Vulnerability Scanning for Nonprofits with Johan Hammerstrom episode artwork

EPISODE · Jul 18, 2025 · 28 MIN

Vulnerability Scanning for Nonprofits with Johan Hammerstrom

from Community IT Innovators Nonprofit Technology Topics · host Community IT Innovators

Most nonprofits will be asked about vulnerability scanning when they renew cybersecurity liability insurance or complete an annual audit. Do you know what it means and what you should do to comply? The takeaways: There is no one-size-fits-all vulnerability scanning app for your entire organization. You will need to do vulnerability scanning on various systems and the scanning will be different. As part of your incident response planning you should have an inventory of your general vulnerabilities – website, any custom apps, any customized anything, and then other apps and tools. Check in with your IT team and stakeholders. If you are being asked to check off a box on your cyberliability insurance or part of your annual financial audit, talk with the auditors or your insurance broker to get more clarity.In addition to checking this necessary box, vulnerability scanning is an important layer of protection to have around your organization and your mission. Take it seriously, but realize that as a buzzy term, you may be approached by vendors overselling what you need. A trusted IT partner – whether a board member, IT director, or outsourced IT provider – can help you wade through the options and choose the one that fits your budget, risk profile, and the specifics of your IT set up.Vulnerability scanning is the process of using automated tools to scan for weaknesses in computer systems, apps, networks, and platforms. It is particularly necessary for websites, to avoid falling victim to hacks and ransom extortion. It is a proactive approach to finding these flaws and vulnerabilities before outsiders and hackers can. Doing vulnerability scanning will help your nonprofit learn where risks may hide, and allow you to take proactive steps to mitigate risks and correct errors in configuration. Vulnerability scanning providers will need access to your systems and will provide a comprehensive report on vulnerabilities found, often arranged by most immediate risks or risks most potentially damaging.Many security regulations and standards require periodic vulnerability scanning. Nonprofits are being asked to complete vulnerability scanning as part of renewing cyberliability insurance or complying with enhanced annual audits as part of SAS145 guidelines. Vulnerability scanning helps prioritize remediation efforts by highlighting the most critical vulnerabilities, and should be a continual process renewed periodically to help improve nonprofits’ security posture. Many providers will use the label “vulnerability scanning” so it is important to understand what is meant by this term and what the provider will do and report on. There is no one universal vulnerability scanner. Different systems must be scanned with their own automation. If you have questions that aren’t answered by this podcast, talk to us! On our site we have free resources on basic cybersecurity and IT governance policies. You can use our downloadable Cybersecurity Playbook or other online resources, or schedule time with our Cybersecurity Expert Matthew Eshleman to ask your questions. _______________________________Start a conversation :)Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/email Carolyn at [email protected] LinkedIn on reddit/r/nonprofitITmanagementon the Community IT websiteThanks for listening. 

Most nonprofits will be asked about vulnerability scanning when they renew cybersecurity liability insurance or complete an annual audit. Do you know what it means and what you should do to comply? The takeaways: There is no one-size-fits-all vulnerability scanning app for your entire organization. You will need to do vulnerability scanning on various systems and the scanning will be different. As part of your incident response planning you should have an inventory of your ge...

NOW PLAYING

Vulnerability Scanning for Nonprofits with Johan Hammerstrom

0:00 28:22

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Community IT Innovators Nonprofit Technology Topics?

This episode is 28 minutes long.

When was this Community IT Innovators Nonprofit Technology Topics episode published?

This episode was published on July 18, 2025.

What is this episode about?

Most nonprofits will be asked about vulnerability scanning when they renew cybersecurity liability insurance or complete an annual audit. Do you know what it means and what you should do to comply? The takeaways: There is no one-size-fits-all...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this Community IT Innovators Nonprofit Technology Topics episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!