Do you have important files in your nonprofits’ Google Drive that are associated with their owners’ personal gmail address? Google lets you migrate those files to Shared Drive so your organization never loses access to them.

Google Workspace is fantastically easy for nonprofit start ups to set up and doesn’t take a lot of technical know-how to manage until you grow to a larger staff size.

One of the common issues we run into is ownership of files. In Google world, the creator “owns” the files even when shared or saved on a shared Google Drive, and if that owner leaves the organization – through any number of scenarios – the organization no longer has access to those files.

Depending on how important the files are, that can cause problems! For example, if you are using an outsourced CFO – or if a photographer “shared” files with you – you can lose access.

A while back Google created “Shared Drive” and we recommend moving files from individually shared folders to organizationally owned folders.

In this podcast, Steve shares a Google Drive trick for nonprofits on migrating those files to Shared Drive relatively easily, by making the owner a temporary manager of the new folder.

The takeaways:

• Google regards the “owner” of files as the creator. Various options for sharing files may not grant complete access to those files for as long as they are needed.
• Community IT recommends creating Shared Drive in Google Workspace and migrating individual files and folders there to preserve organization access to them. This changes the “owner” from the individual to the organization.
• If you are running into migration issues with shared files disappearing, it is probably because the file was “owned” by someone outside your organization, or even someone within your organization using an individual gmail account to access Google. It is very easy to mistakenly log in to Google under other accounts to do your work!
• To migrate files in that situation, Google makes it possible to solve the ownership problem without a third-party tool. Staying within the Google universe preserves the file formats and makes migration easier. Links remain valid as will dynamic connections within Google Sheets.
• Community IT recommends creating a Shared Drive and temporarily making those external people managers with their individual gmail account. That gives them the ability to move whole folders of their files into the Shared Drive, where they become “owned” by the organization even after the individual leaves. This also helps clear up files created by external vendors where ownership needs to sit with the organization not with the individual owner, such as photos.
• It sounds complicated, but Steve walks through how to approach “ownership” in the Google Workspace universe and make data management as easy as possible.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Vanguard Communications’ Chief of Innovation Brenda Foster shared tips and practical advice on getting started using generative Artificial Intelligence AI tools at your nonprofit in a way that matches your mission and values.
Learn how to prompt, when and how to use AI tools, and when not to.
Learn how to evaluate the outputs and feel good using AI at your nonprofit.

In part 1, Brenda explains the various types of AI and walks through the ethical considerations and trade offs for the environment, community justice, human creativity, privacy and security, and bias. She presents a five question framework for creating your nonprofit AI policy. In part 2, Brenda explores good prompting and the differences between tools in this moment, and takes audience Q&A.

Are you wondering where to start with AI?

Chances are you and your colleagues are already using it for some things, and wondering how to use it better, or whether you should be using it at all. Your organization may be ambivalent or aghast at AI, have already embraced it, or be unsure where to start. You may have colleagues that are using AI for everything and others who won’t touch it.

Brenda Foster is a PRSA-NCC Hall of Fame inductee who has specialized in nonprofit communication for decades.

In this webinar, she shares tips and best practices on improving your AI prompts for communication success and explores situations where AI can improve the day-to-day job satisfaction for nonprofit staff. You can hear more from Brenda in our podcast discussion of AI tips here.

How can your nonprofit get started ?

In this webinar learn how to prompt, when and how to use AI tools, and when not to. Learn how to evaluate the output and ensure that your team feels confident and comfortable using AI to make their jobs more interesting and to better support your mission.

As with all our webinars, this presentation is appropriate for an audience of varied IT experience.

Community IT is proudly vendor-agnostic, and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.

Learn how to create an AI Acceptable Use Policy here. The nonprofit sector is deeply concerned with ethics, accountability, the environment, and systemic change. Learn more about ethical AI frameworks here.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Vanguard Communications’ Chief of Innovation Brenda Foster shared tips and practical advice on getting started using generative Artificial Intelligence AI tools at your nonprofit in a way that matches your mission and values.
Learn how to prompt, when and how to use AI tools, and when not to.
Learn how to evaluate the outputs and feel good using AI at your nonprofit.

