We had a great meeting again at Grow Pittsburgh! Thank you again to Rebekah and GP staff for hosting us! (We will be back at GP for the April meeting on 4/5, then we go to the Frick Art & Historical Center in May.)
Here are the notes and resources from the meeting. Note that we concentrated very specifically this month on questions and issues raised by group members.
Data security audits for nonprofits
- Assume banking standards because of donor-related info?
- HIPAA compliance required for health care orgs
- PCI-DSS – annual certification needed if accepting credit cards – there’s a 120 page document used to verify compliance on various systems
- Trustwave – scans monthly for testing purposes
- TransArmor – a security solution from First Data
- Think about all security systems by going through PCI certification doc
- PCI-DSS – limited where info is stored, who has access, etc.
- If keep paper copies of credit card data, only liable for that – must keep locked up and have procedures in places for storage and destruction
- If using 3rd party online service, compliance is on them
- In PA, if a single record in the database is compromised, the organization is liable for $60-70 fine per person for a mandatory three years of a monitoring service
- Idea: take risk analysis to executive director for org (to prove need to take action and/or make case for changes)
- Many nonprofits are already in a crisis state and don’t need additional problems added to that
- PNC Bank does not do merchant services – they resell for First Data
- In terms of credit card processing, there are really only three processors, with everyone else being resellers: First Data, World Link and ______ (group couldn’t think of third company)
Phone systems, vendors, best practices for implementations
- If don’t want cloud-based system, what are options? (Want phones that work when Internet goes down)
- Also want to depreciate as capital expenditure
- Avaya vendor – Advent Communications (pricey for support, but don’t have to call often – very stable)
- Can use a broker to do your telecom research and pricing negotiation for you – Connectel, Opticom Consulting
- Full Service Network – phone vendor, cloud-based retailer – not good for Internet service, only phones
- Computer Reach – has put in phones, vendor in California
- Internet configuration – suggest Internet router separate from phones so heavy network traffic doesn’t knock out phone system
- Prime Communications – sell MyTel system
- Guardian – owned by Armstrong Cable
OneDrive for Business if no Office 365 or Sharepoint
- OneDrive is integrated with Windows 10
- Hotmail is also integrated into OneDrive now
- Can now simultaneous work in docs on OneDrive
- TechSoup has Office 365 for $0, but need to purchase other things for it to be fully functional
- Tech Impact provides migration services for eligible organizations via TechSoup (it’s a partnership – there’s a $10 fee for an assessment first)
If leaving your tech job, what should you document and share with the incoming person?
- Keep a list of your daily activities for one month
- Make other lists for weekly/monthly tasks
- Propose that your org hires you as an independent consultant for a month or two
- Refer to job description, then list all possible jobs the person might need to do under each heading
- Get the info out of your head and onto paper
- Think about the spinning plates act on the Ed Sullivan show – china plates spin most easily but are hard to replace, so are more important (critical tasks). Paper plates are harder to spin but easy to replace, so are less important (busy work).
- Verbal only – give them the political read on people and relationships – but watch what you say because it’s a small nonprofit world in this geographical area
B&B attendees discussing tech in the Frick’s Community Room
This month was our second and final meetup at the Frick Art & Historical Center for this year. The weather remained lovely and the Frick grounds were in their spring glory!
Next month we will have our special summer meetup, Bagels & Bytes & Critters, on June 1 (8:30-10 AM) at the Animal Rescue League. We will have our usual meeting (probably joined by a puppy or kitten) followed by a tour of the facility.
Here are the notes and resources from the May meetup:
Working with Tech Vendors
This month’s prize winners!
- Constant calls
- Not having real operators at the first support level
- Invites for sales appointments or demos that are automatically added to the calendar
- Signing us up (without asking) for the email or mailing list after contact
- Adaptability – NPOs are not one size fits all
- Vendor websites with plenty of information so we can do our research beforehand (make it possible to get info without having to call or email someone).
- A real understanding of the nonprofit market
- Doing one’s homework about the organization via the web before getting in touch
- Tech support that is quick to react and has retained a history of the organization, so can be on the same page regardless of who is handling the call
Email Hacking and Spoofing
- Strong passwords are crucial
- Spoofing can look like your email was hacked, but is slightly different (read more…)
- Have internal controls so fake approval requests (for example, a request for a wire transfer of money) cannot happen easily
- Have a password policy (see below – we discussed in more detail later in the meeting)
Cyber Security Insurance
- Generally added as a rider to the regular insurance contract
- Depending on how it’s written, covers lawsuit costs if hacked, data compromised, etc.
