Who actually owns data protection in a nonprofit? In this fast-paced conversation, host Julia C. Patrick sits down with Taysha Adams, Manager Technology Support at JMT Consulting, and Josh Fricovsky, Engineering Director at Cortavo, to tackle the uncomfortable truth: cybersecurity is no longer “someone else’s job.”

Taysha starts with a reality check: most vulnerabilities don’t begin in a server room. They start with everyday behavior. From checking work email on public Wi-Fi to logging in on a friend’s device, casual habits open doors to attackers. As she explains, “Everybody’s responsible for data security and protection… most vulnerabilities do come in from the end users.” JMT has spent more than a year realigning internal processes, tightening device controls, and partnering with Cortavo so their own team—and their clients—are better shielded.

Josh builds on that by showing how fast the threat landscape is evolving. Cortavo’s job as a managed service provider is to sit on the “bleeding edge”: endpoint protection, email security, MFA, VPNs, and now mobile device management for a workforce that increasingly works on the move. He notes that “the cost of inaction is going to be 10 to 100 times more than” the investment in proactive security. It’s not just about tools; it’s about culture, education, and leadership setting the tone.

The conversation then moves to the devices we use every day. Laptops, tablets, and phones are cheaper and more plentiful than ever, but every extra device is another front door. The guests stress that nonprofits need clear policies for using personal phones for work, along with mobile device management to protect company data without “controlling” the phone itself.

AI takes the discussion to another level. Both guests are enthusiastic users, but they warn that unregulated use is dangerous. Taysha urges organizations to set guardrails and favor licensed or enterprise tools so prompts, donor details, and templates aren’t quietly training public models. Josh goes further, recommending offline or private LLMs for sensitive data and pointing out that attackers are already using AI for sophisticated social engineering, including voice cloning and real-time credential theft.

Finally, the trio frames cybersecurity as a governance and financial issue, not just an IT problem. Data loss can mean lost clients, destroyed reputation, and even the end of an organization. Partnering with firms like JMT and Cortavo, building internal awareness, and treating security like an essential protection policy—not a luxury—are presented as non-negotiable steps for modern nonprofits.

This episode is a must-watch for executives, boards, and staff who touch data in any way—which is everyone.

#TheNonprofitShow #NonprofitCybersecurity #DataProtection

Find us Live daily on YouTube!

Find us Live daily on LinkedIn!

Find us Live daily on X: @Nonprofit_Show

Our national co-hosts and amazing guests discuss management, money and missions of nonprofits!
12:30 pm ET 11:30 am CT 10:30 am MT 9:30 am PT

Send us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.com
Visit us on the web:The Nonprofit Show