Technology Association of Grantmakers held their 2025 Conference in Atlanta. Jenny Huftalen and Carolyn Woodard attended and share the takeaways and trends in philanthropy for tech.

The takeaways:

• Technology Association of Grantmakers (TAG) convenes members bi-annually to share knowledge and experiences on technology used at foundations and funders.
• Four trends stood out from this year’s conference: AI, Data, Cybersecurity, and our own health.
• Almost every session and keynote spoke to the prevalence of AI in our lives, in philanthropy, and in the nonprofit space. If you are feeling FOMO or feeling that you don’t know enough about AI, rest assured no one really knows what they are doing either. We also heard several fascinating use cases where nonprofits in partnership with funders are using AI in thoughtful and impactful ways.
• Data and database cleaning and organizing was also a trending topic. Several presentations stressed the need to work on your data processes and governance before throwing an AI product at your data and expecting it to clean it up for you. Again, thoughtful attention to the human side of data is necessary to make the AI work well.
• Several speakers stressed the need to weave cybersecurity throughout your operations and realize that IT and cybersecurity touch every staff member at your organization. Starting with anti-virus software not being built-in to your purchase, IT has constantly packaged cybersecurity as something additional and separate. But that is an inadequate viewpoint. Weave cybersecurity into everything and keep yourself and your organization better protected.
• Finally, our health. IT in philanthropy is all about people. People need to be healthy, which can require a pause to reflect even in chaotic and stressful times. Several speakers and attendees talked about the need, as ever, to re-focus on the essentials: the communities we partner with, the deep knowledge we have about the assets we hold and the challenges we face, and that we do this work because we have hope for a better future.

It’s clear that the intersection of technology and philanthropy is evolving rapidly. These trends can feel like a lot to navigate, but remember that the strongest solutions always come from a thoughtful, human-centered approach. Community IT is here to help your nonprofit or foundation thoughtfully weave technology into your operations so you can focus on your mission.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

What Do Nonprofits Need to Know About Penetration Testing?

Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman explains what penetration testing is, why some nonprofits may need it, and why other nonprofits may not, or may not need it until after a basic assessment and vulnerability scanning.

Do you have someone urging you to get expensive pen testing, and you aren’t sure if you really need it, or if it is just checking a box on an insurance form? This podcast should give you more information on what the pen test tests, and how to match your investment in cybersecurity to your nonprofits’ risks and needs.

Takeaways on Pen Testing for Nonprofit Cybersecurity

What is penetration testing?

• When nonprofits hosted a server on premises, penetration testing was a step that could be taken to look for vulnerabilities such as open ports on the local network.
• Pen testing, as the name implies, involves finding vulnerabilities and exploiting those openings to show how far into your system a hacker could get. Usually a pen testing company will provide a long and very technical report about the client’s cybersecurity configurations.
• Now that most nonprofits are working in the cloud, there is less to test in a pen test. Vulnerability scanning and a basic assessment can usually create a more valuable list of vulnerabilities and remediation suggestions, for a more affordable price. An assessment will provide a more comprehensive and holistic report on the cybersecurity practices at your nonprofit.
• If you have been told you “need” to have a pen test, make sure you understand why and the ROI return on investment the pen test is expected to provide.
• Pen testing has definite value, but that value is very specific to certain types of organizations; with on-site servers, and with certain technical needs and risks.
• The most likely source of compromise and fraud at most small- to mid-sized nonprofits is going to be malicious phishing email leading to wire fraud or compromised credentials. If you have a limited budget to put toward cybersecurity practices, it makes sense to invest in staff training to decrease the risks of clicking on a bad link, and “basic” cybersecurity to protect account credentials and user ID.
• In general, Community IT would recommend starting a cybersecurity improvement journey with a basic assessment, adding vulnerability scanning, and only after addressing any vulnerabilities discovered at that level, determining whether a pen test is a valuable tool to learn more about your system security and resilience.

Community IT hopes that we can provide trusted advice and guidelines for nonprofit safety and security. Your cybersecurity risks and needs will be individual to your nonprofit. If you have questions on pen testing, vulnerability scanning, and basic assessments, reach out and schedule a conversation or assessment with Matt.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

October is ESOP Employee Owner Month

An Employee Stock Ownership Plan, or ESOP, is a legal structure used in the U.S. to create an employee-owned company. Essentially, an ESOP is a type of retirement plan that invests primarily in company stock, holding the assets in a trust for the staff.

Community IT is 100% employee-owned. This structure means our staff participates in the company’s success. Not all ESOPs are 100% employee-owned. Our CEO Johan Hammerstrom walks through the decisions and concerns of our founder, David Deal, that the mission of the company always remain focused on serving nonprofits with well-managed IT. The best way to preserve that mission when he sold the company in 2012 was to sell it entirely to the staff.

Being an ESOP is fundamentally important to Community IT because it ensures we maintain the stability and focus required to serve the nonprofit sector best. This structure guarantees we control our own destiny, allowing us to prioritize long-term, excellent service to nonprofit organizations over external pressures like seeking to be acquired or maximizing short-term profits for outside owners.

Further, it enhances our culture by aligning the incentives of our passionate employees with our mission, empowering independent decision-making and ensuring that clients benefit from a dedicated, resourceful, and stable team that is invested in the organization’s lasting success.

Join CEO Johan Hammerstrom as he explains what October being ESOP employee owner month means to Community IT, our clients, and our dedication to providing excellent outsourced IT services.

Interested in the ESOP structure advantages and how to become an ESOP? Contact Johan directly, he is always happy to talk about our ESOP.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.