Wednesday, September 14, 2011

The Hackers Are Coming: What Steps to Take NOW To Ensure Cybersecurity of Your Non-Profit

This is an area I've been thinking about a lot lately.  Organizations and individuals at all levels are vunerable to hacking.  There is a major initiative in this country to counter "cyber terrorism" and cyber security is the hottest topic in board rooms and war rooms.  What is scarey is that many nonprofit organizations have limited ability and resources to combat security breaches.  And as more nonprofits move to online donations, online membership registrations and sales, personal information becomes more accessible to those who would exploit it.  Joseph Steinberg points out that nonprofits must be concerned with cybersecurity and should take up this issue as soon as possible.  Bunnie

The Hackers Are Coming: What Steps to Take NOW To Ensure Cybersecurity of Your Non-Profit
By Joseph Steinberg, CISSP, ISSAP, ISSMP, CSSLP

Non-profits, like most modern organizations, handle significant amounts of sensitive information – which often residesin electronic form on Internet-connected computers and networks. Donor details, information about programs run and people receiving aid, employee and payroll records, and many other forms of data are all of significant value to criminals. 

Hackers know that non-profits often don’t have the resources to invest in expensive security systems, and that computer systems in use may be several years old and designed before non-profits were being targeted with digital attacks. Cyber-thieves understand, therefore, that such systems often contain vulnerabilities and lack cyber-defenses, making them easier to hack than many systems in the commercial sector.

The consequences of compromised security may not be small. Bad press, the breach of confidentiality and embarrassment emanating from the leakage of data about people being helped by the non-profit, fines from credit card companies for failure to confirm to security requirements, or donors suffering the anguish of identity theft and blaming anorganization’s negligencecan be catastrophic.

Some cases have made the media. When the Columbia Triathlon Association website was hacked, for example, cybercriminals successfully pilfered information about over 8,000 members – including a password database in encrypted form.

So what can a non-profit do to ensure that it remains cyber-secure? While a single article is not sufficient to cover all the aspects of cybersecurity in a non-profit setting, here are several high-level pointers…
First and foremost, commit to actively ensuring cybersecurity. The cost – in terms of time, money, and aggravation – will likely be far less if a proactive approach is taken.

Create proper policies governing who has access to which resources, and implement rules and technology to enforce these policies. Access to systems and information should always be on a “need to know” basis. Systems should be used for only their intended purposes and not for others, such as reading email or accessing Facebook. Ensure that every user has her own credentials and that all systems require a login with a password that is not easily guessable or found in the dictionary.

If wireless (or wired) Internet is provided for guests within a facility, implement it on its own separate network – isolated from any non-profit systems and networks.Visitors have no need to access any internal systems. 

Don’t let them.

Branch office managers should ensure that they conform to all security policies of the parent organization and should also implement security to ensure that a breach at another branch, or at the main office, does not prorogate to their location.

Ensure compliance with all credit card security rules, and, unless truly necessary, do not store credit card data after processing transactions.Never store credit card security codes or debit card PIN numbers.

Store all sensitive data – including donor information, employee data, documents related to programs being run and beneficiaries from any charity, etc. – in encrypted formats. When in doubt, encrypt.

Select and implement security technology to meet functional and security requirements– and ensure that all technology is kept up to date. Keep in mindthat all major recent cybersecurity breaches have occurred to organizations running firewalls, anti-virus software, and other security products, and so…

Perhaps most importantly, leverage the services of a skilled cybersecurity professional to properly design your cybersecurity plan.Remember, cybercriminals have technical expertise. Shouldn’t you have it to defend your organization?

