This month was our second and final meetup at the Frick Art & Historical Center for this year. The weather remained lovely and the Frick grounds were in their spring glory!
Next month we will have our special summer meetup, Bagels & Bytes & Critters, on June 1 (8:30-10 AM) at the Animal Rescue League. We will have our usual meeting (probably joined by a puppy or kitten) followed by a tour of the facility.
Here are the notes and resources from the May meetup:
Working with Tech Vendors
Dislikes:
- Constant calls
- Condescending
- Not having real operators at the first support level
- Invites for sales appointments or demos that are automatically added to the calendar
- Signing us up (without asking) for the email or mailing list after contact
Likes:
- Adaptability – NPOs are not one size fits all
- Vendor websites with plenty of information so we can do our research beforehand (make it possible to get info without having to call or email someone).
- A real understanding of the nonprofit market
- Doing one’s homework about the organization via the web before getting in touch
- Tech support that is quick to react and has retained a history of the organization, so can be on the same page regardless of who is handling the call
Email Hacking and Spoofing
- Strong passwords are crucial
- Spoofing can look like your email was hacked, but is slightly different (read more…)
- Have internal controls so fake approval requests (for example, a request for a wire transfer of money) cannot happen easily
- Have a password policy (see below – we discussed in more detail later in the meeting)
Cyber Security Insurance
- Generally added as a rider to the regular insurance contract
- Depending on how it’s written, covers lawsuit costs if hacked, data compromised, etc.
- Also covers public relations expenses, which are typically the biggest cost of all (public perception trumps who’s actually at fault – this is reputation management)
- Every state has different regulations on coverage
- Even if your software and data are in the cloud with a third-party provider, you still might have risk and liability
- It’s easier than you think for thieves to steal your data – just watch this video from 60 Minutes about phone hacking (Thanks, Johna!)
- Remember that most photocopiers have a hard drive in them that retain file data from scans, etc. Factory reset doesn’t wipe that data – be sure that the place that recycles your copier properly wipes the drive (you can also do it yourself – either take out the hard drive (if older) or use a USB connection)
Password Policies
- What is in place and needed depends on the organization
- You can require and enforce character types, length, frequency of changes, etc.
- Sometimes 2 step verification is possible
- Ultimately, you have to train the users – the best password policy in the world can’t prevent someone from writing down the password on a post-it note and putting it under their keyboard (people are always the weakest link in tech security)
- Also must consider saved browser profiles, which may contain passwords and form data. Chrome in particular is bad for this – cleaning the passwords from the cache doesn’t erase them for other users on the same machine
- There are a number of good password managers available: myPassword, LastPass
Local Salesforce Vendors
- Jeff Honnold, independent consultant (got good reviews from several attendees) (jeff@clearmind.cc)
- World Class Industrial Networks
Request for Proposals (RFPs)
- Love/hate relationship on all levels
- Sometimes still necessary
- The response time and type from a vendor can tell you a lot about that vendor
- Nonprofits can help vendors by being flexible and willing to talk to orgs about solutions – most orgs need someone who will help improve business processes, not just replace the systems they already have in place
EMV Chips on Credit Cards (and Credit Card Processing Machines)
- Was supposed to have been mandatory by a certain date
- Liability has shifted since October 2015, so some retailers are refusing to implement. Johna sent this information, which was released in Allegheny Conference’s recent newsletter: “Businesses that accept credit cards for point-of-sale transactions need to know about new rules regarding credit cards. As of late last year, merchants who don’t upgrade their credit card terminals to accept new EMV “chip” cards may be liable for fraudulent transactions.”
Sam’s Club Grants
- Every store is required to grant $10K a month in gift cards, products, etc. to local orgs
WordCamp Pittsburgh
- The local WordPress users group is hosting their first ever WordCamp Pittsburgh – a one day event for WP users of all levels – on September 17. Visit the event website for details
Recycling
- Pennsylvania Resources Council (PRC) is hosting a number of recycling events this year, the first was on May 14 at the Pittsburgh Mills Galleria, with more to come over the summer. These events bring together recyclers of all types of materials, including technology and electronics, into one place (only event where you can recycle TVs locally too) (Thanks, Nicole!)