GroundWork group

Engaging Individuals with Disabilities
Accessibility through Technology

GWg Workshop - March 21, 2013

Email it Forward

4)      Click on Delay Delivery in the more options tab

Are you prepared for the security risks that exist when an employee leaves your organization?

Do you have a strategy to reduce the security risks posed by an existing employee?

Whether or not an employee is leaving (or has left) on good terms, it is important to be prepared from an IT perspective. We have heard from Members that have not had such a strategy, and it has cost them time and energy. We want to help nonprofits build a proactive approach to managing staff changes relative to IT.

What steps should you take now? Document, document, document.

As a starting point, have a Network Assessment performed to document the current state of your technology. Then follow these steps to ensure business continuity.

Be prepared:

• Keep an updated record of all user accounts and access permissions for each account. Be sure to note any special permissions, such as remote accesses, special emails, etc. for each employee.
• Keep a current list of all user accounts and passwords for software applications requiring passwords.
• Keep a list of technology vendors, the main contacts at each vendor, and the main contact within your organization.
• Implement procedures and password protection that keep administrative accounts from being accessed by unauthorized users and change those passwords on a regular basis, every six months, for example.

Steps to take once an employee has left (or maybe before they leave, depending on the situation):

• Immediately change the password for their user account and remove all permissions. Ensure that the employee does not have any company property that may contain data such as computers, flash drives, CD ROMS, etc.
• Change all passwords for software accounts.
• Notify all vendors with whom the employee was the main contact and provide new contact information.
• Consider whether further steps need to be taken, for example changing locks, turning in ID badges, etc.

(January 2013)

Wednesday, November 28, GroundWork group hosted an IT Planning Workshop, featuring Kameron deVente, Board Chair of Alvis House and Vice President of Navigator Management Partners. Drawing on his experience as a Board Member who helped Alvis House with this work, Kameron provided an overview of how long such an initiative may take and where to start in creating an inventory of smaller projects that feed the plan. He stressed that such a plan isn't just about technology, which is a common misconception. The presentation highlighted key components that should be incorporated and concluded with lessons learned that can help other nonprofits build their technology plans.

More than 20 participants, including GWg clients, interested partners, and key members of the Alvis House team to provide additional context, engaged in lively interaction.

Contact Brenda Grosse, bgrosse@groundworkgroup.org, for more information on the workshop.

A special thanks goes to Kameron for his time and to Grange Insurance Audubon Center for graciously offering space for the meeting
 

(November 2012)

At our October Nonprofit IT Forum, Doug Davidson of Jacadis, shared with us some tips and resources to help nonprofits recognize whether or not they are HIPAA compliant and how to get there.

He outlined 18 HIPAA Security Standards relating to Technical, Physical and Administrative safeguards to help nonprofits build a solid, secure system that should include the tenets of his Security Model:

1. Confidentiality – the sharing of Protected Health Information (PHI)
2. Integrity – Accurate & complete PHI
3. Availability – "There" when needed

BUT how does a nonprofit know if HIPAA applies to them?

Consider the data you have to protect.

Are you obliged to comply with HIPAA?

• Electronic protected health information (ePHI)?
• Protected health information (PHI)?
• BA agreements with providers?

Then YES to HIPAA

If not?

• Personally identifiable information (PII) on individual members of population?

Then Yes to OH HB 104 and other regulations/obligations

ACTION you should take to protect your data and aim for HIPAA compliance:

• Assign a security officer
• Train your staff – Go to http://www.microsoft.com/security/resources/default.aspx
• Implement strong passwords – Read http://www.secure-value.com/douglasdavidson/2009/10/secure-value-by-using-strong-passwords.html
• Create an Incident Response Plan
• Evaluate your environment for vulnerabilities – Check out http://bit.ly/SZCYr0 OR http://scap.nist.gov/hipaa/

Access Doug's slide show to learn more.

Additional resources:

http://www.secure-value.com/
http://www.jacadis.com/

(October 2012)

Are you bogged down by the massive number of messages in your email inbox? Perhaps your inbox capacity is clogged with large attachments? Save time by touching each email message as little as possible. Follow these quick tips to prevent email messages from piling up and/or taking up too much space.

As soon as you receive an email, determine its importance and relevance to you.

• Delete. If the message is junk or is not important – delete it.
• Act on it. If you can address the message quickly – act on it – then delete or file for future reference.
• Assign it. If the message is not for you – forward it to the appropriate person.
• Defer it. If the message will take longer to address – save it for later – but try to remove as many of these from your inbox as possible and place them in reference files.