Joseph Steinberg (CISSP, ISSAP, ISSMP, CSSLP) is a respected cybersecurity expert and the C.E.O. of Green Armor Solutions, a leading provider of information security software. An industry veteran with 20 years of experience, Joseph is often sought after by organizations ranging from global corporations to small businesses to assist them with their digital security needs. He is the inventor of several cybersecurity technologies, the author of a book and many articles on cybersecurity-related matters, and a frequent lecturer on topics related to cybersecurity, technology, and business. For more information, or to contact him, please visit

Monday, August 22, 2011

Here’s an Easy Charity Auction Tip: Use Surveys

Sherry Truhlar is the Diva of charity auctions.  Not only does she know what's she'd doing, she absolutely knows what you should be doing.  Knowing your constituents or customers (as I would call them) is vitally important to your fundraising efforts.  People have very different motives for supporting your organization.  Maybe they are absolutely emotionally involved in your work or perhaps they attend your events to social and have a good time. Knowing this and also knowing how well you performed can only help you build a "product" (your next fundraiser, next programming effort, next auction) that will appeal to your current donors and to future potential donors.  Thanks Sherry for the advice!  Bunnie

Here’s an Easy Charity Auction Tip: Use Surveys
by Sherry Truhlar, Red Apple Auctions

When it comes to incorporating a simple auction idea into your fundraising gala, don’t forget about one of the easiest ways to get feedback from your charity auction: surveying your auction guests.  I was reminded of this recently while listening to the radio.

On a recent morning show, the DJ was asking his co-hosts and callers about their preferred superhero power.

“If you could have one superhuman power,” he’d ask, “What would it be?”

Flying and invisibility were popular, but so was the ability to read minds.

The ability to read minds would be handy at a benefit auction. You could finally learn what guests really thought about your creation. Did they notice the theme? Did they understand where the money was going? Did they mind the cash bar? From a planner’s perspective, we want to know what the guests preferred. Knowing our guests preferences helps us plan a better event.

Some guests will comment about the gala when they check-out. Others will complain to an administrator. Some folks will make an effort to find and compliment the Auction Chair before they leave. But all three of these methods are haphazard ways to track data. 

Surveys are an excellent yet underutilized charity auction tool. Here are some questions you might ask:
  • Did you attend the gala as a sponsor, as a guest, or as an individual ticket holder?
  • What city / suburb is most convenient for you to attend a fundraiser?
  • How many fundraisers do you attend in a year?
  • What night of the week are you most likely to attend a fundraiser?
  • Where did the proceeds of the gala go?
You can also ask guests to rate elements of the night. For instance, on a 5-point scale, you might ask them to rate the registration, check-out, food, dress code, location, facility, benefit auctioneer, auction items, or entertainment.

For high participation in your survey, keep it short. And send your survey promptly, preferably within three to four days of the auction. That way, the gala is still easy for them to remember. 

To create your survey, consider SurveyMonkey.  It’s a popular service because the format is straightforward and the tool is free, as long as you work within the company’s designated parameters.

If you’ve got an event coming up, I advocate that you design and write your survey now, prior to the auction.  Then the survey link will be ready to email the day after the event. Outside of reading your guests’ minds, a survey is your best method for finding out what your guests most enjoyed about your benefit auction.

About the Author
Benefit auctioneer Sherry Truhlar's entertaining stories and advice is often picked up by publications (e.g. Town & Country, The Washington Post Magazine, AUCTIONEER, The Eleusis, The Virginia Auctioneer) and television (e.g. E! Style, TLC) where she inspires and teaches volunteers how to hit new fundraising records in their auction galas.  Enjoy her FREE Auction Item Guide(listing the 100 best-selling items to sell in your benefit auction) at .

Monday, August 1, 2011

IRS Announces First Round of Revocations for Nonprofits that Failed to File Form 990

The IRS is conducting the biggest crack-down on nonprofits in my memory.  I believe part of this is an attempt to make up sluggish revenues due to our recession.  The implication for nonprofits is great and the burden falls greater on small nonprofits.  Think garden club or the local Kiwanis Club.  Those with revenues below $25,000 per year are now required to file a 990 (pick the form).

According to Nonprofit Times, "In 2008, nonprofits known as “nonprofit institutions serving households,” a broad subset of the sector, generated 5.2 percent of U.S. GDP, representing $751.2 billion worth of output. Nonprofits’ share of GDP grew 0.4 percentage points from 1998 to 2008."

As a friend pointed out the other day, nonprofits are domestic because most work to benefit their local communities.  That means nonprofits typically are not shipping jobs off shore, but instead keeping them local, very local.

