 My name is Luis Delgado. I'm the founder of the Critical Update, and we are an IT company in Austin, Texas. We've been here since 2003, and we work with a lot of nonprofits, churches, schools, service organizations, and then, of course, for-profit organizations. And over the years, we have found that working with nonprofits is really accelerating, it's very challenging, but being able to help them focus on their mission is really rewarding, and we love doing that. So one of the things that we tell our clients is the only reason why we exist is to help your organization keep the doors open, protect the business, the employees, the data, the customer, the client data from cyber criminals and from shutting your doors. So we wanna make sure that when that attack happens, which is coming, if you haven't gotten hit, you will, even the FBI tells you that. So we wanna put things in place proactively to help reduce the impact of that attack and make sure that the organizations, the life-giving work that these organizations do provide continues on. All right, so let's talk about what's going on. I took these slides recently, as you can see, May 3rd. We all hear about the hacking and the cyber crime being rampant. A lot of organizations are getting hit, big organizations, because it's very profitable for criminals to steal information and to hold companies ransom, so unable to use their devices because they're all encrypted and then our cybersecurity insurance, they know that somebody's gonna pay. So it's a really, it's underestimated the amount of money that is moving hands. I've heard numbers as high as a trillion dollars in cyber crime. On the lower end, you hear of a couple hundred billion dollars a year in cyber crime profits. So it's extremely lucrative. This one I actually just picked up yesterday. So just email compromise, this is not even ransomware, just business email compromise cause 43 billion in losses. So if you're a nonprofit, that's a huge impact on you. If you're a big company, you could probably take the hit, but it's still a massive reputation damage plus the investment in cybersecurity cleanup that has to be invested is gonna be significant. So we try to recommend people put things in place proactively before they end up on the news at the six o'clock news. So one of the things that we've noticed as well, even though it's on the news every day, a lot of the stuff that's happening is not reported. In fact, most of it is not reported. We were on a cruise last year, no, last year, two years ago before the pandemic, right before the pandemic. And we were on a cruise and we met this couple from Dallas and that she worked for a mortgage company and that week she got a call, their company got ransomed. They pay over a million dollars. That one did not make the news. That happens all the time, all the time. There's lots of companies paying 4.4 million dollars, 2.3 million dollars, 1.4 million, it's a massive business. If I'm a criminal and I see these numbers, you don't think I'm gonna get into that game? Of course I am. I'm gonna go to a country that is favorable to those type of businesses and I'm gonna set up shop and suddenly I'm gonna have a big building full of people that are dialing for dollars or using platforms that allow you to share the revenue from ransomware and people are making some significant numbers with ransomware. People are making money with email compromise. People are making money with just regular scams, just with a phone and a computer from Nigeria because data is worth a lot, right? So if your credit card gets compromised, somebody can sell that on dark web for up to $30. If somebody steals your medical record, that could go for $1,000. We all hear, we heard from the Blue Cross Blue Shield hack that happened, I think it was 2016. That same year, Humana got hacked as well. There were over 160,000 records compromised, I believe. Oh, yeah, I think it was a number. There was a massive number of records. And Luis, what are they doing with those medical records? Oh, man, insurance fraud, identity theft, you can do all kinds of stuff. All kinds of stuff, it's amazing. So I worked with an optometrist, I talked to him yesterday, he's coming aboard because he's concerned about, he's got thousands of records, right? So he's concerned about the security. So we're gonna increase his security because from one side, if his patient data gets compromised, the criminals are gonna make a bunch of money on the dark web, that's one. But that triggers a HIPAA audit. So if there's negligence on his behalf, that's $150 per record fine. So you got a thousand records and that's on the nice picture. He could lose his license, he could be thrown in jail, it could get really ugly. And that same threat is available to nonprofits that deal with medical records. There's a lot of nonprofits with medical information that would be HIPAA protected. You'll wanna make sure that you're covering your basis. And I don't like fear mongering, but we have to be realistic. This is happening, it's not gonna stop, it's gonna keep growing because people are making millions and millions of dollars. So if I see that my neighbor's just got a nice new car and a nice new house in Nigeria, guess what? I'm gonna go figure out how he's doing it. Next thing now, I got my organization. Next thing, other neighbor, now we got multiple organizations doing the same thing. It's just human nature, unfortunately. As a nonprofit or as any organization, you gotta think what can I do with all this stuff that's happening? And a lot of times what we hear, which for example in Haiti, you're gonna hear it cost too much again. I don't have the money to do all this stuff that needs to be done, which yeah, it's true. But in many cases, here in the US, for example, we've worked with some nonprofits that had no IT budget, zero. And we sit down with them and we look at their