- Also covers public relations expenses, which are typically the biggest cost of all (public perception trumps who’s actually at fault – this is reputation management)
- Every state has different regulations on coverage
- Even if your software and data are in the cloud with a third-party provider, you still might have risk and liability
- It’s easier than you think for thieves to steal your data – just watch this video from 60 Minutes about phone hacking (Thanks, Johna!)
- Remember that most photocopiers have a hard drive in them that retain file data from scans, etc. Factory reset doesn’t wipe that data – be sure that the place that recycles your copier properly wipes the drive (you can also do it yourself – either take out the hard drive (if older) or use a USB connection)
- What is in place and needed depends on the organization
- You can require and enforce character types, length, frequency of changes, etc.
- Sometimes 2 step verification is possible
- Ultimately, you have to train the users – the best password policy in the world can’t prevent someone from writing down the password on a post-it note and putting it under their keyboard (people are always the weakest link in tech security)
- Also must consider saved browser profiles, which may contain passwords and form data. Chrome in particular is bad for this – cleaning the passwords from the cache doesn’t erase them for other users on the same machine
- There are a number of good password managers available: myPassword, LastPass
Local Salesforce Vendors
Request for Proposals (RFPs)
- Love/hate relationship on all levels
- Sometimes still necessary
- The response time and type from a vendor can tell you a lot about that vendor
- Nonprofits can help vendors by being flexible and willing to talk to orgs about solutions – most orgs need someone who will help improve business processes, not just replace the systems they already have in place
EMV Chips on Credit Cards (and Credit Card Processing Machines)
- Was supposed to have been mandatory by a certain date
- Liability has shifted since October 2015, so some retailers are refusing to implement. Johna sent this information, which was released in Allegheny Conference’s recent newsletter: “Businesses that accept credit cards for point-of-sale transactions need to know about new rules regarding credit cards. As of late last year, merchants who don’t upgrade their credit card terminals to accept new EMV “chip” cards may be liable for fraudulent transactions.”
Sam’s Club Grants
- The local WordPress users group is hosting their first ever WordCamp Pittsburgh – a one day event for WP users of all levels – on September 17. Visit the event website for details
- Pennsylvania Resources Council (PRC) is hosting a number of recycling events this year, the first was on May 14 at the Pittsburgh Mills Galleria, with more to come over the summer. These events bring together recyclers of all types of materials, including technology and electronics, into one place (only event where you can recycle TVs locally too) (Thanks, Nicole!)
Photo credit: Frick Art & Historical Center
This month, we are grateful to Linda Buker and the Frick Art & Historical Center for hosting us in the Frick’s new Community Room just off the Car & Carriage Museum!
I totally forgot to take photos at the meeting (the discussion was engaging!), so here’s an outside photo of the building taken from the museum’s corporate rentals brochure.
Here are the notes and resources from this month’s meetup. We’ll be back at the Frick on May 4 for our next meetup.
Age affecting tech usage in nonprofits
- Younger folks “get” the concepts (ex: cloud computing) more easily because they are digital natives
- There are notable social differences – not unusual to see two young people sitting four feet away from each other and chatting on their phones instead of talking
- Younger generation also:
- tends to have a faster response time
- mixes personal and work
- wants work-at-home and flexible scheduling
Time tracking and the upcoming changes to FLSA law regarding exempt/non-exempt staff
- The question: how does your organization currently track staff time (if at all)?
- Random audits / time samplings
- “Lawyer’s Timekeeper” software if need minute by minute tracking
- Sage/Schneider Downs software
- Sentric software
- RescueTime software
- ADP app – clock in through cellphone app, which is connected to GPS so you can’t fib
- Is there a trust issue at play here? Outside of the new law requirements, should we be tracking time or watching the levels of staff productivity?
- It’s important to be consistent with policies on remote working and work flexibility
Other items discussed
Note from CL: I owe a huge thank you to the group for stepping up to self-manage the meetup in my absence! Extra, extra thanks to Rebekah Jenkins and the Grow Pgh staff, not only for hosting us, but for picking up the breakfast food too. I’m so grateful and touched by the aspect of “community” that we have in our group. You all rock!
Next month we will be having our meetup at the Frick Art & Historical Center in Point Breeze on Wednesday, 4/6. I hope to see you there!
