AI READINESS | CYBERSECURITY | NONPROFIT TECH
A practical guide for tech leaders who want to move fast without creating risk they cannot see.
By Bryan Christensen, President, CHR Creative | Most Trusted MSP in North America, 2024 Soteria Award
There is a number I share every time I talk with technology leaders, and it lands the same way every time.
80 percent of workers are using AI tools on the job. More than half of them are doing it without approval from leadership.
That is not a prediction. That is from a Cybersecurity Dive report published in November 2025. And if your first reaction is “not at my company” — that reaction is exactly the problem.
AI is no longer a future consideration. It is a present-day operational reality — and for most organizations, it is already inside your systems whether you directed it there or not.
The Policy Gap Is Not a Technology Problem
Most organizations are not behind on AI because their people are resistant. They are behind because leadership has not yet defined what responsible use actually looks like. Your team is moving. The question is whether your organization is directing that movement or hoping for the best.
At CHR Creative, we work with technology companies and mission-driven organizations mostly across the Pacific Northwest. We help them build security-first IT environments aligned to how their business actually operates. And over the last 12 months, the number one conversation we’ve been having with executives is not about endpoint protection or phishing defenses.
It is about AI. Specifically, three things keep coming up:
1. What Data Is Your Team Feeding Into These Tools?
AI tools, even consumer-grade ones, may store and, in some cases, train on the content your employees submit. That means client records, internal strategy documents, unreleased product details, and sensitive personnel data could be leaving your environment without a single firewall alert.
This is not a hypothetical risk. It is a contractual and compliance exposure that most organizations have not yet audited.
2. Does Your Vendor Actually Protect Your Data?
AI vendors are not all created equal when it comes to data governance. Enterprise agreements handle data handling, retention, and privacy very differently from free or low-cost tiers.
If your team is using the free version of an AI product, your IT leadership needs to read the terms of service carefully — because the defaults are rarely written in your favor. Key questions to ask every AI vendor:
- Does this vendor train on my data by default?
- What are my data retention and deletion rights?
- How does this tool handle regulated or sensitive information?
- What is the breach notification obligation under my agreement?
3. What Happens When Something Goes Wrong?
AI-powered phishing, deepfake audio, and social engineering attacks are accelerating. Threat actors are using the same tools your team is. The difference is that they have a governance strategy, and your organization may not.
A breach does not just cost you remediation expenses. It costs you client trust, partner relationships, and in regulated industries, it can cost you your contracts.
Technology does not protect people. Disciplined people with the right technology protect people. — Bryan Christensen
The Good News: Readiness Is Not Complicated. It Is Just Not Automatic.
Because of the partnerships CHR has built as one of North America’s most trusted managed service providers, we have access to AI review and governance technology that most organizations will never encounter on their own — enterprise-level tools of the kind that large health systems and federal contractors use to evaluate AI exposure and compliance posture.
We have built a straightforward AI readiness evaluation process that gives technology organizations a clear, honest picture of where they stand. It covers:
- Current AI tool exposure across your environment
- Policy posture and acceptable use gaps
- Vendor contract and data governance review
- Top three risk areas specific to your regulatory profile
Here Is What We Are Offering
If you are a technology company or organization in the Oregon Techworks community and you want to know where your AI readiness actually stands, here is our offer:
Step 1: Schedule a Call — A quick 20-minute Teams call to understand your business needs and confirm we are the right fit.
Step 2: Get Your Assessment — Together we review your setup, run a diagnostic, and discuss the best path forward.
Step 3: Receive a Customized Plan — You receive a tailored, easy-to-understand plan aligned to your specific regulatory environment and company profile.
No cost. No obligation. Just clarity.
It takes less time than your next all-hands meeting. And it will give your leadership team a clear, honest picture of exactly where you stand.
Ready to find out where you stand?
Call us today: 503.552.9160
Visit: chrcreative.com
About Bryan Christensen
Bryan Christensen is the founder and President of CHR Creative, a Portland, Oregon-based managed IT and cybersecurity firm with a 60 percent nonprofit and mission-driven client base. CHR is the 2024 Soteria Award winner for Most Trusted MSP in North America. Bryan is a Navy veteran with nearly 20 years of experience helping organizations build security-first IT environments aligned to their operational and compliance needs. He is the author of Mastering AI for Business Success and The Cyber Playbook.
Ready to become a member?
Reach out today to discover all the ways Techworks can help your tech company thrive.
