the Moment, joined Julia C. Patrick to talk about the practical reality nonprofits are facing: AI adoption is already happening inside your organization whether leadership has planned for it or not.
Joshua frames the moment with a clear warning and a workable path forward. Too many nonprofits, he says, are bumping into “governance immaturity” the missing pieces that turn AI from a productivity boost into a liability. Think policies, staff learning, data classification and handling, and vendor risk review. Instead of debating whether AI is allowed, Joshua urges leaders to start by accepting the current state and then managing it with intention. As he puts it, “Artificial intelligence is happening and it is happening incredibly fast… the water is coming down the mountain.”
The duo reinforce what many executives have observed: when organizations ban AI, staff still use it they just do it quietly, creating silos and exposure. Joshua connects that to a familiar cybersecurity pattern: shadow IT. People work around constraints to get the job done, especially in a sector that’s under-resourced, remote, and mission-urgent.
The forward-looking takeaway is refreshingly actionable: start with the AI tools already inside your protected environment. If your nonprofit runs on Microsoft 365 or Google Workspace, use Copilot, Gemini, or NotebookLM as your baseline so staff can work with guardrails. For anything outside that ecosystem, require a business case and a review process. Then, build a learning culture where staff share what’s working, what’s failing, and what’s safe.
Joshua also brings urgency from the risk landscape, noting nonprofits are attractive targets because of sensitive data and typically weaker security.
#TheNonprofitShow #NonprofitManagement #AIgovernance
Donor retention is not just a feel good metric it is one of the most powerful levers in the business model of a nonprofit. We sit down with Kirsten Wantland, Principal Industry Strategist at Bloomerang, to explore how organizations can move beyond fear and confusion and actually use retention data to protect revenue and grow lifetime value.
Kirsten begins by explaining her new role at Bloomerang, serving as a bridge between fundraisers in the field and the engineering and product teams. She brings frontline development experience directly into the CRM design process and is now helping shape Penny, Bloomerang’s new AI strategic fundraising partner. Penny will guide staff on which segments to work, what messages to send, and where to focus limited time so small teams can function like much larger shops.
From there, the conversation turns to why traditional retention tracking leaves so many nonprofits stuck. Measuring retention once a year on a calendar basis keeps leaders in a reactive posture, staring at last year’s results instead of managing today’s risks. Kirsten introduces the concept of ‘rolling retention’ a metric that constantly surfaces donors who are about to lapse based on their actual giving patterns. That simple shift creates a proactive pipeline of people to thank, call, invite, and re-engage before they disappear.
At the heart of her approach is a deeper philosophy about donor relationships. As Kirsten puts it, “Ultimately, our donors want a place to belong. They want to be part of a mission. They want to be part of a solution.” Rolling retention, better benchmarking, and even AI tools like Penny are there to serve that goal helping fundraisers step away from purely transactional requests and toward thoughtful, ongoing engagement.
Kirsten closes by urging organizations to start somewhere, choose a few key metrics, track them consistently, test new strategies each quarter, and adjust when the data shows no movement. In a crowded landscape of 1.8 million nonprofits, the ones who treat retention as a core business function not just an afterthought will be the ones that build resilient revenue and loyal communities.
#TheNonprofitShow #DonorRetention #NonprofitBusinessStrategy
Year-end generosity is a perfect storm for cybercrime—and most nonprofits don’t see the danger until after the damage is done. We talk with Alex Brown, Director of Business Development at Richey May, about why the busiest time of your fundraising year is also one of the most hazardous for your systems, donors, and reputation.
Alex explains how attackers watch for holiday chaos: staff on vacation, rushed year-end gifts, last-minute tax receipts, and overloaded inboxes. “Attackers know you’re not paying as much attention,” he warns, “so you have to be a little extra diligent this time of year.” From fake donation pages to altered bank details, the tactics are increasingly sophisticated—and AI is making fraudulent emails and voice calls nearly impossible to spot by eye or ear alone.