I get it...we need revenue, but cracking down on the small nonprofits may not be exactly the most efficient way to get there.  Thanks to the folks at Venable for another great article on trends in the nonprofit sector.  Bunnie
Audra J. Heagney
Kristalyn J. Loson
IRS Announces First Round of Revocations for Nonprofits that Failed to File Form 990 
by Audra J. Heagney and Kristalyn J. Loson 
On June 10, 2011, the Internal Revenue Service ("IRS") released the complete list of approximately 275,000 nonprofit organizations that have lost their tax-exempt status for failure to file Form 990, Form 990-N, Form 990-EZ, or Form 990-PF for three consecutive years. The list of revoked entities is available on the IRS website.

The list includes the organization’s name, Employer Identification Number, last known address, and effective date of revocation of exempt status; it will be updated monthly. In its announcement, the IRS indicated that it believes most of these organizations are likely defunct, however, it has issued guidance regarding the steps such organizations must take to apply for reinstatement of their tax-exempt status.

This is the first group of revocations resulting from the passage and implementation of the Federal Pension Protection Act (the "Act"), passed by Congress in 2006. The Act mandated annual filing requirements for virtually all tax-exempt organizations, including tax-exempt organizations with gross receipts of $25,000 or less that were not previously required to file an annual return with the IRS. The Act also provided for the automatic revocation of any tax-exempt organization that does not file the required returns or notices for three consecutive years, and requires the IRS to publish and maintain a list of all such organizations that are so revoked.

In conjunction with its recent publication of the names of the first wave of organizations with revoked tax-exempt status, the IRS also issued guidance regarding the impact that the revocations have on charitable contributions to revoked organizations, and the manner in which organizations may seek reinstatement of tax-exempt status, including retroactive reinstatement. The IRS also announced transition relief for certain small tax-exempt organizations.

In connection with the announcement and publication of revocations of exempt status, the IRS issued the following guidance:

Revenue Procedure 2011-33 (Contributions to Revoked Organizations) states that where an organization listed in Publication 78 ceases to qualify as an organization to which contributions are deductible under Section 170 of the Internal Revenue Code (the “Code”), as a result of loss of exempt status due to failure to file annual reports for three consecutive years, grants and contributions made to the organization by persons unaware of the change in the status of the organization generally will be considered allowable if made on or before the date of publication of the list of revoked organizations. The IRS may disallow a deduction for any contribution made after revocation of exempt status but prior to the published notice of the revocation where the grantor had knowledge of the revocation prior to publication, was aware that revocation was imminent, or was, in part, responsible for the revocation. Publication on the list of organizations whose tax-exempt status has been revoked is intended to serve as a notice to donors and others that they may no longer rely on a prior listing in Publication 78.

Revenue Procedure 2011-36 (Reduced Fee for Reinstatement) reduces to $100 the user fee charged for the reinstatement of exempt status of small exempt organizations that normally have annual gross receipts of not more than $50,000 whose exemption was automatically revoked pursuant to Code Section 6033(j).

Notice 2011-43 (Transitional Relief) provides transitional relief for small organizations that had their exempt status revoked because they failed to file a required annual electronic notice for the last three consecutive years. An organization with annual gross receipts of less than $50,000 that qualifies for transitional relief pursuant to the criteria set forth in this Notice, and applies for reinstatement of exempt status by December 31, 2012, will be treated as having established reasonable cause for failure to file annual returns and exempt status will be reinstated retroactive to the date it was revoked.

Notice 2011-44 (Process for Reinstatement) sets forth the steps that an organization must take to apply for reinstatement of exempt status and request retroactive reinstatement after an organization's tax-exempt status was automatically revoked under Code Section 6033(j). An organization must use the same form filed by other applications for recognition of tax exemption to seek reinstatement, and must pay the applicable user fee. If an organization is seeking retroactive reinstatement, it must submit information demonstrating reasonable cause for failure to file an annual report, among other supporting materials.