Here are the notes and resources from the meeting (thanks Nicole and Heather!):
- Discussed a BYOD problem Johna is having
- Discussed a Office 2013 issue with deleting a recurring appt that then dupes itself
Disposing of Old Equipment
- Computer Reach – recycling for anything but CRT monitors, they re-image them to Linux OS for redistributing to other orgs (small fee applies for wiping drives)
- DBAN program – for wiping drives
- YUMI – turn a flash drive into a Boot Device
- will check all partitions
- Best to have same AV software on all equipment for ease of maintenance to serve out updates
- No McAfee
- Norton (cloud based, good price through Techsoup)
- Symantec ($4/license, can clas with Spiceworks and other software)
- Avast (free AV)
- Avira (free AV)
- ClamWin (free, open source AV)
- ESET (good for Windows OS updates and AV)
Internet in the Field
- phone tether vs hotspot vs tablet with data
- Tether to cell and reimburse?
- Mobile app – enter the info offline then synchronize?
- Voice dictation in Google Docs?
- Chromebook – can split between Gmail logins but need wifi
- Add as tether ($10 on Verizon)
- Firefox, other programs will tether outside the phone
Policy re: Encryption
- Should company sponsored cell phones have encryption?
- Formatting into partitions w/encryption
Document Sharing in Real Time
- Google Drive vs secure intranet (Drive is real time, local server would have file locking occurring)
- Egnyte – cloud-based server with apps or in browser
- 2 people in the local file on a shared drive can corrupt the file
Encrypted Flash Drives
- Use an app or can buy some with encrypted options
- Some external drives are encrypted (some numeric and some biometric) of the hardware (not the software)
- Enclosure also that takes any laptop drive
Moving Email to the Cloud
- Moving email to Google or Office 365 can cut IT costs $100K to $60K.
- Include data migration if you go Exchange to cloud
- Ask if you can migrate email yourself
The sun was out and the gardens at the Frick Art & Historical Center were in full bloom for our May meeting! Thank you once again to Linda and the Frick staff for hosting our group this month!
Please join us on June 3 at Animal Rescue League for our special summer meeting “Bagels & Bytes & Critters” – we’ll be receiving a tour of ARL during the last half hour of the meeting!
This month, we had a special presentation on technology funding by Katherine Heart from Heart Resources, LLC. Katherine is a professional grantwriter. Here are the notes from the presentation:
- Katherine passed around two sample proposals.
- If looking for IT funding, try:
- Foundation Center
- Individual Allegheny County-based foundations
- Search by keyword “technology” and also look by program, like “STEM”
- Funding can generally be requested for equipment and capital projects
- Wiring, wireless, infrastructure, phones, servers, other equipment
- Funding can also be requested when writing program grants
- Mobile apps, website, any tech needed to operate or administer program
- Having an endowment is a plus on a grant application
- Endowments show sustainability and that you have some funding to cover operations
- IT is considered overhead, so do grants to request operating support, but you also consider writing technology in grants for program funding too
- Also look for cross-referenced funders who give to capital campaigns and to the types of programs your org does
- It is okay to write grants just for technology
- Try to capture funding in as many grants as possible, dividing costs among different grants and general funding
- For Software-as-a-Service (SaaS) costs, you can write those into program grants if you need the software service to run the program
- Include key IT activities into proposalwhenintegral part of project or program
- Have to justify it logically in budget: logic, goals, key activities, timeline for implementation
- Overhead sources (if not program-related technology)
- Different type of funding
- Look for unrestricted grants (but will still need to discuss how tech will be used in the grant proposal)
- Katherine handed out a nifty pre-proposal worksheet to attendees
- If you cannot answer the questions on the worksheet, you aren’t ready to write a proposal
- Once you answer the questions, you can transfer to the answers to corresponding fields on the other side of the worksheet to auto-generate a letter of inquiry (usually the first step in contacting a funder)
- To request another copy of the worksheet, send Katherine a message at http://www.heartresources.net/contact
- When writing grant proposals, also note
- What are the adverse effects on your organization if you don’t receive this funding
- What improvements or impacts will the project have in the community
- Include needed technology training in proposals too
- Include outcomes and how you plan to evaluate the end product (look at cost-benefits in the long run and what efficiencies will be gained)
- Capture the value of IT volunteer time as an in-kind resource when you can do so
This month we met at the lovely Frick Art & Historical Center, which now boasts an awesome new visitor center! Our deepest thanks to Linda and the Frick staff for hosting us! We will be back at the Frick for our next meeting on May 6.