In part 1, Brenda explains the various types of AI and walks through the ethical considerations and trade offs for the environment, community justice, human creativity, privacy and security, and bias. She presents a five question framework for creating your nonprofit AI policy. In part 2, Brenda explores good prompting and the differences between tools in this moment, and takes audience Q&A.

Are you wondering where to start with AI?

Chances are you and your colleagues are already using it for some things, and wondering how to use it better, or whether you should be using it at all. Your organization may be ambivalent or aghast at AI, have already embraced it, or be unsure where to start. You may have colleagues that are using AI for everything and others who won’t touch it.

Brenda Foster is a PRSA-NCC Hall of Fame inductee who has specialized in nonprofit communication for decades.

In this webinar, she shares tips and best practices on improving your AI prompts for communication success and explores situations where AI can improve the day-to-day job satisfaction for nonprofit staff. You can hear more from Brenda in our podcast discussion of AI tips here.

How can your nonprofit get started ?

In this webinar learn how to prompt, when and how to use AI tools, and when not to. Learn how to evaluate the output and ensure that your team feels confident and comfortable using AI to make their jobs more interesting and to better support your mission.

As with all our webinars, this presentation is appropriate for an audience of varied IT experience.

Community IT is proudly vendor-agnostic, and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.

Learn how to create an AI Acceptable Use Policy here. The nonprofit sector is deeply concerned with ethics, accountability, the environment, and systemic change. Learn more about ethical AI frameworks here.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Does your nonprofit know what to do when a staff person clicks on a suspicious email and instantly regrets it?

David Dawson is a Senior Engineer at Community IT on the escalation team for our help desk. Recently he led the response to a cybersecurity incident at a nonprofit client. In this Community IT podcast, he answers Carolyn’s questions about the flow of the response, best practices, and gives tips on how your nonprofit can be prepared to respond to phishing or hacking attempts.

Knowing who to call and how to respond to a cybersecurity incident at a nonprofit can be the difference that makes a quick and complete recovery.

The takeaways:

• When staff know what to do and who to call it saves valuable time and leads to more confidence in your response. Cybersecurity Awareness Training – particularly anti-phishing training – is a crucial part of your nonprofit cybersecurity defense.
• Having a single point of contact handling the communication at the nonprofit was important both to provide helpful information back to the IT provider quickly and to communicate effectively with 100+ staff that the incident was being resolved and what they needed to do.
• Of course, if your single point of contact is on vacation it can complicate your response. Having an Incident Response Plan with multiple backups will help guide your response.
• If you haven’t reviewed your Incident Response Plan recently, you should! Better yet, gather the stakeholders and hold a tabletop exercise to run through some scenarios and see how your team would handle them. This kind of an exercise doesn’t cost anything to run except your stakeholders’ time, and can help identify single points of failure or areas where the plan is good but your staff need training on what is in it.
• Many nonprofits initially handle their IT management internally. As your nonprofit grows, consider when it becomes appropriate to call on a trusted partner like Community IT to help with cybersecurity, help desk, and strategic planning. Are your cybersecurity investments up to date? What does your cyberliability policy cover? Could you resolve and recover from a cybersecurity attack?

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Peter Campbell is the principal consultant at Techcafeteria, a micro-consulting firm dedicated to helping nonprofits make more affordable and effective use of technology to support their missions. He recently published a free download powerpoint on Managing AI Risk and had time to talk with Carolyn about his thoughts on developing AI policies with an eye to risk, where the greatest risks lie for nonprofits using AI, and how often to review your policies as the technology changes rapidly.