The Treasury Department and the IRS intend to issue regulations under Section 6033(j) of the Internal Revenue Code, implementing rules regarding the application for reinstatement of tax-exempt status and the request for retroactive reinstatement. Comments are currently being solicited on the materials and issues addressed in Notice 2011-44. Comments are due August 19, 2011. 
You can contact the folks at Venable, LLP at

Tuesday, July 26, 2011

Charities Would be Wise to Adopt Professional Management and Oversight Standards

Doug White, director of the Heyman Center for Philanthropy and Fundraising at the New York University School of Continuing and Professional Studies, provides excellent advice for management of nonprofits.  

Sometimes it does amaze me how nonprofits operate without any business sense whatsoever.  As a business owner myself, I understand the concept of responsible money management.  However, I frequently see nonprofits that spend beyond their means, or offer compensation far beyond the capacity of the organization, or have boards of directors that haven't the first clue as to their roles and responsibilities.

The link in the title above leads you to Mr. White's book.  Might be a good idea to pick one up and pass it around your board.  Bunnie

Charities Would be Wise to Adopt Professional Management and Oversight Standards
by Doug White

Although the nonprofit world has grown tremendously over the past decade – nonprofit expenses fast outpacing GDP, for example – the management approach at charities has, in large part, stayed informal.  In the past, charities were largely comprised of a few people who shared similar heartstrings and, if nothing scandalous happened, the public pretty much thought they were doing good by society.  Although that’s true today for many charities, scrutiny by the public and by regulators has increased dramatically, and charities – large and small – would be wise to adopt professional management and oversight standards.

Unfortunately, those standards don’t exist.  At best, we’re relegated to wobbly conversations about best practices; the worst among us just don’t care, and think their philanthropy is an extension of their business ventures or their personal egos. Does the name Madonna (Raising Malawi), Greg Mortenson (Central Asia Institute), or Lance Armstrong (Lance Armstrong Foundation) ring a bell?  All have run charities where either they or their charities have run into trouble – within the last few months.  And there have been others.

Not all charities need the highest, most sophisticated levels of governance; not all charities need federal and state charitable tax experts– attorneys and accountants – to serve as either advisors or board members; not all charities need the most accomplished executive directors.  But all charities – as they all have in common that they were formed to serve the public good in a way that neither business can nor government will – must do their best to run themselves in a businesslike manner.  At least to a point – and, as important, run themselves as stewards of the public trust.

Admittedly, there is a limit to the idea that a charity is a business.  There is no question that charities need to balance their books and operate in a professional atmosphere – indeed, almost all charities are incorporated as businesses – but while business principles provide the basis for the basics, they alone do not serve a charity well in fully pursuing its mission.  For that, a nonprofit needs vision and an understanding that the enterprise is not at all private: it is public in the most literal sense of the word.  When an organization is granted tax exemption – when its donors are entitled to a tax deduction and its own profits are untaxed – it takes money from the public; it diverts money from the Treasury.   For that reason – a reason quite separate from the growing swell of public scrutiny – charity leaders, both staff and trustees, need to be fully aware of financial, governance and ethical pitfalls.

That awareness does not come about by accident or even goodwill.  It grows from a sincere commitment to serve society in an intelligent way.  And that means tomorrow’s leaders (and as many leaders of today who are open-minded about staying up on things) must take seriously opportunities for learning.   Tomorrow, take note, may be here sooner than we think: A recent study by the Meyer Foundation, “Daring to Lead,” reports that fully two-thirds of all nonprofit executive directors are planning to leave their jobs within the next five years.  Talk abut turnover.  The replacements will need solid training to prepare them to deal with issues that, quite frankly, most of them probably don’t think they should have to anticipate.  But today’s daily headlines should be a forewarning to them, as well as a warning to executive directors and board members who are on the job today.

Like anything else, running a nonprofit is a skill no one is born with.  Just as future professionals enroll in universities that offer business, law, and medical programs – as well as many other types of graduate learning – today’s nonprofit leaders would be wise to understand that their organizations will have the best opportunity to thrive if they are run by people who know what they are doing – by design, not by chance. 

Doug White is the academic director of the Heyman Center for Philanthropy and Fundraising at the New York University School of Continuing and Professional Studies. His most recently published book is "The Nonprofit Challenge" (Palgrave Macmillan).

