Bagels & Bytes Meeting Notes – March 2017

Grow PittsburghWe had a great meeting again at Grow Pittsburgh! Thank you again to Rebekah and GP staff for hosting us! (We will be back at GP for the April meeting on 4/5, then we go to the Frick Art & Historical Center in May.)

Here are the notes and resources from the meeting. Note that we concentrated very specifically this month on questions and issues raised by group members.

Data security audits for nonprofits

  • Assume banking standards because of donor-related info?
  • HIPAA compliance required for health care orgs
  • PCI-DSS – annual certification needed if accepting credit cards – there’s a 120 page document used to verify compliance on various systems
  • Trustwave – scans monthly for testing purposes
  • TransArmor – a security solution from First Data
  • Think about all security systems by going through PCI certification doc
  • PCI-DSS – limited where info is stored, who has access, etc.
  • If keep paper copies of credit card data, only liable for that – must keep locked up and have procedures in places for storage and destruction
  • If using 3rd party online service, compliance is on them
  • In PA, if a single record in the database is compromised, the organization is liable for $60-70 fine per person for a mandatory three years of a monitoring service
  • Idea: take risk analysis to executive director for org (to prove need to take action and/or make case for changes)
  • Many nonprofits are already in a crisis state and don’t need additional problems added to that
  • PNC Bank does not do merchant services – they resell for First Data
  • In terms of credit card processing, there are really only three processors, with everyone else being resellers: First Data, World Link and ______ (group couldn’t think of third company)

Phone systems, vendors, best practices for implementations

  • If don’t want cloud-based system, what are options? (Want phones that work when Internet goes down)
  • Also want to depreciate as capital expenditure
  • Avaya vendor – Advent Communications (pricey for support, but don’t have to call often – very stable)
  • Can use a broker to do your telecom research and pricing negotiation for you – Connectel, Opticom Consulting
  • Full Service Network – phone vendor, cloud-based retailer – not good for Internet service, only phones
  • Computer Reach – has put in phones, vendor in California
  • Internet configuration – suggest Internet router separate from phones so heavy network traffic doesn’t knock out phone system
  • Prime Communications – sell MyTel system
  • Guardian – owned by Armstrong Cable

OneDrive for Business if no Office 365 or Sharepoint

  • OneDrive is integrated with Windows 10
  • Hotmail is also integrated into OneDrive now
  • Can now simultaneous work in docs on OneDrive
  • TechSoup has Office 365 for $0, but need to purchase other things for it to be fully functional
  • Tech Impact provides migration services for eligible organizations via TechSoup (it’s a partnership – there’s a $10 fee for an assessment first)

If leaving your tech job, what should you document and share with the incoming person?

  • Keep a list of your daily activities for one month
  • Make other lists for weekly/monthly tasks
  • Propose that your org hires you as an independent consultant for a month or two
  • Refer to job description, then list all possible jobs the person might need to do under each heading
  • Get the info out of your head and onto paper
  • Think about the spinning plates act on the Ed Sullivan show – china plates spin most easily but are hard to replace, so are more important (critical tasks). Paper plates are harder to spin but easy to replace, so are less important (busy work).
  • Verbal only – give them the political read on people and relationships – but watch what you say because it’s a small nonprofit world in this geographical area

Bagels & Bytes Meeting Notes – May 2014

Haller House on the Frick campus

Haller House at the Frick Art & Historical Center.

This month was our final meeting at the Frick Art & Historical Center this year.  Thank you once again to Linda and the Frick staff for hosting us! Join us next month for Bagels & Bytes on a Boat, located on the RiverQuest boat Explorer near the Carnegie Science Center!

Here are the meeting notes for May:

For the Reading List

Social Media

  • What is the shelf-life of a social media channel?
  • As long as the company is making money, will probably stick around.
  • Look at what teens are using to see what’s up-and-coming

Zero Day Vulnerability

  • Discussion about which orgs have applied the IE patch to date.
  • Most are communicating instructions to staff via email.
  • Also need to deal with the Windows XP security patch, which we suspect many orgs are still using, including government entities.
  • Can probably keep using XP machines if stay unconnected from the Internet.
  • Several people reported having good experiences with upgrading older PCs from XP to 7.

Hosted Raiser’s Edge

  • Costs extra for this version, but is nice to have Blackbaud worry about data backups, security, etc.
  • It is good to have a redundant Internet connection (multiple ISPs), particularly if using a lot of apps in the cloud.

Phone Service/ISP Providers

If you could tell your board anything about technology at nonprofit, what would you say?

  • Even though technology isn’t splashy (doesn’t get your org’s name in the paper), it’s still important and it needs to be funded, even if it’s not causing problems.
  • Need to make the investment in infrastructure.
  • Tech touches every piece of what every staff member is doing – it’s critical.
  • You can’t assume it’s working well just because it appears to be working.
  • Tech isn’t like a utility – you can’t flip a switch and it magically works.
  • Technology evolves. An org has to stay on top of it, keep evolving with it and investing in it.
  • The board shouldn’t micromanage the tech function.
  • The board should/could look at technology investing as part of its legacy to the org.
  • Board members can be champions for technology – advocating for it.
  • Techies push the wave, need to be the board thinking about tech.
  • Organizations should have a technology committee.
  • Have to find balance between budget oversight and over-scrutiny.
  • Reporting tech-related outcomes to the board at least once per year might be beneficial.
  • Sometimes tech staff sees something that could be done with existing tech, but needs backup / tech plan / support from the E.D. and board.
  • Tech should be given a seat at the table, not be housed under the CFO or finance department.
  • An organization can have the grandest program ideas in the world but still need tech infrastructure to make anything work.
  • An org can never sit still with technology – it evolves too quickly. Orgs constantly have to be scanning and looking ahead.
  • Best to chip away a little each year at tech needs and projects, rather than let them pile up and overwhelm the org and its budget.
  • Never assume that your org is “done” with tech.
  • IT has to be allowed to take risks in order to move the organization forward.  Failures can sometimes happen and boards can be risk-averse, but risk is part and parcel of IT otherwise stagnation can result.
  • An org should never do tech for its own sake.  Always look at the business needs first.