Classy Collaborative 2022: How to Strengthen Your Nonprofit Tech Stack


GoFundMe, a dominant player in the field of crowdfunding, acquired Classy earlier this year.

GoFundMe’s Chief Information Security Officer, John Downey, explained that while there are real security concerns for nonprofits, the issue may be overstated in the media due to improved messages from the security industry. He cited the marketing-heavy approach to widespread security vulnerabilities like Heartbleed and noted that fixing these issues requires a methodical approach.

In terms of bad actors, “It’s kind of like people walking down the street, shaking doorknobs, checking and seeing if one of them is unlocked,” he said.

“What you need to do is look for the opportunistic attacker who is doing this to your organization. If you can do that, then you’re in a better position than a lot of people in the industry.

Patrick O’Brien, a member of Stripe’s Platforms team, highlighted the role that insider threats can play in harmful organizations, including the leaking of personally identifiable information (PII) on the Internet.

WHITE PAPER: Learn more about what mission-driven computing can do for your organization.

“Think about your hiring practices and how you can build safety into the teams you hire,” O’Brien said. “And then when people leave, how do you contain all that PII data that you have? Because often what we end up seeing is things start to leak when there’s attrition.

Technology certainly plays a role in promoting safety. But speakers insisted on being strategic with technology deployments – for example, implementing multi-factor authentication for employees. (For those working on a tight budget, Googleauthentication system was cited as an effective choice.) Madhu Bussa, Senior Solutions Architect at AWSnoted that the risk of misconfiguration within the infrastructure could compromise security.

Partnerships are also important to consider, O’Brien added, especially when working within regulations such as the Payment Card Industry Data Security Standard or the General Data Protection Regulation.

“What I would probably do if I was in the same situation is probably try to partner with users and platforms that have the same values, and make sure that from a value, safety is something that is close to their hearts,” O’Brien said. .


Comments are closed.