• Place files in your employer's share drive folders instead of emailing copies to everyone.
• Save attachments in the share drive and delete the email message.
• If you must keep the email message for later reference, move it to a reference file and remove the attachment.
• Be proactive – if your employer or your email provider has a mailbox size limit – take the steps now to reduce your volume – don't wait until 8 a.m. on a busy Monday when your box is full and you can no longer accept messages.
• If you are using Outlook, you can find your biggest offenders by discovering the size of your Outlook folders.

How do I get rid of my old computer equipment?

In this day and age, electronic trash can be a real pain point. At first you see a few monitors and keyboards lying around. Then, before you know it, you are waist high in the stuff. It is old, junky, dirty and piling up. So what do we do about it?

Here are the top places in Central Ohio where you can drop off that nagging pile of electronic trash!

Best Buy – All Best Buy locations – Drop off
Batteries (Rechargeable), CD's, Computer (Recycling), Computer (Reuse), Computer Disks, Computer Monitors, Electronics, Inkjet Printer Cartridges, Laptop Computers, Mobile Phones, Ni-Cad Batteries, Stereo Systems, Telephones and Televisions.

TechUsed Asset Recovery - 3820 Zane Trace Dr., Columbus, 43228, 614-777-5557 – Drop off
Computer (Recycling), Computer Monitors, Electronics, Office Equipment and Televisions.

U.S. Technology Recycling Group – 4231 Leap Rd., Suite H, Hilliard, OH 43026, 614-850-0202 – Drop off/Pick up – offering free pick up for nonprofits
Computer (Recycling), Computer (Reuse), Computer Disks, Computer Monitors, Electronics, Office Equipment and Printers.

Staples – All Staples locations – Drop off
Batteries (Rechargeable), Computer (Recycling), Computer (Reuse), Computer Monitors, Electronics, Inkjet Printer Cartridges, Laptop Computers, Laser Toner Cartridges, Memory (RAM), Flash Card/Drive, Mobile Phones, Ni-Cad Batteries, Office Equipment, Printers, Telephones and Video Game Consoles.

Ohio Drop Off - A reader of our eNews has an e-waste recycling center to add to our list… www.ohiodropoff.com. Thanks, Josh at Columbus Speech & Hearing Center!

(July 2012)

New technologies are introduced to consumers so quickly that new challenges are presented to the IT staff at nonprofits – from learning how to use new apps to supporting staff use of multiple devices to developing company policies on proper usage.

The discussion at the June 12 Nonprofit IT Forum recognized that there has been a shift in the manner new technologies are shared. Previously, IT staff members were charged with uncovering the latest technologies. With all the new tablets, smart phones and cloud services, staff members are now bringing technology to the IT professionals. The group shared ideas to help IT professionals address many of these new challenges…

SOCIAL MEDIA SITES. Social media has become an integral part of peoples' lives, and many want to access these sites during office hours. Problems can arise when the sites become a distraction from work. There are many hardware and application options that can block these sites. Management and IT staff need to define the best policy for restricting access to social media pages, which could include:

• Completely blocking all social media sites
• Allowing a small window of time during the day when social media can be accessed (during a lunch hour, for example)
• Allowing access to most sites but blocking potentially harmful sites

DEVICES. Smart phones, tablets, laptops – staff members bring in dozens of different devices to their IT staff, asking for access to the network via the devices and for support when they don't work. While a notable advantage of employees using their own devices is that they will be more likely to embrace technology, a considerable disadvantage is that technicians now have to broaden their knowledge to be able to maintain and fix dozens of devices instead of just a few. Management should collaborate with staff and the IT department to develop guidelines for approved/supported devices for their organization.

SECURITY and "THE CLOUD." One of the newest pushes in data management is storage in "the cloud." Data centers managed by outside companies allow organizations to store their data safely and securely on servers located off-site and provide the ability to connect from virtually anywhere to get their data. While a great convenience for staff to be able to access their data from anywhere, some concerns should be noted. One particular issue with using public cloud services such as DropBox or Google Drive is ownership. Once a document is put on their servers, it becomes their property, giving them the legal authority to do with it whatever they would like. Caution should be taken when using public cloud services for sensitive documents. Additionally, your organization should investigate maintenance & upgrade agreements, the ease of data recovery and the security of the facility housing the off-site servers.

(June 2012)

Electronic devices used in today's workplace are a combination of company-owned and personally-owned devices.

Which is better?

Scott Caine, GroundWork group CEO and former Marketing Director for Verizon Wireless, led a recent discussion to consider the pros and cons of each.