threat landscape. We show them a plan and say, here's where we are, here's where we need to go. We understand there's no budget for this right now, but here's what we can do. And then we develop a step-by-step plan to help get that budget go as the donors for this, maybe start a campaign for that. So that we can get you where you need to be because if you get hacked saying, I didn't have the money, it's not really gonna save you from the reputation damage and really the impact of that breach to your organization. So it costs too much. It's not really an excuse that you can use to get out of a breach. The other one is so complicated that happens. Again, we go back to human nature. If something is complicated, it's easier for me to just turn on the TV and go to Netflix than it is for me to figure out how to solve it or how to address it. And then if you tie it into, it costs too much because all these IT companies are so expensive to work with, you're creating a massive problem. So we tried to remind our clients and prospects and friends that there's always a resource out there that's willing to help you. And that opens up a whole new set of challenges, potential challenges, which we'll talk in a couple of slides, but there's always a resource that's available that you can use to help you. There's always somebody that has that little nugget that is gonna allow you to improve your organizational cybersecurity structure. And there's always something that you can do, even if it's just one little thing, you can always improve your security stance. If you make security part of your culture, you're thinking about it, you're conscious about it as opposed to just hiding your head in the sand and thinking that nothing's gonna ever happen. Because we know it is. If in many cases we show up, we run our scans and it's already happened, they're already there. So now you gotta boot them, you gotta block them, you gotta do whatever you gotta do. But ignorance is bliss in a lot of cases. The other thing that this is a reality is if I'm protecting my castle, I gotta figure out all the possible ways that somebody is gonna attack. That's nearly impossible to do as we've seen throughout history, right? Because the attackers only need to find one way to get in and we're done. So it's extremely challenging to really figure out all the possible venues. But if you develop a plan, then you can look at things objectively and actually develop a plan that you can implement and you can improve that security a little bit at a time and it's not overwhelming and doesn't have to be expensive. And it's something that you can, if you get breached when you get breached, you're gonna actually show, hey, we were doing these things to help prevent this from happening. So at least it shows that you did something to prevent that as opposed to being negligent and ignoring it. So the biggest and most effective tool that we found is culture. If your team knows what to do, if your team knows how to spot a weird looking email, we get those all the time and I love those. I get a call from a client going, hey, I just got an email, it's got a PDF, it's an invoice, but I don't know who this company is. I haven't opened it yet and I said, good, don't open it. Just delete it and that's that. Or if you're not sure, talk to your accounting department, see if this is a legitimate vendor, put things in place so that your staff starts thinking of protective steps that they can take, which everybody can to help prevent that attack from actually taking a hold of your organization. That's by far the most impactful and significant thing that you can do for your organization. We've seen that in nonprofits, we've seen that in for-profit businesses, of course, law firms are very... Regarding the PDF attachments, is it the PDF itself or is it any harmful links that might be inside the PDF? Both. Both. You can attach a payload to a PDF, which your antivirus will not catch. You got to use a tool, a deeper tool like Sentinel-1, for example, Threadlocker is another really good tool. Yeah, you do not want to open the PDF unless you have something like, we use Barracuda email security. So Barracuda email security, you can log into your web portal and you can safely open that PDF in their own containers. Yes. Good. So it doesn't trigger anything. But the... I always thought that the PDFs were safe, that it was there, that it was giving me harmful links inside of them. No, the links are harmful and the links will get through your spam filter. So I can send you an email with a malicious link and if it's fresh, I just created that site. I just uploaded that document. It'll get through your email filters and then you click on it and you're compromised. So you can deliver payload in multiple ways. Thank you. Yeah, the best one. Please, yes sir. Would that include then just like PDF from an own source that's coming through Gmail? It can if they didn't send it to you. So the key is being aware of, am I expecting a document? If something looks weird, like for example, here's one. One of my own texts did this a few years ago. So we were working with a jewelry store and we all got an email in the morning about a Google Drive file and it said inventory. I saw it and I thought, that's odd. That doesn't make any sense. We were just starting to work with him. And on one of my texts, he wakes up, he looks at it, he clicks on it. Oh, guess what happened to his machine? Yeah, compromised. Even though we had the tools and it was fresh enough that it got through the filters and it was able to trigger because he clicked on it. So if I'm hearing right, there's part of it's just the normal precautions. Is this somebody I know and something that I would normally get from this person. And if there's anything fishy at all then do a second scrub and part of it might also be using that Gmail. If it's, even if it's still, if it