The conversation walks through your “front door” risks, starting with your website and WordPress plugins, then moving into infrastructure scanning tools, outdated software, and weak admin logins. Alex shows why role-based access matters: if every staffer can see and change everything, one compromised account can expose your entire donor database and even your bank relationships.
He also tackles the human side of cybersecurity. Alex explains phishing and vishing in plain language, and why urgency (“this is a one-time exception,” “we need this code right now”) is such a powerful pressure tactic. He urges leaders to replace fear and punishment with ongoing micro-training and a culture where people feel safe admitting, “I clicked something weird.” Silence is exactly what attackers are counting on.
Finally, the episode turns to donor communication. Nonprofits must be crystal clear about how they will and will not contact supporters—what domains they use, which links are legitimate, and what information they will never request by phone, text, or email. Clear expectations protect donors and preserve trust, even if attackers try to impersonate your brand.
This is not a technical luxury; it’s a governance and stewardship issue. If your organization depends on digital generosity, you also depend on digital safety.
#TheNonprofitShow #NonprofitCybersecurity #DonorTrust
Tech, data, and generosity are not abstract buzzwords—they’re concrete levers that can stabilize funding, expand impact, and re-energize exhausted fundraisers. Chief Fundraising Officer Kimberly O’Donnell of Bonterra joins us to map out how recurring giving, trust-based philanthropy, and AI-powered tools can move the entire sector from scarcity thinking into a new “generosity generation.”
Kimberly starts by reframing recurring giving as non-negotiable infrastructure, not a nice-to-have tactic. As she puts it, “Recurring giving is essential for nonprofit sustainability. Just no, hard stop there.” Bonterra’s own research shows why: in its Meet the Moment report, 58% of federally funded nonprofits report financial instability this year. In that environment, a predictable base of sustainers—monthly and annual—can keep programs moving even as federal funds, disaster response dollars, and one-time grants fluctuate.
She shares a compelling case study: a Bonterra client that introduced three choices on its donation page—one-time, monthly, and annual. By normalizing both monthly and annual recurring options, that organization grew from zero sustainers to more than 65,000, proving that donors will enthusiastically choose ongoing support when invited clearly and confidently.
Kimberly also dismantles the common boardroom fear that sustainers will cannibalize major gifts. In her view, that’s simply a myth. Monthly donors should be seen as high-value relationship partners whose lifetime contributions, planned gifts, and sponsorship potential can grow over time. The real problem isn’t “small monthly donors”; it’s organizations deciding on behalf of donors when and how they will give.
From there, the conversation widens. Kimberly explains how Bonterra’s vantage point—serving nonprofits, community foundations, CSR programs, and public agencies across the social good ecosystem—reveals sector-wide patterns in real time. Trust-based philanthropy, she notes, hasn’t disappeared; it’s evolving. Funders are becoming more intentional, concentrating resources on core pillars while streamlining reporting and using their networks to introduce nonprofits to new corporate and philanthropic partners.
Then comes the big vision: Bonterra’s “30 by 33” initiative to move charitable giving in the U.S. from a stagnant 2.5% of GDP to 3% by 2033. Achieving that shift, Kimberly argues, will require data, AI, and human connection working together—what Bonterra calls the generosity generation.
AI, in particular, is already reshaping daily fundraising practice. Bonterra has been using agentic AI since 2016–2017, and its new tools are built with a “human in the loop” philosophy so fundraisers can test, refine, and own their messages.
Kimberly’s closing message is both empathetic and urgent: acknowledging nonprofit exhaustion yet pushing leaders to resist retreat: this is not a moment to slow down—it’s a moment to experiment, ask bolder questions, and lean on tools that make the work more sustainable.
#TheNonprofitShow #NonprofitFundraising #BonterraTech
Who actually owns data protection in a nonprofit? In this fast-paced conversation, host Julia C. Patrick sits down with Taysha Adams, Manager Technology Support at JMT Consulting, and Josh Fricovsky, Engineering Director at Cortavo, to tackle the uncomfortable truth: cybersecurity is no longer “someone else’s job.”