Company ownership means it is easier to control the average cost per user, but the down-side can be the need to standardize equipment – allowing fewer employees to take advantage of unique devices and applications that can be quite beneficial. However, employee-owned devices can make the employer "blind" to what employees are using devices for during work hours and can make it difficult to control costs.

Factors to consider when deciding whether to provide cell phones, laptops and other electronic equipment for your employees or to allow employees to use their personally-owned devices:

Control – Who makes purchasing decisions? Which policies are in place? Who retains ownership of the cell phone numbers? Full company control of devices, access and usage?

Cost – Who is responsible for paying the bill? Will you provide an employee electronics stipend? What happens if an employee's device breaks but is needed for work? What about corporate discounts on equipment? Mix of personal and professional use of equipment?

Support & Maintenance – Who manages the account? How much time is acceptable for your IT technicians to fix personally-owned equipment? Who covers replacement costs?

Policy & Security (liability) – How can you ensure company policies are followed and that company networks will remain free of IT threats? What is your risk of loss of confidential company data on personal devices?

Standardized Equipment – Different employees will benefit from different types of technology…how do you decide who gets which types of equipment?

Participants in the discussion have varying policies and practices at work. Consensus agreed that policies should be reviewed often and the types of equipment and applications that become available are rapidly and continually changing. Today's policies will be far different from those necessary in just a few months.

(May 2012)

20+ regular attendees and many new to the GWg Nonprofit IT Forum got together in February to discuss computer viruses.

Is software the solution?
What about hardware-based solutions?
Maybe the answer is in the cloud!

Here are some of the items discussed…

Mosaic Security Software Comparisons
https://mosaicsecurity.com/

Microsoft Baseline Security Analyzer
Detects common security misconfigurations and missing security updates on your computer systems.
http://technet.microsoft.com/en-us/security/cc184924.aspx

Hard Disk Encryption
Free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux http://www.truecrypt.org/

Change Log
File Integrity and Change Monitoring software for the Windows infrastructure.
http://www.eventtracker.com/products/whatchanged/

NAC
PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution.
http://www.packetfence.org/home.html

Affordable UTM
Untangle 51-150 PC's, One Year - $432
http://www.untangle.com/store/education-premium-conf.html

Exchange Server Disclaimers
GFI Mail Essentials
http://www.gfi.com/anti-spam-freeware

Proactive Vulnerability Management List
https://mosaicsecurity.com/categories/5-proactive-vulnerability-management?license=Freeware,Open Source

Mobile Phone Security
For iPhone or Android
https://www.mylookout.com/download

Darik's Boot and Nuke
HardDrive Eraser
http://www.dban.org/download

(February, 2012)

A new malware called "Gameover" infects recipients' computers and allows access to their bank accounts. A variant of the Zeus malware created several years ago, Gameover steals usernames and passwords and is able to defeat common user authentication methods used by financial institutions. Victims receive unsolicited email from the National Automated Clearing House Association (NACHA), the FDIC or the Federal Reserve notifying that there's a problem with their bank account. The email contains a link to a phony website that downloads the Gameover malware.

Protect yourself:

1. Make sure your antivirus is up-to-date.
2. Don't click on email attachments from unsolicited senders. NACHA, the FDIC and the Federal Reserve all do not send unsolicited emails to bank account holders.
3. Read the FBI warning for full details: http://www.fbi.gov/news/stories/2012/january/malware_010612/malware_010612.

(January 2012)

With the substantial changes from MS Office 2003/2007 to MS Office 2010, we want to highlight a few of the key upgrades and improvements. As with any major software upgrade, we recommend a full training to maximize the available benefits – but following are some pointers on new features to look for and to help you in transition…

1. There are now video triggers available in PowerPoint. Control movies within your presentation!
2. Full photo editing capability in Excel, PowerPoint, Word, Outlook and Publisher. All previous versions had limited and differing levels of capabilities.
3. New Email "Essentials" that include 4 new features: Conversation, Cleanup, Ignore Thread, and Mail Tips.
4. Sparklines. Mini charts, inserted into text of cells of an Excel worksheet, that summarize data.
5. Simplified Print Menu Capabilities. The Backstage combines print and print preview, page layout and other print options.
6. Edit Menu Fixes are very clean. No more pasting to a messy clipboard, as a line preview has been incorporated.
7. Automatic correction is fully integrated with the spellchecker.
8. Windows Live Wire Integration; blog postings options are now available in 2010 applications.
9. Quick Access Toolbar (QAT) is 100% fully customizable.

There are many more new features available with MS Office 2010. However, as with anything that's unfamiliar, we wanted to share a few of the new bells and whistles, so that you can begin to visualize some of the ways you can use the rejuvenated tools.