Here are the notes from this month’s meeting:
- Upon asking attendees to reflect on their organization’s greatest present tech challenge, received these answers:
- Doing things the same way all the time – always reactionary
- Issues with proprietary content management system
- Running remote meetings with board or staff
- Social media usage – how to do it more effectively
- Budgetary issues
- No seat at the table
- No tech plan
- Need more buy in from staff, leadership and board
- Utilization of volunteers for tech (what’s appropriate to let a volunteer handle vs. a staff member or vendor)
- Managing tech volunteers
- File storage, backup and recovery
- Social media tips
- Always use a photo when posting
- Use shorter URLs (convert with Bit.ly or similar tool)
- Great for training videos on a wide variety of topics
- Microlending/microfinance orgs online
- Event registration tools
- Books on tech planning
- Managing technology using volunteers
- Always good to create a job description with specific skills and duties spelled out
- Know what’s appropriate for a volunteer vs. a staff member vs. a vendor
- Recognize when you really need to make the jump from tech volunteer to paid tech staffer
- NTEN Staffing and Investments Report 2014
- Technology culture
- Is a big challenge for many organizations
- Sometimes fresh leadership causes a positive shift in a stale tech culture
- How do you get people to realize the value of technology and that they really can’t do their jobs without adequate access to computing resources and data?
- UpPrize content
- TechNow 2015 Conference
- Leaked news of the big speakers, not yet announced to public
- Afternoon keynote will be Cody Switzer, Senior Editor at the Chronicle of Philanthropy
- Opening plenary will be Kenya Boswell, President at BNY Mellon Foundation and Matt Zieger, Executive in Residence, Innovation, Forbes Funds
Haller House at the Frick Art & Historical Center.
This month was our final meeting at the Frick Art & Historical Center this year. Thank you once again to Linda and the Frick staff for hosting us! Join us next month for Bagels & Bytes on a Boat, located on the RiverQuest boat Explorer near the Carnegie Science Center!
Here are the meeting notes for May:
For the Reading List
- What is the shelf-life of a social media channel?
- As long as the company is making money, will probably stick around.
- Look at what teens are using to see what’s up-and-coming
Zero Day Vulnerability
- Discussion about which orgs have applied the IE patch to date.
- Most are communicating instructions to staff via email.
- Also need to deal with the Windows XP security patch, which we suspect many orgs are still using, including government entities.
- Can probably keep using XP machines if stay unconnected from the Internet.
- Several people reported having good experiences with upgrading older PCs from XP to 7.
Hosted Raiser’s Edge
- Costs extra for this version, but is nice to have Blackbaud worry about data backups, security, etc.
- It is good to have a redundant Internet connection (multiple ISPs), particularly if using a lot of apps in the cloud.
Phone Service/ISP Providers
If you could tell your board anything about technology at nonprofit, what would you say?
- Even though technology isn’t splashy (doesn’t get your org’s name in the paper), it’s still important and it needs to be funded, even if it’s not causing problems.
- Need to make the investment in infrastructure.
- Tech touches every piece of what every staff member is doing – it’s critical.
- You can’t assume it’s working well just because it appears to be working.
- Tech isn’t like a utility – you can’t flip a switch and it magically works.
- Technology evolves. An org has to stay on top of it, keep evolving with it and investing in it.
- The board shouldn’t micromanage the tech function.
- The board should/could look at technology investing as part of its legacy to the org.
- Board members can be champions for technology – advocating for it.
- Techies push the wave, need to be the board thinking about tech.
- Organizations should have a technology committee.
- Have to find balance between budget oversight and over-scrutiny.
- Reporting tech-related outcomes to the board at least once per year might be beneficial.
- Sometimes tech staff sees something that could be done with existing tech, but needs backup / tech plan / support from the E.D. and board.
- Tech should be given a seat at the table, not be housed under the CFO or finance department.
- An organization can have the grandest program ideas in the world but still need tech infrastructure to make anything work.
- An org can never sit still with technology – it evolves too quickly. Orgs constantly have to be scanning and looking ahead.
- Best to chip away a little each year at tech needs and projects, rather than let them pile up and overwhelm the org and its budget.
- Never assume that your org is “done” with tech.
- IT has to be allowed to take risks in order to move the organization forward. Failures can sometimes happen and boards can be risk-averse, but risk is part and parcel of IT otherwise stagnation can result.
- An org should never do tech for its own sake. Always look at the business needs first.