looks good, still using that Gmail function where you can look at the PDF before you actually open it and fully download it so that you can see, all right, this content looks legitimate. This is something I was expecting. It's an invoice I was expecting. Or a document that this person was gonna send me. It's not this weird inventory that has nothing to do with anything. And there's also tools that you would put on your actual machines that can stop payload from executing from a PDF. Like I was saying, Threadlocker's great. It goes into zero trust technology. Sentinel-1 is one of our favorite ones. We love that one. That one's been very good for us. And it actually, the agent, it uses artificial intelligence and human intelligence to monitor your systems, monitor what's happening in your computers. And whenever there's something strange, the AI blocks it and then a human actually follows up and looks at what's this happening. I send you a resume. You're hiring, so I'm gonna send you a resume. It's got a payload. You open that PDF and suddenly your PDF starts calling for scripts to run to pull the command prompt or it's got a PowerShell script or anything like that. You wouldn't see that. You wouldn't know it. So you gotta have tools on your system that are capable of seeing that and stopping it. Cause even if you check it in Google, hey, it looks legit. Well, save it. As soon as you open that sucker, you're done. Cause I'm running scripts and you will never know it. So having the right security tools in place. Now for those, yeah, you have to look into having a budget for it cause those tools are, they cost a little bit more, but they're worth their weight in gold. We use those tools everywhere cause they've saved our clients multiple times. So now it's one of the first things that we put in place. Thank you. That email security, yeah. And that goes to my second point here is everybody knows an IT guy. They're everywhere. And we're the best and you're the best and there's always somebody out there. But what I suggest is find an IT company that understands your mission, your organization's mission that wants to partner with your organization and help you in your mission as opposed to just a vendor. I'm not just a vendor to my clients. I truly care about their mission, about how they're serving their communities. If something happens on their network, we're there as soon as we can to fix it. Not just because they're a client, but because there's clients on their behalf that need their services. There's different IT companies for different people, right? Just there's any, there's different vendors that some are more geared towards a certain type of organization. I've been, the best way to explain it is over the years, I've been really focusing on culture. So when I hire an employee, I look for culture. The technical skillset has to be there, but culture is more important. When I'm talking to a client, I'm looking for culture because there's a particular set of clients that are really good for us because we're highly relational. And then there's those clients that see us as a vendor and they'll commoditize us and they're not a good fit for us. We don't work well together. So it's the same way for your organization. If you're the executive director, you want to find those vendors that are gonna be a good cultural fit for your organization because that will help you thrive and help you grow your organization. I don't think anybody talks about that. It's very important. And then of course your staff is gonna have some good ideas. You're gonna have volunteers that have great ideas. I'm always asking for input. I just hired two new people and I told them the same thing. If you have come up with an idea of how we can do something better, let me know. I've been doing this 16 years. We've probably tried it before, but guess what? That doesn't mean that at that time we tried it and it was the right time. Maybe now is the right time. It happened with our password manager. We've tried multiple ones and I didn't like LastPass at all. Two years ago, we hired an intern and first week we should really be using LastPass. And well, we tried it, it didn't work. Well, LastPass had evolved enough to where now it's an essential tool. We use it for everything and it's been great. I highly encourage people to use LastPass to store their passwords. Yeah, I use it also. Yep. I'm very happy with it. It's a great tool and guess what? I put it, my new employees, they have their LastPass logins. It's all there. If they go away for whatever reason, I can go in there and push that vault over to a shared folder. We still have access to all the stuff that they were getting into for our clients as opposed to I got this password stored in my notepad and I'm moving to East Texas and you'll never see it again. It's part of the process that you have to develop. So that takes us to our practical steps. You can find these steps pretty much everywhere, but these are some of the things that we always tell our clients to make sure that we focus on. To factor authentication, it's one of the easiest things to help secure your environment. Don't just put it on your email accounts. Put it on everything. Your banking, your CRM, your any web portal that you use, your QuickBooks, anything that has the ability to use two-factor authentication would just pretty much any software nowadays. Make sure that you have it turned on because that'll help put another layer of protection if somebody compromises your password, which is extremely easy to do. Document. That is one of these that we've focused on really made it a focus over the last five years and it's made a huge difference. Sean, you got a question? Yeah, going back to the two-factor. I heard a couple of years ago, and I'd just love your take on it, that if it all possible, turn off two-factor for email and make an exclusively text