Membership Knowledge Hub

Hey Rebecca,

I enjoy your blog!

I tend to disagree with this. I think, in more cases than not, it's risky for non-profits to use social networking. It's difficult to manage your organization's image with social networking and the very nature of social networking causes people to "trust" too much. Most of the time it's just fine but then all the sudden your organization is linked to some criminal through a staff member or volunteer. Likewise, the less tech savvy folks will make mistakes and click on those links that they shouldn't. And again, the very nature of how fast social networking spreads, and the increased dependance on it has the potential to cause non-profits and organizations of all kinds more headache than it's worth.

But that's just one opinion. I think 2009 will be the year to see what happens with social media, social networking and the implications of more organizataions beginning to adopt it. Thanks!

I tend to agree with both you and Matt.  As a non-profit I believe that there must be some constraint in whom you give authority to in setting up some of the social media activities.  I do not agree that non-profits need to be "all over the net".  Choose wisely and access by need and training.  Being able to "click and use" is not an option for any organization involved in social media.

If I place anthrax onto an envelope and mail that to you, I knowingly infect anyone en route who touches the envelope.

Phishing scams are different. Nine times out of ten, your account would need to be hacked, and that usually occurs if it's not secure, e.g. using the same password you use on other sites or using an English word, etc.

Social networks are not to blame. Sadly, you are. And education can help.

Wow, Matt...that might have been a great argument to make five years ago, but I hope you come to see that risks are inherent in just about any enterprise. The reality is that no organization - either for-profit or non-profit - has control over its image any longer. Any membership association or fundraising nonprofit that thinks otherwise will find out painfully that irrelevance is perhaps the greatest cost of all.

There's a part of me that finds your comment insulting to the folks who work in and around non-profits. I doubt you meant it this way, but it seems to suggest that the folks inside nonprofits and their volunteers aren't smart enough to understand and keep up with social media. In my ten plus years experience working in the sector, that opinion just doesn't jive.

Chris and Ari,

Please accept my apologies. I certainly did not intend to suggest that the "folks inside non-profits and their volunteers aren't smart enough to understand and keep up with social media." That would be ignorant. All organizations have less tech savvy people and they are inherenly a risk to your techinical infrustruce, just as my young daughter is to my computer. It seems to me that using social networking increases the chances of malicious activity and therefore the chances that organizations that use social networking will be "hacked".

That being said, life is all about risk and I am trying to learn more about how non-profits are using social networking and what has been the larger experience. Non-profits and for-profits all need to explore it and it seems to me that it's really just now becoming popular. Please understand that my comments weren't aimed at people that work for non-profits...only that sometimes it's harder to enforce infrastructure around IT in a non-profit and it therefore, in my opinion may be riskier than it's worth.

Ari, please share with me your suggestions for education. I am very interested in learning as much as I can. Thanks!!!

Matt, I think maybe what you're getting at is something like what I had in mind in this bit?

...it’s likely that nonprofits, who often have a number of staff people or well-meaning volunteers logging in at different times to update a single social media account, may be especially vulnerable to phishing attempts.

It's pretty much a numbers game: If an individual's personal account at a social networking site is exposed to X amount of risk (for whatever reason), it seems to me that adding another person (or 2, or 3) to that login would automatically increase the risk by the same factor -- with no reflection on the technical sophistication of the people involved.  Yes? No? (Admittedly, math and stats were never my strong point!)

One way to minimize the risk associated with "a number of staff people or volunteers" is to limit the number of people with admin rights within the organization. The way we do it at the association I work for, only a few people have admin rights to the Facebook page and Twitter account; anyone else on staff who wants to post goes through one of these people.

Anyone can post to the wall of the Facebook page, but that has nothing to do with passwords or compromised security--it's a public space. And like Chris says--not having a page on a social networking site just to avoid the possibility of someone posting something is a moot point because they'll post it somewhere; at least if it's on your page you have the power to remove it, assuming it's something really offensive or otherwise inappropriate.

Further education: TechMiso's Scott Jarkoff posted a useful article this morning  http://techmiso.com/196/hacked-twitter-accounts-highlight-need-to-be-security-conscious/ that highlights "a few problematic user behaviors which lead directly to phishing" and can be mitigated through education. Good basic precautions are suggested; it's well worth passing around the office.

If you’ve ever received an email with a long link that breaks across several lines, so you’ve had to copy-and-paste the URL into your web browser, the benefits of a URL-shortening service will be immediately clear. Short URLs are a better fit wherever