We had a great meeting again at Grow Pittsburgh! Thank you again to Rebekah and GP staff for hosting us! (We will be back at GP for the April meeting on 4/5, then we go to the Frick Art & Historical Center in May.)
Here are the notes and resources from the meeting. Note that we concentrated very specifically this month on questions and issues raised by group members.
Data security audits for nonprofits
- Assume banking standards because of donor-related info?
- HIPAA compliance required for health care orgs
- PCI-DSS – annual certification needed if accepting credit cards – there’s a 120 page document used to verify compliance on various systems
- Trustwave – scans monthly for testing purposes
- TransArmor – a security solution from First Data
- Think about all security systems by going through PCI certification doc
- PCI-DSS – limited where info is stored, who has access, etc.
- If keep paper copies of credit card data, only liable for that – must keep locked up and have procedures in places for storage and destruction
- If using 3rd party online service, compliance is on them
- In PA, if a single record in the database is compromised, the organization is liable for $60-70 fine per person for a mandatory three years of a monitoring service
- Idea: take risk analysis to executive director for org (to prove need to take action and/or make case for changes)
- Many nonprofits are already in a crisis state and don’t need additional problems added to that
- PNC Bank does not do merchant services – they resell for First Data
- In terms of credit card processing, there are really only three processors, with everyone else being resellers: First Data, World Link and ______ (group couldn’t think of third company)
Phone systems, vendors, best practices for implementations
- If don’t want cloud-based system, what are options? (Want phones that work when Internet goes down)
- Also want to depreciate as capital expenditure
- Avaya vendor – Advent Communications (pricey for support, but don’t have to call often – very stable)
- Can use a broker to do your telecom research and pricing negotiation for you – Connectel, Opticom Consulting
- Full Service Network – phone vendor, cloud-based retailer – not good for Internet service, only phones
- Computer Reach – has put in phones, vendor in California
- Internet configuration – suggest Internet router separate from phones so heavy network traffic doesn’t knock out phone system
- Prime Communications – sell MyTel system
- Guardian – owned by Armstrong Cable
OneDrive for Business if no Office 365 or Sharepoint
- OneDrive is integrated with Windows 10
- Hotmail is also integrated into OneDrive now
- Can now simultaneous work in docs on OneDrive
- TechSoup has Office 365 for $0, but need to purchase other things for it to be fully functional
- Tech Impact provides migration services for eligible organizations via TechSoup (it’s a partnership – there’s a $10 fee for an assessment first)
If leaving your tech job, what should you document and share with the incoming person?
- Keep a list of your daily activities for one month
- Make other lists for weekly/monthly tasks
- Propose that your org hires you as an independent consultant for a month or two
- Refer to job description, then list all possible jobs the person might need to do under each heading
- Get the info out of your head and onto paper
- Think about the spinning plates act on the Ed Sullivan show – china plates spin most easily but are hard to replace, so are more important (critical tasks). Paper plates are harder to spin but easy to replace, so are less important (busy work).
- Verbal only – give them the political read on people and relationships – but watch what you say because it’s a small nonprofit world in this geographical area
Bagels & Bytes attendees posing under the large Crane in the lobby of the Children’s Museum.
Thank you to all for attending Bagels & Bytes this month at the Children’s Museum of Pittsburgh! George and Mercy were, once again, our gracious hosts.
In April and May, we are at the Frick Art & Historical Center in the East End. By that time, we should see some spring blooming and enjoy the lovely grounds there!
Here are the meeting notes for this month.
- Dianne Buirge from North Hills Community Outreach announced an open IT position: IT Specialist. Please feel free to forward the job description to anyone who might be interested.
- Other good places to post IT job listings:
- User experience – good, once you get past the new “top layer” it is stable and functional.
- Vista scared a lot of people/vendors, so people still shy of upgrading.
- The desktop environment is similar to 7, except for the touchscreen features and “charms” menu.
- There are known compatibility issues with Terminal Server.
- Reminder that Windows XP support expires next month.
- Johna shared an informative email re: XP she recently received from NET Xperts:
- “Click on the link to see if your PC is running Windows XP. http://www.amirunningxp.com/
- For anyone who is not a computer techie, the announcement by Microsoft about discontinuing support for Windows XP may not mean much. However, from a HIPAA perspective, this is very important information because Section 164.308(a)(5)(ii)(B) of the HIPAA Security Rules includes an ‘addressable’ requirement of Protection from Malicious Software where covered entities need to implement “procedures for guarding against, detecting, and reporting malicious software”.
- Officially, after April 8, 2014, technical assistance for Windows XP will no longer be available. This means that there will be no more automatic updates protecting your PC and even though your computer will still work, the problem is that without these updates, it becomes more vulnerable to security risks and viruses.
- Even if you have encryption and anti-virus software on your Windows XP computer, it won’t help because the problem is related to the flaws in the operating system itself. Encryption protects communication to and from the computer, but not the computer itself. Anti-virus can help protect a computer, but that depends on what security flaws might be found in XP after Microsoft no longer supports it.
- Here’s what happens from the ‘hacker’ perspective. Microsoft releases an update (patch) for a supported operating system. Hackers review those patches and see if that same vulnerability exists in the old operating systems that are no longer supported. If so, then your old, faithful, reliable XP computer becomes a prime target no matter what encryption or anti-virus you have installed on it. If you have a security breach on that XP computer, you have not implemented appropriate safeguards to meet the HIPAA requirements.” ~ NET Xperts
Google Apps vs. Office 365
- Between the two programs, file conversion and sharing can be an issue.
- Moving to these clouds-based productivity apps requires a degree of change management, regardless of which you choose.
- Office 365 changing name of cloud storage from SkyDrive to OneDrive. Business subscriptions start at $5/month per user. Here’s the announcement from Microsoft.
- Outlook 2013 – no more Public Folders, everything is a Mailbox now.
- Mail merge feature in Google Docs has improved somewhat over time.
Responsive Web Design
Local IT Providers That Serve Nonprofits
- Cloud vs. local backups (see extensive notes from our last meeting).
- How to pay for? An in-house backup device can be labeled a capital expenditure and depreciated while cloud-based solutions fall under operating expenditures.
- General consensus wishing that funders and management understood that the world is slowly moving to the cloud and we’ll need to re-think how we fund our IT.
- There was a request for a “101” document. Here’s a video instead.