The takeaways:

• AI tools are like GPS (which is itself an AI). You are the expert; they are not able to critically analyze their own output even though they can mimic authority.
• Using AI tools for subjects where you have subject expertise allows you to correct the output. Using AI tools for subjects where you have no knowledge adds risk.
• Common AI tasks at nonprofits move from low-level risks such as searching your own inbox for an important email to higher-risk activities more prone to consequential errors, such as automation and analysis.
• Common AI risks include inaccuracy, lack of authenticity, reputational damage, and copyright and privacy violations.
• AI also has risk factors associated with audience: your personal use probably has pretty low risk that you will be fooled or divulge sensitive information to yourself, but when you use AI to communicate with the public, the risk increases for your nonprofit.

How to Manage AI Risks at Nonprofits?

• Start with an AI Policy. Review it often as the technology and tools are changing rapidly.
• Use your own judgement. A good rule of thumb is to use AI tools to create things that you are already knowledgeable about, so that you can easily assess the accuracy of the AI output.
• Transparency matters. Let people know AI was used and how it was used. Use an “Assisted by AI” disclaimer when appropriate.
• Require a human third party review before sharing AI created materials with the public. State this in your transparency policy/disclaimers. Be honest about the roles of AI and humans in your nonprofit work.
• Curate data sources, and always know what your AI is using to create materials or analysis. Guard against bias and harm to communities you care about.

Peter Campbell, Techcafeteria

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

On September 30th Microsoft will only support a new unified multi-factor authentication control configuration. What does this mean for your nonprofit?

In March 2023 Microsoft announced that after September 30th, 2025, they would no longer automatically support “legacy” multi-factor authentication controls in the Microsoft 365 Entra ID and General Admin administration portals. The methods your staff are using now will not automatically roll over to be allowed via the new admin dashboard after that date. Steve Longenecker, Community IT’s Director of IT Consulting, explains to Carolyn the implications for nonprofits of this change and the Microsoft unified security administration deadline.

The takeaways:

• The new unified authentication dashboard is available now to Microsoft 365 admins.
• The new Authentication Methods page does not inherit methods allowed in the legacy controls. An administrator needs to manually enable the MFA methods your organization wants to allow. Old MFA options your staff are using now will not roll over automatically to the new dashboard.
• Microsoft and Community IT are pushing admins to use this opportunity to to exclude less secure MFA methods. Community IT advises against allowing SMS texting and one-time codes sent to personal email addresses as MFA methods.
• You can upgrade and implement the new MFA and password reset options at any time, and we advise you to do this before September 30, whether or not Microsoft grants an extension of the deadline.
• If you just started using Microsoft 365 for Nonprofits, you don’t need to worry about the deadline because your initial configuration would already be using the new Authentication Methods page. If you haven’t made the change or don’t know, you need to check before September 30, 2025.
• This change is visible only to Microsoft administrators, who should be making the change and informing staff where appropriate. If you are a nonprofit leader or board member and have not heard from your IT Director or outsourced IT, check with them to understand the plan for your organization. If you are a nonprofit staffer, pay attention to directions on using the safest MFA to protect your nonprofit.
• While not directly impacted by this deadline from Microsoft, Carolyn and Steve discuss the importance of “phish-resistant” MFA, preventing Attacker-in-the-Middle (AitM) attacks, for executives and staff working in finance, IT and other highly targeted areas of your operations.

NOTE: The timelines on Microsoft changes do sometimes shift, and we are working to keep you updated. Please check for the most recent blog or podcast from us to ensure you have the most recent update.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Learn how to run this valuable training tool from Community IT Chief Technology Officer and resident cybersecurity guru Matthew Eshleman, who explains how to carry out a cybersecurity tabletop exercise for your nonprofit and why this type of active testing is so valuable to your security planning.

In pt 1, Matt and Carolyn go over what a tabletop exercise is and how they fit into your cybersecurity planning for your nonprofit. In pt 2, Matt describes 3 scenarios specific to nonprofits that you can use, and reviews general lessons learned and best practices from his work with clients.

Make regular cybersecurity tabletop exercises part of your nonprofit incident response plan.

Do you regularly practice your nonprofit’s cybersecurity incident response?