Taysha starts with a reality check: most vulnerabilities don’t begin in a server room. They start with everyday behavior. From checking work email on public Wi-Fi to logging in on a friend’s device, casual habits open doors to attackers. As she explains, “Everybody’s responsible for data security and protection… most vulnerabilities do come in from the end users.” JMT has spent more than a year realigning internal processes, tightening device controls, and partnering with Cortavo so their own team—and their clients—are better shielded.
Josh builds on that by showing how fast the threat landscape is evolving. Cortavo’s job as a managed service provider is to sit on the “bleeding edge”: endpoint protection, email security, MFA, VPNs, and now mobile device management for a workforce that increasingly works on the move. He notes that “the cost of inaction is going to be 10 to 100 times more than” the investment in proactive security. It’s not just about tools; it’s about culture, education, and leadership setting the tone.
The conversation then moves to the devices we use every day. Laptops, tablets, and phones are cheaper and more plentiful than ever, but every extra device is another front door. The guests stress that nonprofits need clear policies for using personal phones for work, along with mobile device management to protect company data without “controlling” the phone itself.
AI takes the discussion to another level. Both guests are enthusiastic users, but they warn that unregulated use is dangerous. Taysha urges organizations to set guardrails and favor licensed or enterprise tools so prompts, donor details, and templates aren’t quietly training public models. Josh goes further, recommending offline or private LLMs for sensitive data and pointing out that attackers are already using AI for sophisticated social engineering, including voice cloning and real-time credential theft.
Finally, the trio frames cybersecurity as a governance and financial issue, not just an IT problem. Data loss can mean lost clients, destroyed reputation, and even the end of an organization. Partnering with firms like JMT and Cortavo, building internal awareness, and treating security like an essential protection policy—not a luxury—are presented as non-negotiable steps for modern nonprofits.
This episode is a must-watch for executives, boards, and staff who touch data in any way—which is everyone.
#TheNonprofitShow #NonprofitCybersecurity #DataProtection
When nonprofits tackle a major platform shift, the tech is only half the story. JMT Consulting pros Brady Haslebacher (Director of Program Management) and Dagmar “Dagi” Stanton (Manager of Education Services) map out the human and operational moves that make change stick.
This informative episode breaks down why big projects stall—no top-down buy-in, poor internal communication, and late user inclusion—and then shows how to reverse it with a clear cadence, a requirements doc everyone can point to, and training that respects different learning styles. You’ll also hear how to build champions: start with pain points, practice real workflows, revisit what was decided four weeks ago, and connect dashboards to daily tasks so executives and staff share one view of success.
Brady puts it plainly: “Without communication, missions fail.” From day one, he presses leaders to create a real pre-decision phase—document requirements, prioritize reporting needs, and establish ownership from the C-suite through front-line users. His data points are clear: a typical engagement runs ~90 days to go-live, ~60 days of hypercare, and one to two working sessions per week—about six months end-to-end.
Dagi brings the trainer’s lens, focusing on behavior and confidence. She works with teams who didn’t even choose the new system, flipping reluctance into momentum by making sessions unexpectedly fun and practical. Her mantra cuts through inertia: “The right answer isn’t ‘because we’ve always done it that way.’” She intentionally sets up safe mistakes so users learn how fast they can correct entries—lowering stress and building mastery. The result is less dread and more people who actually enjoy using the tools.
In closing, you’ll get details on JMT’s Innovate 2026 (Washington, D.C., May 4–6): a pre-conference day for deep skill building, followed by multi-track sessions that span software, finance, management, and sector trends—plus the chance to meet your people in person.
If you’re planning a system change—or sitting in one right now—this conversation gives you timelines, team roles, and a playbook to move from anxiety to adoption without the hair-on-fire moments.