message because if your email is compromised, two-factor is not gonna be nearly as helpful in protecting you. So nowadays, there's multiple ways that you can turn on two-factor. You can have the Google Authenticator app, the Microsoft app, the LastPass app. You can have an app for that. That works really well. We found that it's been very effective. You can also, the text message to the phone. I like that because sometimes if you have the authenticator tool and your phone dies, well, now you're up a creek. But if you can get a text message redirected, you can still get anything. So those are the two ways that I would recommend. We use the authenticator tools and actually we use multiple authentication tools which can make life a little more complicated. But the data that we have is extremely important, right? If you get to my data, you get my clients. That's a problem. So I wanna make it hard. And even if it's a little inconvenient on my end, it's worth it because I'm showing that I'm protecting my clients. Yep. Yep. Documentation, huge thing. Unfortunately, it's extremely common to go into not just a nonprofit, but pretty much any organization. And I asked them, do you have any kind of documentation? Network diagram, passwords, any list of vendors that you're using for your web hosting. And a lot of times it's a scattered pile of posted notes. That's if you're lucky. Most of the time you got nothing. This is the client that I talked to yesterday. We haven't been able to get into their 365 or the Google suite yet. So somebody has a login. They're getting emails, but it's not documented. So that's a problem. So we wanna make sure that everything is documented. That also leads into another really important thing. And we run into this all the time. You have some very nice, well-meaning IT people out there that volunteer for nonprofits, but they end up holding all the information hostage. And that has been a huge problem with many clients that we've seen. It's illegal. So make sure that nobody can hold your data hostage. Your passwords to your servers, to your software, to your platforms. If somebody's keeping those from you, there's things that you can do and you may wanna get legal advice because that is not legal for somebody to do that. So make sure that you document everything. Make sure that you have it in a central repository. Make sure that it's backed up and make sure it's protected because you don't want everybody able to access the data. Of course, it's like leaving the cards to your Lexus so that you're 16 year old can get it. You don't wanna do that. It's not good. So policies, this make sure that you have someone in your team and your staff that is detail oriented. That's not me. I'm terrible with details. I can come up with the policies and figure out what we need but when it comes to actually developing them and everything, Jay, he's my right hand guy. He's fantastic. That has made a huge impact on how we have developed and implemented our procedures and policies. Smaller nonprofits usually have one or two people. It's a lot harder to do but when you're small, it's easier to implement those policies than when you're bigger because if you make your policies part of your culture and your growth, then you minimize the pain of implementing those policies once everybody has bad habits and are used to running free and rampant. So start early and actually get some buy-in from your staff. You can train them. A lot of your staff is very knowledgeable about cybersecurity. They may not realize it but a lot of times people are actually very conscious of cybersecurity. Definitely involve them in the process. There's a lot of knowledge out there and of course, when you have two, three, four heads together, the knowledge base increases exponentially. Security tools, obviously, you want to have good security tools. If you buy a computer with Windows on it, you got Windows Defender. It's not a bad tool. It's got a lot better in the last few years. There's things that you can do to improve the security posture of your equipment like the advanced Sentinel-1, the thread lockers, tools that are able to protect your system in different ways, deeper, more complex ways from some of the threads that you're going to be accessing. And of course, be conscious of who you deploy these tools with, right? Because the executive director has access to data that an intern is probably not going to have access to. So make sure that you also keep that check and balance because a lot of times, depending on who your IT person is, you can get carried away and end up putting expensive tools on systems that don't really have access to important data or that you can isolate from important data in different ways without necessarily paying for expensive equipment or expensive licensing. Review Outdoor Solutions, TechSoup is a great resource. TechSoup has a lot of tools that you can use that have great pricing. Definitely, it's a good option. And backups, I always remind people, you have to, not just because you have a backup doesn't mean that you have a backup. And what that means is, if you have a backup, make sure that somebody is checking that backup. We had an attorney that we started working with. This was about seven years ago and she was very proud of her backups. Oh yeah, I got backups. Every day I get my email that says the backup completed. And I sat down the first visit and I clicked on the email and I opened it up. I said backup completed, zero files. So her backups were running. She had good backups of no data. So please check your backups because the last thing you want is having that phone call to your IT guy saying my server crashed or my computer crashed. And I don't know if I have good backups. That happens all the time. Data recovery is very expensive. You don't want to do it. A backup is extremely affordable and simple. So make sure that you