Wednesday, June 29, 2011

To Win Grants Stay the Course!

There's so much competition out there for grant dollars.  You have to be on your mark at all times.  Betsy Baker, once again, gives great advice when it comes to competing for funders.  The devil is in the details and frankly the presentation.  To use the "active" voice is very important, you must appear confident and show the funder that you will succeed, that funding your organization will not be a waste of their money or their time.  Bunnie

by Betsy Baker, Your Grant Authority

Why exactly did I pick the month of June to resume my daily running routine?  Because after more months than I care to share with you without this routine, my body and my lifestyle were paying for the absence.  I could kick myself in the behind for going this long without it and it only makes it just that much harder to get back into the swing of things. 

Could it be that you’ve become lazy like I have when it comes to completing a grant application to the best of your ability?  You let a few details slide at first and then before you know it your application has landed in the rejection pile.  Yes, it’s easy to become a bit more laid back in the summertime but its important not to let your work be a reflection of that.

Remember, you are always in competition for grant dollars.  Here are just a few reminders of details that don’t need to be overlooked:

Pick the Right Grant Funder to Apply for Funding.  Don’t let your research skills slide.  Pay attention to the grant funder’s mission and note what it is they want to fund.  And don’t try to tailor your project to fit their mission just for the sake of their money – stay true to your own mission.  Keep digging and find the right fit looking for a matching mission, the correct geographic location (do they fund where your organization is located?) and an interest in the particular population you’re trying to serve.

Pay Attention to Your Statistics.  A compelling grant application is based on both personal examples and factual statistics.  If it has been a while since you gathered new data for the folks your organization serves it may be time to consider doing so.  Should you complete another needs assessment, organize another focus group or check for updates to other factual data that affects your client population such as, for example, poverty rates, deaths by incident, crime rates, etc.?  According to your nonprofit’s mission, social indicators can bear heavily in a grant funder’s decision to award you.

Make Your Application Visually Pleasing to the Reader.  Whether you like to admit it or not, we are all drawn to something that is visually appealing.  This includes the presentation of your grant application.  Even the application that is filled with compelling stories and facts loses something in translation if it’s sloppy.  Present your application in the third person as this is more professional and write in an active voice.  Be sure to define all acronyms, write in simple sentences and be enthusiastic about your project.  Write “We will…” rather than “We hope to…” as this conveys confidence.  Also, break up the text of your application and highlight key points with bullets, italics, boldface and headings (and charts and graphs where appropriate) but don’t get too fancy!  Grant funders can slice right through all flash and no substance.

Show a Willingness to Collaborate and to Share Your Knowledge.  Grant funders love to see an organization willing to partner with other agencies in a grant project.  There are many nonprofits that serve the same target population and it only makes sense to collaborate to best meet their needs.  Partnerships reduce a duplication of effort and nonprofits can share resources diminishing both cost and effort.  Think about other nonprofits in your area that would be a natural fit for you to collaborate and approach them with an idea.

Also, why not spread the love?  If you have a successful project, be willing to share the “how-to’s” of it.  Feature your project on your website and by other publicity and be available to other agencies in helping them establish a successful project in their own community.  Grant funders take notice to a nonprofit’s willingness to share the how-to steps of their success in helping other communities benefit.  It’s a win-win for everyone.

So, I’m going to stick to my course with no shortcuts this summer.  I will be a lean, mean energetic machine in just a matter of a few weeks!  How about you?  Don’t take those shortcuts and you’ll see a difference too –  as you watch your funding grow by leaps and bounds.  (Hopefully, I’ll be reducing as you’re gaining, right? ;)

Want more grant writing and grant consulting tips?  Be sure to sign up for my f.r.e.e. ezine where I share all my secrets!  Connect with me here..


Friday, June 17, 2011

Strategic Planning…Yuk!

by Bunnie Riedel, Host

I’ve never met a “strategic plan” that I liked.  Mostly because I see them as a horrific waste of time.  It may make a nonprofit board feel good to sit in a room for a couple of days and dream up new and exotic ideas for what the organization should be doing, but rarely do strategic plans (done the typical way) turn into anything but dust collectors.