#ChangeManagement #NonprofitTech
Fundraising folklore says the “one big donor” will save the day! Katie Gaston, Director of Product Marketing at Bloomerang, dismantles that ‘chase’ and replaces it with steady, systems-based fundraising. Katie frames her role in product marketing as disciplined storytelling: know your audience, understand what they care about, and read the landscape by listening, surveying, and researching. That same mindset applies to development. Start by cleaning and maintaining data in your CRM so you can actually see who is volunteering, giving monthly, and staying loyal over time. Automation can help—address updates, enrichment, and built-in features you may not have enabled.
Katie moves the conversation from wishful thinking to practical math: “Research shows you will actually raise quite a bit more if you just focus on the donors already in your database.” Loyal monthly givers, long-tenured annual donors, and volunteers represent reliable lift and lower risk than a single major-gift “unicorn.” She urges teams to use AI thoughtfully. Whether through platform-native tools or carefully configured external assistants, AI can scan patterns, surface bequest prospects, identify mid-level donors to upgrade, and recommend next actions.
This timely episode then maps a clear donor journey. Thank first-time donors within 48 hours, then vary contact across channels—email, short mobile video, text, and a newsletter update—to nurture toward recurring and mid-level giving. Build an automated sequence now so December’s influx becomes January’s momentum, not a one-month spike. Even modest, realistic steps matter: one sequence, one board call plan, one January volunteer invitation for first-time donors.
Boards and leadership often share the myth. Bring them along with evidence. Use AI or CRM reports to present streak length, recency, and consistency. Real stories persuade too: a decades-long modest donor who later made a significant bequest once the relationship was cultivated. Katie offers a simple activation: “A board thank you call will actually increase the next gift size by up to 40%.” Pair that with the “48 hour” rule and you have a repeatable, high-leverage play.
Finally, Katie’s suggests we reframe year-end. December isn’t a finish line; it’s the on-ramp for the new year. Lean into the cultural reset of January—invite, ask why they gave, listen, and keep the story going. The takeaway: stop chasing the mythical donor and build a system that compounds loyalty you already have.
Cybersecurity isn’t just firewalls and tech jargon—it’s people, habits, and everyday choices. Kicking off National Cybersecurity Awareness Month, we bring together two voices who live this every day: Michael Nouguier, Partner, Cybersecurity Services at Richey May, and Tony Rehmer, Senior VP of IT at Children’s Miracle Network Hospitals (CMN Hospitals). Their message is clear: strong security starts with culture.
Tony sets the tone early: “We take a major part, but it is everyone.” In other words, security isn’t a back-office task—it’s a shared responsibility. With hospitals, HIPAA, and multi-state operations in the mix, CMN Hospitals treats staff as the front line. That means training that actually sticks: shorter, “microlearning” nudges delivered through internal channels, real examples, and peer-to-peer conversations. As Tony puts it, “We never, ever shame a person.” Instead, they use supportive coaching after incidents to encourage fast reporting and continuous learning.
Michael maps the big picture. Attacks have matured, and wishful thinking won’t cut it. “Hope has then become a liability when it’s your only defense.” The antidote? Make security part of the mission—top-down and day-to-day. That looks like updating mission statements (“do the work securely”), enabling multifactor for everyone (leaders included), and building a culture where staff quickly raise their hand when something feels off. He provides memorable visual: “Everybody needs a pitchfork… so they can do what they need to do to protect your organization.”
The conversation gets real with a story from CMN Hospitals at the start of COVID-19. Threat actors bought credentials on the dark web, slipped into a mailbox, swapped a message body for malware, and re-sent it. Because staff had been invited into the security effort, the team was alerted within five minutes. That fast reporting changed the outcome. Culture wasn’t a slogan; it was the safety net.
Both guests agree: this is ongoing work. Threats keep shifting—from credit cards to ransomware and data theft—so messaging, training, and audience targeting must evolve too. Practically, that means appointing security champions, aligning IT with communications pros who can translate across departments, and weaving security into leadership conversations and board funding decisions.
Takeaways you can use: treat people as partners, keep learning in snackable moments, celebrate fast reporting, and put “securely” in your strategy—not just in your tech stack.
