Senior staff at Community IT share what happened in nonprofit IT in 2025: AI and non-AI. What tips and advice have you missed?

Top Nonprofit IT Stories of 2025

As is our tradition, we asked some of our senior staff to talk about the most important nonprofit IT stories of 2025. This year, Carolyn gave them two categories – something in AI – or something that might not have gotten as much attention because it wasn’t something in AI.

AI continues to be a really big story. It has been described as the water we are all swimming in, whether we like it or not. It’s going to be impacting all of us, and transforming every sector that nonprofits care about, in the coming years. Education, environment, government, health, privacy and advocacy, immigration, the economy – its easier to ask what issue will not be transformed in 2026 by AI because the answer is none.

And in addition to transforming the communities nonprofits care about, perhaps more immediately AI will be transforming the day-to-day work nonprofit staff do, in new and quickly evolving ways. Community IT will continue to be a trusted partner as you make AI decisions and learn AI tools for productivity and added value.

In addition to reflecting on AI or giving advice on AI tools, many of our staff members gave practical tips on changes to look for in 2026, from budgeting for increasing costs of laptops because of increasing costs of RAM storage (caused by AI needs!) to the increased security of Microsoft 365 login protections, to data protection considerations and updates to look out for, including Microsoft Archive.

Data security and the value of data to nonprofits will continue to be of high importance in 2026, as will the evolution of cybersecurity.

Finally, we know 2025 was very challenging to our nonprofit sector. With all of the changes our friends and colleagues are negotiating, we hope we can help nonprofit IT be the least difficult to manage.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Are you the tech helper in your family? In your office?

Community IT intern Jack Woodard on lessons learned over years of helping less-tech-savvy people learn the technology they need to do what they need and want to do.

Takeaways on How to Be a Tech Helper

Be patient

• People who are having trouble with tech get very frustrated, and they also get very down on themselves for not being able to understand it. They aren’t setting out to be annoying or hard to deal with, but they can get very defensive or just have a lot of trouble following what you are asking them to do, especially if they have difficulty seeing or hearing.
• People having trouble with tech have a lot of anxiety around doing the wrong thing – especially with all the scams out there. But they also want to be participating – they don’t want to miss out. So taking all that into account when you interact with any staff member or family member is good practice to help meet them where they are.

Be a teacher, not a doer

• If the less-tech-savvy person in your life is struggling to use tech, doing it for them will reinforce that they are not capable. Instead, do a lot of listening. Identify the real problem (it may not be what they think is the issue.) Then walk the person through how to do it by asking them to do it while you stand by ready to help.
• Describe what they need to click on. Don’t use a lot of jargon.
• Have the person take notes, especially if they don’t use this particular app or do this particular thing every day. The next time they need to do it, they can refer back to their written instructions.
• If they are upset by updates that change things, consider teaching them to use keyboard shortcuts where available, because these change less frequently.
• Help them get organized and put the apps and tools they use most frequently where they can find them quickly at a glance. Organizing is deeply personal – so don’t impose your way of doing things on them. As a tech helper, follow their lead!
• Walk through each step with them. Most people will continue to do something “the way they learned how” indefinitely. Use that to your advantage if you want them to do it a new way. Make sure they have learned the steps and they will probably be able to repeat them time after time.
• Don’t forget accessibility features. Many people who struggle with tech may be hard of hearing or have difficulty seeing. Modern tech has lots of features to help, like strong contrast, screen readers, and hearing aids that can be connected to other devices directly.
• Microsoft Accessibility Knowledgebase
• Google Workspace Accessibility for Users (can also find the Accessibility Guide for Administrators)
• Mac Guide to Accessibility

Community IT seeks to provide trusted advice and guidelines for nonprofit tech helpers around the holidays and throughout the year. If you have questions on staying safe with technology, especially in the age of AI, it is better to ask someone than struggle alone.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

What scams are circulating and how can you protect yourself and your organization?

Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman runs through common scams and new tactics that we are seeing at nonprofits and simple steps you and your staff can take at this time of year to be better protected.

