A Wrapup Of Our First NTEN Nonprofit Technology Conference (NTC23)

Written By Steve Sharer
RipRap Security's NTEN Conference Booth

In mid-April 2023, the RipRap Security team attended NTC23, the NTEN Nonprofit Technology Conference in Denver. We had an incredible time getting to meet people doing great things in their communities. Our team was also honored to present alongside our partner, 1% for the Planet, on their cyber security journey. 

We learned so much and wanted to take some time to memorialize some highlights from the conference.

An Incredible Group of People

First off - the NTEN conference organizers did an incredible job. Our team worked closely with them during the months preceding the conference to prepare for our presentation, to nail down details for our exhibitor booth, and generally get a feel for what to expect. Each time we interacted with an NTEN staff member, they were incredibly helpful and brought a palpable energy to the conversation. Unsurprisingly, the conference itself was super well run thanks to the staff. The level of professionalism, transparency, and overall good vibes made it the best (and most comfortable) conference we’ve ever been to.

Next - the attendees. What an incredible bunch of individuals. We got such great feedback from participants after our presentation on the first day and many folks dropped by on the second and third day to say hello. We didn’t know very many people going into the conference but were beyond excited that we were warmly invited to grab a bite with folks during breakfast and lunch.

We met so many people that dropped by our booth and during our travels around the conference. Our team made a ton of connections with other exhibitors in an effort to deliver better and more secure outcomes for our nonprofit partners. Getting to know nonprofit attendees also gave us some fresh insights, which we’ll dig into below.

Cyber Security & Nonprofits

Our team was fortunate enough to get to share some of our lessons learned with attendees at the conference. Our talk, presented with our partner 1% for the Planet, aimed to raise awareness on the unique security challenges faced by nonprofits in the digital realm. The presentation reviewed 1% for the Planet’s cyber security journey and provided attendees with accessible, actionable tips to kickstart their own security improvement efforts. By arming our attendees with best practices and offering easy-to-implement do-it-yourself solutions, RipRap Security aimed to empower these organizations to safeguard their mission-critical data and maintain the trust of their donors and the communities they serve.  

Nonprofits Have Major Hurdles That Make It Hard To Get Started With Security Initiatives

As a part of our presentation, we polled the audience to learn what their biggest hurdles were for getting started with security initiatives. The 70-ish attendees at our talk described three major hurdles:

  1. Resource management issues, including a lack of in-house expertise, funds, staffing, and time.

  2. Limitations in technology and systems, including challenges with endpoint management, lack of policies, inability to keep up with new best practices, having a fully-remote workforce, and legacy/locked-in technology stacks.

  3. Problems surrounding planning and implementation, including a lack of staff buy-in, not knowing where security gaps are, end user awareness, having to spend too much time fighting fires, and not knowing where to start.

The Presentation

During our presentation, Driving Factors For Cyber Security & What Comes Next, we dug into how 1% for the Planet’s growth, technical complexity, and brand reputation were factors for investing in cyber security. We also shared best practices aligned with the NIST Cybersecurity Framework that every organization should be employing, including:

  • Building an Inventory - a full inventory of hardware and software enables an organization to know its technology and serves as the foundation for other cyber security best practices.

  • Establishing Backups For Critical Data - backups of your critical business data reduce downtime in case of disaster or cyber attack.

  • Training & Awareness - enabling staff to identify and appropriately react to potential cyber attacks greatly reduces the impact of attacks.

  • Identity & Access Management - review access to all software and data to ensure that least-privilege principles apply.

  • Vulnerability Management & Threat Monitoring - proactively patch vulnerabilities and search for threats.

  • Incident Preparation - ensure there’s a plan for when the organization experiences an incident.

Crawl, Walk, Run: Nonprofits Are Getting Started With Cyber Security

At the end of our presentation, we surveyed the ~70 attendees by asking, “Out of everything we've covered today, what's the next step you'd like to take to improve security?”. It was exciting to see that attendees were ready to put the recommendations from our presentation into action. Here’s what was top of mind for attendees as they look to improve their cyber security:

  • Enable staff via cyber security training and improve the organization’s security culture 

  • Use SSO (Single Sign-On) everywhere possible, mandate MFA (multi-factor authentication) everywhere else

  • Establish backups for critical business data

  • Draw up a foundational plan to handle cyber incidents

  • Right-size access levels across devices and applications so not everyone has admin access

People Love Swedish Fish Phish

We hosted a little game for visitors to our booth - the goal was to review three emails and determine which were and were not phishing messages. Folks seemed to love the game and we were happy to see that many people successfully identified the emails. 

Winners took home a Starbucks gift card. The people that didn’t quite get all three right walked away with some Swedish Fish. While we only got a few chuckles about the phishing pun, it turns out that people LOVE Swedish Fish. We won’t name names, but we had a few visitors who made multiple trips to grab another handful.

Wrapping Up

The RipRap Security team had an incredible experience at NTC23 and we’re looking forward to NTC 24 in Portland, Oregon. We’re already looking forward to hosting another phishing-related game and will make sure to bring a double helping of Swedish Fish next year. Alongside the Swedish Fish, we’ll also be sure to bring some hot cyber security tips. See you there!

Steve Sharer
Previous

Small Org Cyber Security Insights: 2023 IBM X-Force Threat Intelligence Report
Next

Happy Earth Day 2023!