In this Nonprofit Power Week conversation, we sit down with Jen Blasy, Manager at Your Part-Time Controller, to confront a topic many organizations would rather avoid: fraud in the nonprofit sector. Jen is unequivocal about the stakes: “Fraud has been a constant. It may look different, but it’s still happening.” She explains why the sector’s empathy, trust, and lean staffing models can unintentionally create exposure—especially in a remote and hybrid world where e-mail, text, and chat now mediate so many approvals and financial transactions.
Jen moves past labels to show how fraud actually occurs. She refreshes the classic “triangle” of pressure, rationalization, and opportunity by adding capability and personal ethics, then wraps it all in culture. Tone at the top matters, she notes, because expectations, zero tolerance, and open conversation are often the only real deterrents. “We need to normalize the discussion of it so that it becomes more normal to talk about,” Jen adds, urging leaders to speak plainly with staff, boards, auditors, and yes—donors—about risks and responsibilities.
Concrete scenarios make the message land. From stolen cards being “tested” on donation pages to refund requests designed to route money out through alternate channels, Jen shows how seemingly donor-friendly instincts can be weaponized. She pushes organizations to map their most common money-in and money-out pathways, document updated controls that fit remote workflows, and rehearse a response plan before a crisis. Who do you call first? Legal counsel, your insurer, your auditor, a board champion? Decide now, not mid-incident.
The throughline is sector solidarity. Because incidents are underreported and under-prosecuted, offenders can quietly move from one organization to another. Jen challenges leaders to think beyond their own walls and treat transparency as community protection. Make fraud risk a standing board agenda item, ensure auditors’ annual fraud conversations are substantive, and appoint an internal champion to coordinate policies, training, and continuous improvement.
Fraud will not be eliminated, but its impact can be contained by stronger culture, modernized controls, and candid conversation. This episode equips executives, finance teams, and fundraisers alike to recognize where they’re vulnerable and to act. As Jen frames it, progress starts when we stop whispering about fraud and start planning together.
#TheNonprofitShow #NonprofitFinance #FraudPrevention
Nonprofits want the speed of automation and the promise of AI—but Alicia Eastvold, Department Leader for Client Technology Solutions at Your Part-Time Controller (YPTC), explains why many orgs stall at the starting line: messy, bloated, and fragmented data. Her central thesis is simple and powerful: “We can’t speed things up if it’s not organized, and we can’t write simple rules around it for where it belongs.” From the first minute, Alicia reframes “data hygiene” away from fear and toward usefulness—think Marie Kondo for systems: keep what serves the mission, archive the rest, and label everything so your “smart assistant” can actually find the hammer.
Alicia maps two common failure modes: too much information (endless, unreadable reports) and poor structure (the same concept scattered across donor CRM, accounting, and spreadsheets). Both grind automation to a halt and produce costly mistakes in grant allocations, budgets, and forecasts. Her practical fix: decide what you need going forward, set a cutoff, inactivate legacy categories, and build simple, durable rules that can run 1,000 times. As she puts it, “Think big about what would happen if I had to do this thing a thousand times and plan your process that way.”
A standout story: a client wanted a complex custom payroll allocation tool. After examining their cluttered chart and inconsistent rules, the team cleaned the system, documented clear rules, and discovered an off-the-shelf cost allocation tool that did the job at a fraction of the price. Takeaway: better structure often beats bespoke code.
The stakes are real. Misallocations can snowball into seven-figure problems, finger-pointing between development and finance, and restricted funds that can’t be used where they’re most needed. Clean, rule-based data unlocks credible budgeting, forecasting, and the ability to ask funders for the right dollars—including flexible, unrestricted support. It also fuels data storytelling that boosts trust and investment: when leaders visualize program costs, funding gaps, and outcomes with clarity, credibility skyrockets.
Bottom line: start today. Choose what matters for the next 12–24 months, archive the past, enforce naming and categorization rules, and think like an enterprise—no matter your size. Clean data returns time to your people, turns AI from buzz to utility, and powers decisions that move the mission!