Takeaways on Nonprofit Cybersecurity for the Holidays

Common scams

• “Your package couldn’t be delivered” … this email tries to get you to click on a link or respond in some way, using social engineering/helpfulness/urgency to trick you into helping a colleague or sorting out a problem with a package.
• “The Executive Director needs to purchase holiday gift cards for staff” … a variation on the “gift card” scam oriented towards the end of the year, holiday parties, gifts for donors or volunteers.
• Pop-up “your computer has been compromised, call this number” scam … often the pop-up can’t be closed (you should shut down and log back in, and alert someone on your actual IT help desk team.)

New Scams

• Spam bombs… followed by a helpful call from “the IT help desk” ... this scam will inundate your inbox with hundreds to thousands of spam email an hour. This scam tries to get the victim anxious at the spam attack and relieved when “the help desk” notices an increase in spam and reaches out to help.
• AI deep fake voice and video scams… growing in presence as the tools to create deepfakes become more available and affordable.

Protections Against Holiday Scams

• Stay suspicious, particularly at the end of the day before a holiday break and the week before that break.
• Be particularly suspicious of in-bound calls and new contact information at any time of year, but particularly around the holidays. Do not give your log in credentials or other information to someone who called or texted you, claiming to be from IT or your bank.
• Review your incident response plan, particularly your phone tree, before the holidays. Make sure you know who to call to report a suspicion or problem, and make sure that your point of contact has a substitute for when they are out of the office for the holidays. Who is “on call”?
• Have strong cybersecurity already in place. Strong passwords, MFA requirements, physical MFA keys for staff who are particularly targeted like your Executive Director and CFO, staff training on the importance of cybersecurity to protect your organization – maybe even a quick training on holiday scams to watch out for … taking proactive steps will give you peace of mind during your holidays.
• Do not be tricked into using a work-around. Always use your established procedures.
• Do report something, using your incident response plan. If you did click on something suspicious at 5pm on a Friday, use your response plan to report it immediately to the person on call for your cybersecurity.

Community IT seeks to provide trusted advice and guidelines for nonprofit cybersecurity safety around the holidays. If you have questions on cybersecurity assessments, staff training, incident response plans, or other cybersecurity topics, reach out and schedule a conversation or assessment with Matt.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Johan Hammerstrom hosts the podcast this week, interviewing Carolyn Woodard on her nonprofit IT management capacity growing pet project.

100% of nonprofits struggle with IT management capacity – whether it’s optimizing limited budgets, selecting the right tools, or building sustainable tech staffing models. Or just knowing where to turn for trustworthy, professional advice. We need structured connection to share best practices and elevate what works in IT management at nonprofits. We hope this community of practice will gather best practices and that it will snowball, attracting more participants with more experiences and ideas to share.

By publicizing proven approaches, we can develop the scalable best practices the broader nonprofit sector needs. By sharing widely within the philanthropy sector, we can reach more nonprofits and stakeholders with the opportunity to manage IT effectively.

• Technology Association of Grantmakers (TAG) is a membership organization of foundations, funders, and vendors, that shares knowledge and experiences with technology in philanthropy.
• Carolyn Woodard has been working in collaboration with Jean Westrick and Gozi Egbuonu at TAG to create a community of practice around better defining the challenges around IT support for nonprofits and grantees, and to gather and better disseminate best practices.
• When nonprofits have functioning and strategic IT they are 4 times more likely to be effective at achieving their missions. How, as a community, can the stakeholders come together in partnership to grow IT management capacity, IT funding, and IT strategic planning as a leadership component of any effective nonprofit?
• Together, TAG and Community IT curated a series of three events around this topic: a panel discussion with experts from providers, foundations, and TAG laying the groundwork of the issue; a mini-convening meet-up of interested stakeholders at the TAG Conference in 2025; and the release of a white paper in early 2026 outlining the nonprofit IT management landscape, existing resources, and areas for building out best practices.
• To join this community of practice and stay updated on events and publications, get in touch with Carolyn, through our contact us page or on Linkedin.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Why a 2025 technology equity guide for nonprofits?