have your backups. And actually you know where your data is. The important data you need to backup is it on the cloud? Is it on somebody's computer? Is it on somebody's USB drive? Where is it? So you can secure it. And then once you centralize it, then you can back it up and effectively have a way to check it. And then one of the other most important things is having somebody designated as the cybersecurity team lead or the cybersecurity responsible person, somebody in your team that can answer to your other team or to outside auditors or vendors, somebody that could actually have the resources and also the buy-in from leadership to be able to implement that plan and secure the environment, make it hardened. Cool, so now we get to the cool parts. The stories from the trenches. That's one of the things that I mentioned in the earlier slide was volunteers. A lot of times you get some really cool volunteers that they're very excited to help you and they're wonderful, they have great ideas and they implement these tools and then they go away. And nobody knows how to log in. Nobody knows what kind of data is in that tool. Nobody has a clue. And now that volunteer somehow got disenfranchised because somebody made him mad and now they're not answering your phone calls. So how do you prevent that from happening? Having good policies in place originally from the get-go, if somebody has a great idea, great. Have somebody from your staff make sure that volunteers document that information, sharing it with you because it's your information and making sure that you have that secured because that volunteer's gonna step away. It always happens. It always happens. So make sure that where your data is, who moved it in there, who has access to it so that you can control it and manage it. The other one that we run into a lot is of course budgets. We, I'm notorious, my wife gets on me all the time about this because I have a perceived value of things. So if we're planning a party for my 15 year old next year, I have an idea of how much it should cost to do this or that, this. Well, to me, a photographer shouldn't cost more than $500. That's unrealistic because the time that they spend on Photoshop just making us look better and lose a couple pounds is more than five hours when you're talking about a three hour event. So I don't have a realistic idea of what the budget for a photographer should be. And we see that a lot with IT, with cyber security. We have a lot of people that we talk to that think that spending $40 a month per computer is too much. Well, compared to what? If you're not spending anything now and you think you're secure, then yeah, spending $40 a month could seem like a lot. But when you start thinking, for that, you're getting monitored, you're getting patch management, you're getting three different cyber security tools that I'm administered by a team of professionals. You're getting reporting, you're getting inventory. You get all these other things that you normally don't see. Now that seems like a little more realistic because now you have a different value and you understand what you're paying for. Keep an open mind. Like I said, if you're working with a good IT company that fits the culture of your business, this can help you design a realistic budget and also find ways to fund the cyber security needs of your organization without going crazy. And also the other thing that we have to be very conscious is when you're paying for your budgets, you also have to look at your workflows because you can get some of the most sophisticated zero trust tools out there, but if they're gonna prevent your staff from doing their jobs, they're not gonna use it. So you're back to square one. Now you spent all that money, you rolled it out and now nobody wants it. That's a problem. So make sure that. Do you get special pricing from the manufacturers? Some of them do. Some organizations offer different discounts. Some are 30%, some are 50%, some are zero. It just depends on the organization and the tool. Usually when you catch them towards the end of their quarter, they're a little more easy to negotiate with. But again, if you work with vendors that are a good fit for your culture, for the culture of your organization, you're gonna find that they're gonna be looking at for tools that are a good value to the nonprofit. With that, Reggie, since you're here, let's see who else we got here. I'm curious as to what are your biggest concerns because I always love hearing what organizations are worried about out there. And Pete has a question in the chat for you. I'll go ahead and read it to you. What site or service would you recommend for keeping online backups? Not a lot of data. There's a lot of really good options out there. When you say not a lot of data, my first question would be, are we talking about just backing up files or are we talking about backing up a whole computer? Because if, for example, we have a nonprofit with two people on it, the executive director stores a lot of data on their computer, and they also use Google Drive. In that case, I would ask the director, if your computer doesn't boot, then let's say we can get you a spare computer and all your data's in Google Drive. We can back up your Google Drive. That only costs like $3.50 a month per user. But it'll back up your Google Drive, it'll back up your email, your calendar, your contacts, all your Google's workspace information. That seems to me like a better idea than using something like Crash Plan or the one of the other Crash Plan. There's SolarWinds has a solution that actually there's a ton of them out there, Acronis, but I would ask, my main question would be, are you looking to back up a whole system? Because if you do, then you wanna make sure that you look for a backup solution that can back up your system state in case your hard drive dies so you can recover. As