AI isn’t a magic wand—but it can absolutely help nonprofits do more with less when you understand what it is, where it fits, and how to use it wisely. In this energizing conversation, technology associate and CPA Christine Chacko from Your Part-Time Controller (YPTC) explains the practical difference between automation and AI, when to use each, and how to keep data safe while you experiment and learn. As Christine puts it, “AI is actually a form of automation,” but it handles open-ended, judgment-heavy tasks while traditional automation follows clear, narrow rules. Think rules for categorizing expenses (automation) versus analyzing trends, benchmarking, and surfacing insights across donor segments (AI).
Christine offers real nonprofit examples: blend automation to roll up donor data by type, then ask AI to interpret changes year over year, spot seasonality, or flag post-pandemic shifts. She shows how AI shines as a writing helper—drafting grant narratives tailored to funders’ preferences or condensing verbose copy into crisp executive summaries—while reminding us to review outputs for voice, accuracy, and appropriateness. “We really like to think of it as a thought partner,” she says, perfect for bouncing ideas, testing messages, and clarifying complex financial stories for boards.
Security matters, too. Christine’s guidance is simple and strong: read the fine print, know what you opt into, and understand the difference between models embedded in trusted systems and those that reach out to other tools. She introduces agentic AI—systems that can act on your behalf (e.g., access Outlook, browse the web, schedule emails)—and explains why permissions, policies, and internal controls must come first. Hallucinations are less frequent in newer reasoning models, but review remains essential—especially for grants and external communications where stakes are high.
Finally, Christine maps the near-term horizon: expect broader, more accessible agentic AI inside finance, IT, customer support, and daily workflows. Success won’t come from tools alone; it comes from culture—clear use cases, communication, training, and solid processes. Used well, AI reduces drudgery (transcripts, notes, routine emails) so nonprofit teams can focus on judgment, relationships, and mission results.
Nonprofits lean on outside platforms to save time and stretch budgets—but those relationships can quietly expose sensitive donor, client, and payment data. In this episode, Senior Cybersecurity Advisor Parker Brissette of Richey May explains how to recognize and manage third-party software risk before it becomes tomorrow’s headline. He starts with a simple lens: follow the data. Where is it stored? Who can touch it—directly or indirectly? Many teams only think about contracted vendors, but Parker widens the aperture to “shadow IT” and consumer tools staff use without formal approval. As he puts it, “Third parties is really anybody that can touch the data at any point in your business, whether you have an agreement with them or maybe not.”
From privacy regulations (GDPR, CCPA) to sector-specific rules (HIPAA, PCI), nonprofits carry legal and reputational exposure the moment personal information enters their systems. Parker offers practical steps: inventory paid tools via your accounting system; ask, “If this vendor vanished tomorrow, what would break?”; and press vendors for proof—SOC 2 reports, ISO 27001, or completed security questionnaires. For organizations without a CIO, he recommends clear contracts and one non-negotiable safeguard: “The biggest thing that I recommend in any third-party engagement is setting an expectation of having cyber insurance, because that’s a big protection for you financially.”
AI enters the picture with both promise and peril. Consumer AI tools can learn from and retain your uploads, potentially exposing proprietary or personal information. Enterprise agreements (e.g., Microsoft Copilot) can offer stronger data protections, but only if configured and used correctly. Parker’s guidance is pragmatic: don’t ban AI; set guardrails, choose vetted tools, and train teams.
Finally, he urges preparation and transparency. Incidents can happen—even with good controls. Donors and corporate funders expect frank communication about what protections exist and what happens if data is exposed. Build trust now by documenting safeguards, validating vendors, and rehearsing your response.
You don’t have to be a security expert to make smart choices—but you do need a map: know your systems, test your assumptions, ask vendors for evidence, and write risk into your contracts and budgets. That approach turns anxiety into action—and preserves the trust your mission depends on.
Has your nonprofit ever had a simulated break-in to test your digital defenses? If not, you may already have an intruder inside!