(November 2011)

Disaster can strike at any time.  And we're not just talking about flooding or fire.  Disaster can be failed hard drives or RAID controllers or hardware malfunctions causing data loss.  So having a good backup plan for data is only part of the solution.  A good backup plan for hardware is extremely important also.  It is critical that every organization have a documented backup plan for both data and hardware!

The two key aspects of a backup plan are Data and Hardware/Software:

DATA

1. Daily Full Backups.  Depending on the size of your organization, full data backups should happen weekly at minimum.  Having nightly or even real-time backups are good options depending on the critical level and need of your data.  External hard drives are becoming a more economical way of backups, compared to tapes.
2. Keep backups off site.  At minimum, have backups at two separate locations.  Choosing the right method of data backup can be key, but don't limit yourself to a single solution.  Having an onsite backup solution, such as tape, is a good backup source.  Also keep an updated copy off site, in a safe place, and regularly rotate an updated version.
3. Remote backups.  Offsite backups are becoming more popular.  Utilizing a third-party resource to remotely backup your entire server and data does come with a cost, but is also a good way of automatically having backups accessible off site.  Be sure to understand all the costs and capabilities of your vendor.  Consider keeping a copy of your backup on site so that you can access it quickly if you need to restore files.  Check backups regularly.  Be sure that the backups are running, are backing up the right data, and that the backups can be restored.

HARDWARE/SOFTWARE

1. Hardware and Software Details.  Keep detailed records of your servers' hardware, warranty, and software information and configuration.  Once documented, be sure that this information is kept safely off site.  If you ever need to restore the entire server, you will need this information.
2. New Hardware Warranties.  If you are in the market for a new server, look at purchasing a good warranty for an additional 1-3 years.  Depending on the primary service your new hardware is to provide, having next day replacement can limit organizational downtime.
3. Include Hardware RAID or Mirrored Drives on Servers.  An additional backup solution with any server infrastructure is to have multiple hard drives on the server.  A hardware RAID solution or even mirrored drives help – if one hard drive fails, the other hard drives can continue to provide service while the bad drive is replaced.
4. Hot swappable drives.  A more expensive option for servers is the ability to have hot swappable hard drives so that if a drive does go bad, the drive can be swapped out very easily with no downtime.

OTHER CONSIDERATIONS

1. Cloud computing.  Becoming more popular, cloud computing may or may not be a good option for your organization.  Having your entire infrastructure located off site, at a data center, or in the cloud, is one way to minimize or even eliminate the need for backup plans from a hardware/server perspective.
2. Document your plan.  Keep a process record of your backup plan safely off site.  Have a copy with at least one other staff member, and remember to review and update it regularly.

(July 2011)

Has your nonprofit been plagued with computer viruses lately, even though you have anti-virus software?  GWg technicians have noticed an increase in virus problems, malware, etc.  And we have a relatively inexpensive solution that provides much greater protection than anti-virus software alone.  For about $50/month, your organization can have an Internet Gateway device installed and activated.  All Internet traffic passes through this device, protecting your network, servers and equipment.  A basic package is sufficient for most nonprofits and could include: web filter, virus, spam, phish & spyware blockers, protocol control, captive portal, firewall, intrusion prevention, VPN and basic reports.  Consult with your IT technician about the possibility of installing an Internet Gateway device.  Questions?  Contact GWg, info@groundworkgroup.org.

(March 2011)

The beginning of the year is a great time not only to create your strategic plan for the new year, but also to think strategically about how your IT capability is supporting your business operations.  Is your IT plan consistent with your strategic plan?  When you develop your strategy, do you have the technology to support your plans?  If you are not sure, just follow these simple steps.

• Identify your business priorities by the following business functions –
  • 
    Strategic Planning
  • Marketing
  • Constituent Management
  • Communications
  • Fundraising
  • Service Delivery
  • Reporting
  • Day-to-Day Operations
  • Training and Education
• Assess your current IT capabilities –
  • 
    Go to www.groundworkgroup.orgClick on "GWg Technology Questionnaire" in the "Don't Miss This" box and fill out the GWg Technology Questionnaire.
  • You will receive an email placing your organization on the GWg Continuum of Technology Maturity.
  • This will give you an understanding of your current IT capabilities.
• Compare your business priorities to your current IT capabilities.
• Develop an understanding, by business function, of gaps in your IT.
• Prioritize your IT gaps and take action to achieve your business priorities.

If you need support in this process, please contact us and we would be more than happy to help, info@groundworkgroup.org.

(December 2010)