Part 1 covers introductions and a deep discussion on the issues of equity in the technology your nonprofit staff use and how they use it. Part 2 delves into questions of funding tech at nonprofits and touches on creating technology tools and applications that can disrupt inequity in our communities, finishing with Q&A.

Nonprofit technology is marked by inequities within our organizations and our sector. You can see this in staffing and processes, and the way technology tools are implemented. Learn to use the free NTEN Equity Guide for Nonprofit Technology as an active and regular part of your strategy discussions and policy review processes and as a resource for evaluation.

Join Tristan Penn to learn how nonprofit staff can use technology strategically in racially equitable ways to meet our missions and community needs.

Worried about inherent bias and inequity built in to the technology your nonprofit uses?
Wondering how to implement strategies and frameworks to make sure your technology use aligns with your organizational values?

Navigating technology can be challenging for nonprofits, especially with the inequities in our sector. How can you use technology as strategically and equitably as possible to advance your mission?

This session will explore how to use the NTEN Equity Guide as a key part of your strategy and policy reviews. You’ll learn how to implement technology in racially equitable ways to better meet community needs. Get a head start on building a more equitable tech future for your organization.

Presenter:

Tristan Penn is the Equity and Accountability Director at NTEN, where he works to promote, coordinate, and evaluate best practices that support Diversity, Equity, Inclusion, Accessibility, and Liberation. His work focuses on equitable development and capacity building within the nonprofit sector. He manages a staff, community, and board-specific DEI Taskforce, creating long-term work plans and goals for equity initiatives both within NTEN and across the broader community.

In his role, Tristan supports and coaches conference speakers and course faculty on creating equitable presentations and manages an annual community survey to gather demographic data and assess customer satisfaction and goal alignment. He is also responsible for designing and implementing audit processes to evaluate the staff, board, and volunteer policies outlined in NTEN’s Equity Commitment, and for developing appropriate methodologies to measure the impact of NTEN’s equity efforts.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Why a 2025 technology equity guide for nonprofits?

Part 1 covers introductions and a deep discussion on the issues of equity in the technology your nonprofit staff use and how they use it. Part 2 delves into questions of funding tech at nonprofits and touches on creating technology tools and applications that can disrupt inequity in our communities, finishing with Q&A.

Nonprofit technology is marked by inequities within our organizations and our sector. You can see this in staffing and processes, and the way technology tools are implemented. Learn to use the free NTEN Equity Guide for Nonprofit Technology as an active and regular part of your strategy discussions and policy review processes and as a resource for evaluation.

Join Tristan Penn to learn how nonprofit staff can use technology strategically in racially equitable ways to meet our missions and community needs.

Worried about inherent bias and inequity built in to the technology your nonprofit uses?
Wondering how to implement strategies and frameworks to make sure your technology use aligns with your organizational values?

Navigating technology can be challenging for nonprofits, especially with the inequities in our sector. How can you use technology as strategically and equitably as possible to advance your mission?

This session will explore how to use the NTEN Equity Guide as a key part of your strategy and policy reviews. You’ll learn how to implement technology in racially equitable ways to better meet community needs. Get a head start on building a more equitable tech future for your organization.

Presenter:

Tristan Penn is the Equity and Accountability Director at NTEN, where he works to promote, coordinate, and evaluate best practices that support Diversity, Equity, Inclusion, Accessibility, and Liberation. His work focuses on equitable development and capacity building within the nonprofit sector. He manages a staff, community, and board-specific DEI Taskforce, creating long-term work plans and goals for equity initiatives both within NTEN and across the broader community.

In his role, Tristan supports and coaches conference speakers and course faculty on creating equitable presentations and manages an annual community survey to gather demographic data and assess customer satisfaction and goal alignment. He is also responsible for designing and implementing audit processes to evaluate the staff, board, and volunteer policies outlined in NTEN’s Equity Commitment, and for developing appropriate methodologies to measure the impact of NTEN’s equity efforts.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Technology Association of Grantmakers held their 2025 Conference in Atlanta. Jenny Huftalen and Carolyn Woodard attended and share the takeaways and trends in philanthropy for tech.