If you haven’t had a cybersecurity incident yet, count yourself lucky. If you have, you probably encountered some questions you wish you had had the answers to before the incident began to unfold.

That’s where a cybersecurity tabletop exercise for nonprofit has enormous value. A cybersecurity tabletop exercise simulates a cybersecurity incident in a controlled environment so you can practice your response and discover weaknesses before they become damaging.

For example, a staff member alerts you that they clicked on a malicious link in an email and now their laptop is “acting funny.” Do you have a phone tree of the people you need to contact? What if someone important is on vacation, who do you contact then? What if everyone’s laptops are frozen, can you still access important contacts? What do you do next?

Cybersecurity tabletop exercises can be elaborate or simple, run by a consultant or run from within. It is surprising how many nonprofits that regularly review and evaluate their programming never use the same principles to evaluate their basic cybersecurity preparedness.

How can your nonprofit get started on this practice?

If you’ve never walked through a cybersecurity tabletop exercise at your nonprofit, you may be intimidated at the prospect or have trouble prioritizing it and carving out time on everyone’s calendar. In this webinar, Matt introduces some popular resources, describes common examples of tabletop exercises, and explains how to adapt this skill-building exercise for nonprofits.

Matt Eshleman has run through cybersecurity tabletop exercises with many nonprofit clients and guides you through best practices and first steps to get started. Don’t wait to introduce this valuable training tool to learn where you can strengthen your practices and better protect your organization in these challenging times.

As with all our webinars, this presentation is appropriate for an audience of varied IT experience.

Download the free eBook on Cybersecurity at Nonprofits: https://communityit.com/download-cybersecurity-readiness-for-nonprofits-playbook/

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Learn how to run this valuable training tool from Community IT Chief Technology Officer and resident cybersecurity guru Matthew Eshleman, who explains how to carry out a cybersecurity tabletop exercise for your nonprofit and why this type of active testing is so valuable to your security planning.

In pt 1, Matt and Carolyn go over what a tabletop exercise is and how they fit into your cybersecurity planning for your nonprofit. In pt 2, Matt describes 3 scenarios specific to nonprofits that you can use, and reviews general lessons learned and best practices from his work with clients.

Make regular cybersecurity tabletop exercises part of your nonprofit incident response plan.

Do you regularly practice your nonprofit’s cybersecurity incident response?

If you haven’t had a cybersecurity incident yet, count yourself lucky. If you have, you probably encountered some questions you wish you had had the answers to before the incident began to unfold.

That’s where a cybersecurity tabletop exercise for nonprofit has enormous value. A cybersecurity tabletop exercise simulates a cybersecurity incident in a controlled environment so you can practice your response and discover weaknesses before they become damaging.

For example, a staff member alerts you that they clicked on a malicious link in an email and now their laptop is “acting funny.” Do you have a phone tree of the people you need to contact? What if someone important is on vacation, who do you contact then? What if everyone’s laptops are frozen, can you still access important contacts? What do you do next?

Cybersecurity tabletop exercises can be elaborate or simple, run by a consultant or run from within. It is surprising how many nonprofits that regularly review and evaluate their programming never use the same principles to evaluate their basic cybersecurity preparedness.

How can your nonprofit get started on this practice?

If you’ve never walked through a cybersecurity tabletop exercise at your nonprofit, you may be intimidated at the prospect or have trouble prioritizing it and carving out time on everyone’s calendar. In this webinar, Matt introduces some popular resources, describes common examples of tabletop exercises, and explains how to adapt this skill-building exercise for nonprofits.

Matt Eshleman has run through cybersecurity tabletop exercises with many nonprofit clients and guides you through best practices and first steps to get started. Don’t wait to introduce this valuable training tool to learn where you can strengthen your practices and better protect your organization in these challenging times.

As with all our webinars, this presentation is appropriate for an audience of varied IT experience.

Download the free eBook on Cybersecurity at Nonprofits: https://communityit.com/download-cybersecurity-readiness-for-nonprofits-playbook/

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.