opposed to, are you just trying to back up your data? In that case, you can use pretty much any backup tool out there. There's tons of them. But the key is you'll make sure that you check those backups so that you don't end up with a nice email that says that it completed, but it's got zero data on it. Does that help, Pete? When you say check your backup, you mean just verify that it was actually backed up or do you do restoration whatsoever? The best practice is to actually have a restore test every quarter. We don't necessarily do that every quarter. I check my backups for my clients every day, and then we do restores. Yeah, about every six to eight months we'll do a restore just to see if everything comes back up. But we're using a tool that we've tested. We've actually had server failures and we've restored from scratch using this tool. So I know it just, it works. Yeah. Now that's the worst case scenario, but we have done that. Yeah, it would just be 50 gigs of data, not the whole restore CDN. And which of those tools besides Google Drive would you recommend? Do you have the data in Google Drive? No, but if I'm not too fond of Google, where else would I go that presumably a little bit safer? You can use, Acronis has an option, I use SolarWinds, but that's more for like on the reseller market. 50 gigs of data would probably run you. So 50 gigs of data, you could back up 50 gigs of data for roughly $12 a month with the tool that we use. Yeah, it's more like what place is secure and trustworthy like the price. It's a factor, but it's not the main factors. I can, or price, what I can't do is like, hey, these guys are pretty good. Hey, these guys got back. Hey, there's like owned by a country that... Yeah, the Chinese, yes. So yeah, so the one that I use is, it used to be SolarWinds, they just changed their name again, but that's the one that I use for all my clients. It's worked really well, it's been secure. Even when SolarWinds had a problem with the breach, that data was not touched. And even if it were touched, it's encrypted. So even if somebody gets a hold of that data, it's all encrypted, they can't see what it is. So of course, that's the one that I use, that's the one that I would recommend. Now, the one that some other people have mentioned that they like, Carbonite is a big one that a lot of people use. It's easy to use, it's easy to install. I think it's only like 35 bucks a year. But again, the main thing is make sure that when you install it, you select the folders that you wanna back up, make sure that you keep an eye on those reports to ensure that your data is being backed up. That's the main thing. Acronis is another one that works well. We were an Acronis partner for a while, but I've been using SolarWinds for several years, and again, that's worked really well for us. Thanks. All right, so we have an information guide. It's a little brief guide that is available if you email info at thecriticalupdate.com. Just let me know that you want that guide. It's a couple of years old, but it's got key points that we always recommend. Cybersecurity steps are always, they don't change that much. It's usually the same steps. So we're happy to make that available to you, and we also offer a consultation. So if you wanna have a 30-minute consultation, I'm happy to do that. We're happy to be a resource, and we're looking for your referrals, of course. That's how we stay in business. And that's all I got for you today with two minutes to spare. Thank you very much. Thank you very much. Thank you. Sean. Yes, indeed. Thank you, Luis. Great presentation. I learned a lot. I got notes here and a lot of fresh stuff for me. Yeah, I really appreciate you making the time to build this presentation for us and share it with everybody. And I'm looking forward to the recording so I can share it out with folks who weren't able to be here with us today. Sounds good. I enjoyed it and I appreciate you. Thank you. Chris, what can you tell me about TechSoup? It's a real time to mention that TechSoup has great discounts and stuff. I never looked it up. I just got invited one day to the presentation by a friend and I joined and I never bothered to check out. What exactly you guys do? Oh, there aren't any, I think, official TechSoup representatives on the call, but I can tell you that for software discounts for nonprofits, it is the go-to place. If you have a 501c3, or like we talked about earlier, if you have a fiscal sponsorship arrangement, you can use it as well. And so you can get things like, what are the common ones? Like you can get QuickBooks for $100 a year and you can get Microsoft Office for $10 a year and things like that. So it just makes the good software incredibly cheap and all the software providers that want to have nonprofit discounts, give it to TechSoup so TechSoup can administer it, administer it for them. You can get Adobe Creative Suite for, I know it's maybe 50 bucks a year, something like that. So it's incredibly big savings. Yeah, I think it was 34 last time that one of our companies... Are they a membership-based company or... It's a nonprofit. You don't have to pay to join. You do have to be a 501c3. It's free to be a member, but they do require registration because they want to check that you have a legitimate 501c3. But once all that verification's done, then yeah, you just log in and you pay the little fee and it's great, I've used them for years. So if I would be buying four nonprofits, I would have to register the nonprofits themselves to be able to get the pricing. Or if that nonprofit, if you're purchasing for another, if you're lending a hand to a friend and the friend has a 501c3, then they're eligible for the discount and they can use, and then you can just create an account for them if they haven't created one already. Yep. All right, Mark, any parting words for us? No, thank you to everybody for coming out.