The takeaways:

• Technology Association of Grantmakers (TAG) convenes members bi-annually to share knowledge and experiences on technology used at foundations and funders.
• Four trends stood out from this year’s conference: AI, Data, Cybersecurity, and our own health.
• Almost every session and keynote spoke to the prevalence of AI in our lives, in philanthropy, and in the nonprofit space. If you are feeling FOMO or feeling that you don’t know enough about AI, rest assured no one really knows what they are doing either. We also heard several fascinating use cases where nonprofits in partnership with funders are using AI in thoughtful and impactful ways.
• Data and database cleaning and organizing was also a trending topic. Several presentations stressed the need to work on your data processes and governance before throwing an AI product at your data and expecting it to clean it up for you. Again, thoughtful attention to the human side of data is necessary to make the AI work well.
• Several speakers stressed the need to weave cybersecurity throughout your operations and realize that IT and cybersecurity touch every staff member at your organization. Starting with anti-virus software not being built-in to your purchase, IT has constantly packaged cybersecurity as something additional and separate. But that is an inadequate viewpoint. Weave cybersecurity into everything and keep yourself and your organization better protected.
• Finally, our health. IT in philanthropy is all about people. People need to be healthy, which can require a pause to reflect even in chaotic and stressful times. Several speakers and attendees talked about the need, as ever, to re-focus on the essentials: the communities we partner with, the deep knowledge we have about the assets we hold and the challenges we face, and that we do this work because we have hope for a better future.

It’s clear that the intersection of technology and philanthropy is evolving rapidly. These trends can feel like a lot to navigate, but remember that the strongest solutions always come from a thoughtful, human-centered approach. Community IT is here to help your nonprofit or foundation thoughtfully weave technology into your operations so you can focus on your mission.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

What Do Nonprofits Need to Know About Penetration Testing?

Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman explains what penetration testing is, why some nonprofits may need it, and why other nonprofits may not, or may not need it until after a basic assessment and vulnerability scanning.

Do you have someone urging you to get expensive pen testing, and you aren’t sure if you really need it, or if it is just checking a box on an insurance form? This podcast should give you more information on what the pen test tests, and how to match your investment in cybersecurity to your nonprofits’ risks and needs.

Takeaways on Pen Testing for Nonprofit Cybersecurity

What is penetration testing?

• When nonprofits hosted a server on premises, penetration testing was a step that could be taken to look for vulnerabilities such as open ports on the local network.
• Pen testing, as the name implies, involves finding vulnerabilities and exploiting those openings to show how far into your system a hacker could get. Usually a pen testing company will provide a long and very technical report about the client’s cybersecurity configurations.
• Now that most nonprofits are working in the cloud, there is less to test in a pen test. Vulnerability scanning and a basic assessment can usually create a more valuable list of vulnerabilities and remediation suggestions, for a more affordable price. An assessment will provide a more comprehensive and holistic report on the cybersecurity practices at your nonprofit.
• If you have been told you “need” to have a pen test, make sure you understand why and the ROI return on investment the pen test is expected to provide.
• Pen testing has definite value, but that value is very specific to certain types of organizations; with on-site servers, and with certain technical needs and risks.
• The most likely source of compromise and fraud at most small- to mid-sized nonprofits is going to be malicious phishing email leading to wire fraud or compromised credentials. If you have a limited budget to put toward cybersecurity practices, it makes sense to invest in staff training to decrease the risks of clicking on a bad link, and “basic” cybersecurity to protect account credentials and user ID.
• In general, Community IT would recommend starting a cybersecurity improvement journey with a basic assessment, adding vulnerability scanning, and only after addressing any vulnerabilities discovered at that level, determining whether a pen test is a valuable tool to learn more about your system security and resilience.

Community IT hopes that we can provide trusted advice and guidelines for nonprofit safety and security. Your cybersecurity risks and needs will be individual to your nonprofit. If you have questions on pen testing, vulnerability scanning, and basic assessments, reach out and schedule a conversation or assessment with Matt.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.