And don’t get me started on mission statements.  Some boards want to change their mission statements every couple of years.  Then there’s Bylaws. Some boards believe that if they aren’t re-arranging their Bylaws on a regular basis they aren’t doing anything.

But I digress.  

Back to strategic planning.  Let me give you a real life example of what can happen when the “good ideas committee” takes over.

A few years ago, some portions of the federal government decided to change out how they classify their employees.  Instead of having “grades” and “steps within the grade” to determine pay and seniority, the feds decided to go to “pay bands.”  Hundreds of millions of dollars and hundreds of thousands of hours of time were spent attempting to educate the federal workforce about the new pay bands.  

I even sat next to a woman on a plane whose full time job it was to go around the country and have meetings with Navy personnel to educate them about the new system.

So about one year into the new pay band system, portions of the federal government decided it wasn’t working and they were going to go back to the old way of grades and steps.  A colossal waste of time and taxpayer money to say the least.  Why did this happen?  Because a group of well meaning people sat in a room and engaged in strategic planning.

So if you don’t do strategic planning, what should you do?

Action planning.  Plain and simple.  Decide what it is you are going to do and then do it.  And keep the action planning within reach, make it simple and make it immediate.  Figure out what is absolutely necessary for the immediate future (no more than 12 months) and what is desired for the 24 to 36 month timeline.  Here’s some do’s and don’ts. 

·         If it ain’t broke, don’t “fix” it.

If your organization has some program that runs like a well-oiled machine, leave it alone.  Say you have an awards banquet you do every year that brings you recognition and a few dollars, stick to the formula.  The truth is people find comfort in something they know and can depend on, think the McDonald’s Big Mac, for forty years it hasn’t changed and yet people go back to it time and time again because they know exactly what they are getting.  Or how about the new Coke?  That was a huge failure and they had to introduce “Classic Coke” to re-capture their market.

·         Take what you are doing well and do it better.

Maybe this year the awards banquet could use a celebrity speaker.  It doesn’t have to be Hollywood celebrity, maybe it’s a local news anchor or well known physician.  Maybe it’s time for your quarterly publication to go online or become a downloadable app.  Maybe it’s time to grow your tradeshow from 20 vendors to 50.  Figure out where your success spots are and make incremental improvements and of course, heed the “if it ain’t broke don’t fix it" rule.

·         Analyze what’s not working and if necessary, toss it.

This is kind of like cleaning out a closet.  If you haven’t worn it for 2 years you probably need to get rid of it.  Is our membership system relevant?  Is our board too large (or too small)?  Do we really need to hold a conference?  Is our continuing education units program working?  Before you come up with a new program or new service, analyze what is working and what’s not, don’t be hamstrung with the “but we’ve always done it this way” mantra.

·         Everything requires time, money, resources.

It’s a shame that there’s only so many hours in a day, a limit on spending and boundaries on what human beings can do in a 24 hour period, but that’s the way it is.  You can’t take a 3 person staff and expect them to do the work of 20 people.  You can’t have champagne taste on a beer budget.  For every program or activity your organization is doing you must factor in time, money and resources.  Resources being staff, volunteers, technology, space, talent, intellect, mobility, property, etc.  Given our time, money, resources…what are we really capable of accomplishing in the next 12 to 36 months? 

An action plan identifies what you would like to do to meet some kind of need and then puts a definitive timeline on that action.  It identifies what is to be done, who’s going to do it, what it will take to do it (time, money, resources) and when it will be done.  An action plan calculates the likelihood of success and what the fallout might be if there is a failure.

An action plan prioritizes the actions and is realistic.  I once saw an organization with a budget of around $500,000 per year claim they would raise $10 million in 10 months.  Truth was they barely kept up with their annual budget.  I may not be able to add 5 new staff this year but maybe I can add one.  We may not be able to increase the attendance at our awards banquet by 50% but maybe we can increase it by 10%.  Be clear about what you can actually accomplish given your time, money and resources.

And then…go out and do it!