Nonprofits are facing new challenges managing their IT today. The shift to mobile has changed the organizations' operating perimeter, and new risks and regulations have emerged related to privacy and information security. Now, many boards and executive staff members are facing chronic under-investment in IT, with a sudden over-exposure to personal information and elevated cyber risk. Concurrently, rising innovation in IT creates an opportunity to be smart and strategic, and to make sound decisions that will benefit the nonprofit for many years to come. For an operating framework, we suggest four guideposts for use in the process of re-thinking IT and cyber security for the nonprofit organization today.
Total Digital Security sponsored a luncheon last week at the Scripps Research Institute of Florida for the Association of Fundraising Professionals of Palm Beach County. The group consisted of county-level leadership representatives from the public, and private sectors, and the keynote speaker was John Dawes, CFRE, presenting on "Wired Boards - How Nonprofit Boards Use Technology Accelerators for Better Governance"; an ongoing research study examining how nonprofits use technology to advance its mission.
The #1 conclusion from Dawe's research is that nonprofits are woefully under-invested in IT. Austere budgets, board and staff communication, and lack of plan clarity are sighted as some of the reasons but according to follow-up surveys, the top factor includes concerns for security and the privacy of all involved.
The results of Dawe's research conclusions and surveys were consistent with our experience in the field and motivated us to publish this post.
Many nonprofits will be re-thinking their approach to IT and will be doing so with an increased focus on safeguarding the privacy and personal information of their boards, donors, employees, volunteers, and constituents. "The Four Guideposts for IT Strategy and Cyber Security for Nonprofit Organizations" is meant to provide a framework for consideration during this re-thinking process.
1) Think of IT as a "Service" vs. a "Product."
IT is rapidly shifting from a "product" and "transaction" to a "service" and "recurring fee" and this is good news for consumers. The shift plays into our next three guideposts as it can benefit the nonprofit on multiple levels, and the concept is core to sound IT decision-making for the future. Simply put, the "as a service" model allows you to "rent" in lieu of "buying" the components that make up your IT infrastructure. This benefits consumers because IT hardware is a depreciating asset that is quickly outdated by new and improved models, typically at prices lower than paid in the past.
2) Avoid Hardware Where Practical
Software is overtaking hardware and replacing expensive servers and other traditional components to an IT infrastructure. The phenomenon represents a mega-trend that must be included when budgeting and making strategic decisions for the nonprofit's technology plan. For more on the mega-trend and why it is important for any individual or organization to understand today, see: "Software is Eating Hardware", and the seminal piece by Marc Andreessen: "Why Software is Eating the World." It is inevitable that some hardware will still be required and preferred by the nonprofit, however using this guidepost when strategizing, budgeting, and making decisions will assure the benefit of considering all the options at hand.
3) Stay "Open"
In most cases you can avoid long-term commitments to anything related to technology today. Why? Because it is aligned with the nature of technology. Innovation in technology always brings us BEFC (Better, Easier, Faster, and Cheaper), and you can plan on the trend to continue and advance well into the future. In this environment of rapid change and increasing value from advancing technology, it is advisable to avoid proprietary protocols and lock-ups, long-term contracts, service commitments, and anything that precludes changing your plan over any long period of time.
4) Engage Board and Staff Throughout the Process
Technology is now part of the fabric of our personal and professional lives. For people to align for the sake of the organization's mission, technology must be wielded with certain disciplines, protocols, and processes. Approach IT and cyber security issues knowing each individual plays a key piece to the infrastructure that will support the every day interactions of all those involved. It takes leadership, vision, buy-in, and collaboration for peak performance when people and technology interact, See Jim Collins' book "Good to Great" for an in-depth analysis of this key piece to succeeding today.
Working together and using these guideposts nonprofit boards, governance committees, and executive directors can have enormous impact and create a next-generation template for their organization's operating infrastructure that will adjust to change, respond to increasing PCI and HIPAA compliance regulations, and be receptive to future innovation that can be leveraged for furthering the cause of the organization.
Contact us for more information, including Speaking, Training, and Workshops.