Cyberattacks aren’t just happening to big corporations—they’re happening to nonprofits every day. And far too many organizations have no idea they’ve been breached until months later. Cybersecurity expert Michael Nouguier, Partner of Cybersecurity Services at Richey May, pulls back the curtain on the urgent, often-overlooked practice of penetration testing—known as “pen testing.” His message is blunt: if your nonprofit hasn’t done one, you may already be compromised.
Michael explains that a pen test is essentially a real-world simulation of a cyberattack, conducted by ethical hackers to expose weaknesses before malicious actors exploit them. “It’s like hiring a home inspector before you buy a house,” he says, “but instead of finding leaky pipes, we’re finding the digital doors and windows you’ve accidentally left wide open.” These gaps can exist in email, donor databases, websites, payment systems—anywhere sensitive information lives.
The process starts with scoping—identifying your organization’s tech environment, third-party tools, and data flows. From there, ethical hackers gather open-source intelligence (OSINT) to see what information about your nonprofit is publicly available, then attempt to exploit any vulnerabilities found. This may involve phishing attempts, network access attempts, or probing for weaknesses in online applications. Post-exploitation, the team determines how far they can move within your systems—accessing donor records, financial data, or confidential client files.
The findings are compiled into a detailed report, along with a letter of assessment that can be shared with insurers or contractual partners. In many industries, including healthcare, justice, and education, annual pen testing isn’t optional—it’s required by regulation or by contract. Yet, as Michael warns in this episode, many nonprofits sign agreements without realizing they’re agreeing to perform such tests.
Waiting too long is costly. IBM research shows that proactive security measures can save organizations over $200,000 per breach. On the flip side, skipping pen testing can raise your cyber insurance premiums—or get your coverage denied entirely. And because updates, new software, and staffing changes continually introduce new risks, pen testing isn’t a one-and-done task—it’s an annual checkup for your organization’s digital health.
Michael also touches on the human factor. When testing social engineering risks, you often don’t alert staff in advance—because real attackers certainly won’t. The goal is to create realistic conditions, not staged ones.
This conversation should serve as a wake-up call: penetration testing is not an optional luxury—it’s a frontline defense. Whether you hold donor payment information, confidential case files, or sensitive program data, you can’t afford to leave your cybersecurity to chance.
If you've ever worked in a nonprofit and found yourself fronting expenses on your personal credit card, you're not alone—and you're definitely not doing it wrong. But there's a better way. Our host sat down with GiveFront.com , to unpack how nonprofits can modernize the way they manage spending, reimbursements, and financial oversight.
Founder of GiveFront, Matt Tengtrakool, brings a unique dual lens to the discussion: one from years of hands-on experience running and managing nonprofit finances, and another from building financial technology designed specifically for the sector. His message is clear—nonprofits deserve modern tools to track spending, reduce fraud risk, streamline compliance, and eliminate burdensome reimbursement systems.
He explains that many organizations still operate with a single credit card passed around among staff—a system ripe for errors, delays, and a lack of accountability. GiveFront provides an alternative: customizable, trackable virtual cards that make it easy for even volunteers to make approved purchases. “You want to allow people to spend for your organization, but you also want control,” Matt explains. “And having the systems set up from the start is extremely important.”
The conversation covers common friction points between program teams and finance departments, shedding light on how better spend management can actually strengthen relationships across departments. Host Julia Patrick and Matt explore the psychological side of transparency, the real costs of missing receipts, and the ripple effects of poor policy enforcement.
Matt also shares how sales tax refunds—often ignored due to their complexity—can recapture up to 10% of an organization’s spending. With GiveFront’s built-in tools, nonprofits in states like North Carolina and Utah can automatically generate sales tax refund documentation without drowning in paperwork.
The episode wraps with practical advice: adopt a spend management platform, train your team on internal financial policies, and revisit those policies regularly. Because managing money well isn’t just about spreadsheets—it’s about trust, clarity, and making sure every dollar does the most good.