Author Archive

How Do I SPAM Thee…

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

SPAM email can be dangerous and painful to the recipient and to any data they have access to. Whether it’s ransomware, phishing, pushing of malware, or impersonation, a strategy is needed to protect ourselves. I’ll address these different types of SPAM, and how each should be strategically managed.

SPAM Comes in Many Flavors
In addition to what many think is a tasty lunchmeat, SPAM also refers to unsolicited email, and those emails are usually intended to do the recipient harm. Sometimes the pain is small, but often it is big and costly. The most costly to an organization are usually ransomware and business email compromise; the most costly to an individual are usually phishing scams.

Here are some categories of email SPAM and how to respond to them:

  • Business Email Compromise (BEC), a.k.a. Impersonation Emails
    • Form: These SPAM emails used to only target businesses working with foreign suppliers and businesses who use financial wire transfer methodology. But in the last year we have seen many occurrences hit churches and ministries using checks! The form of the attack, as it affects churches and ministries, is usually an email supposedly from a pastor or executive in the organization directing the recipient to immediately transfer funds or cut a check. These attacks are usually well researched (we are welcoming and friendly environments, and we give them all of our staff structure and names on our websites!), and can feel legitimate.
    • What To Do: Never comply with the request. Always, require a live voice confirmation of the request in person or via live telephone call.
  • Ransomware
    • Form: Ransomware is malware installed on your computer that usually gets introduced through a SPAM email, compromised website, or even through a bot (internet program) that looks for Remote Desktop Protocol vulnerabilities. Once infected with the ransomware malware, data is encrypted and held for ransom.
    • What To Do: One of the best defenses against ransomware is to keep multiple days (we prefer a full month) of full data backups so your system can be ‘reset’ if an infection gets through your defenses. In addition to ensuring good backups:
      1. Never click on a link or graphic in an email you weren’t expecting. Even if it came from someone you know, do not click any links. If you think the email and its links may be legitimate and want to click them– before clicking on them– hover your mouse pointer over the link without clicking. Doing so should show the destination of the link. I recently did this on an email I received from Microsoft that looked legitimate, but the link would have taken me to a very different location than what I expected. Best rule: if you’re not sure that it’s okay to click, do not click!
      2. Make certain your computer has a good anti-malware program running on it. That’s true whether you’re using a Windows or a MacOS computer. The solution my firm recommends is www.thirtyseven4.com… doing so will help prevent you from accessing most compromised websites.
  • Phishing
    • Form: Phishing has a few forms, almost all of which happen through email SPAM. Phishing is the attempt to get the recipient to provide personal information about themselves that could be used to accomplish some form of identity theft. Phishing is sometimes referred to as clone phishing (a previously legitimate email that has been recreated with malware embedded or in links and re-sent to the same list of recipients as the original), whaling (phishing attacks aimed at executives and high-profile targets), and spear phishing (attacks targeting specific individuals that may even contain information about them discovered through websites, social media, and other sources.
    • What To Do: Never respond to a request for personally identifying information in an email without first confirming the source. I even take this a step further if I get a phone call from my bank about possible fraudulent activity in my credit card account! In the call they ask for my password to prove I am who they intended to reach. I decline their request and tell the caller they need to tell me my password to prove they are who they say they are since they initiated the call! They’re not allowed to tell me, of course, so that’s when I disconnect and call the number on my credit card– that way I know I’m talking to my bank.

These are a few SPAM categories. It is imperative that every organization use a high-quality SPAM filter on its email server to eliminate most of the SPAM from being delivered to email account holders. There are a lot of SPAM filter solutions available; our favorite is from Barracuda. They are the gold standard and best-of-breed in that industry.

Just an fyi… we host SPAM filtering for churches and ministries nationwide using a Barracuda SPAM Filter 600. We process more than 90,000 emails daily, and it blocks about 80%. That means about 80% of the email pointed toward your email inbox is unwanted! And some of it is dangerous!

Using a solid SPAM filter won’t stop all SPAM from getting to users’ email inboxes, but doing so will stop almost all of it. That reduces the likelihood that someone will click on something they shouldn’t. But the best protection will only come from repeated training to all team members. I recommend reminding the team of the danger on a monthly basis during all-staff meetings. And if you know a story in which an organization was hurt as a result of SPAM, tell the story! Doing so will help those who don’t take threats and threat-mitigation seriously to re-consider.

Helpful Computer Hacks

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

I grew up in an age when a ‘hack’ was someone who was incompetent. In those days there were no personal computers or mobile devices. Now everyone has access to multiple computers and various mobile devices. And wouldn’t you know it– ‘hack’ has a new meaning! Today a hack can be a clever way to get things done well.

Following are some hacks that can really help improve your efficiency on a computer!

Hacks for Computer Users
The following hacks are especially helpful for computer users.

Keyboard shortcuts. In today’s world of Windows and Mac operating systems we have become dependent on pointing devices. Granted, those devices are very helpful. But before these current operating systems, we used keyboard combinations to do some of what we now do with a mouse or track pad. Those keyboard shortcuts are still available to use, and they can save time! Here are six I still use often:

Function

Windows

Mac

Print

Ctrl + p

⌘ + p

Copy

Ctrl + c

⌘ + c

Cut

Ctrl + x

⌘ + x

Paste

Ctrl + v

⌘ + v

Italics

Ctrl + i

⌘ + i

Bold

Ctrl + b

⌘ + b

Multiple Monitors/ Displays. For those who’ve always used one monitor or display, having two or may three seem excessive. But the increase in productivity with two or three is surprising! I always recommend at least two now; the cost is minimal and the benefits are significant! My desk is configured with three: the one on my left always has Outlook running on it, the one in the middle is where I do most of my work, and the one on my right is for research references (browser, database, etc). I also find it helpful when opening large spreadsheets to stretch them across my middle and right displays!

Recurring Tasks. We all have them: recurring deadlines that are due every Wednesday, once a month, quarterly, etc. I use Outlook’s task functionality to set the reminders I need to help me hit my deadlines. This is one of the most helpful and least used tools available. I also use Outlook tasks to remind me to do things I’ve promised to do, helping me avoid them falling through the cracks of my active schedule.

Managing Email. Email consumes a larger part of our days than most of us want. I have three email hacks that help me stay focused and efficient, even though my average daily email count is well over 100.

  • Inbox. I keep my Inbox as empty as possible so I don’t waste time reading the same emails over and over. When an email comes in I either respond and then delete the original (a copy of the original is in my response!), put a flag (due date) of when I want to respond by and drag it to a subfolder based on the type of email it is (personal, business, etc), or delete it if it’s one I don’t care about (like an ad).
  • Sent Items. Once I send an email I delete it unless I need a reminder that I’m waiting for a response or it was a topic that could have legal ramifications (if it was, I make a PDF copy and store it).
  • Trash. I empty my trash at the end of every day. In the rare case that I need to find something I deleted, I log into our email server via browser (using Outlook Web Access), search deleted files, and restore it.

Automatic Backup. I always feel bad for someone who says a hard drive crashed and they lost all of their files, including photos that were irreplaceable. Losing important files is painful. There are many cloud services available to consumers that will automatically back up files to their cloud servers. There are also utilities in the Windows and Mac operating systems that will automatically back up files to an external drive.

Hacks for IT Professionals
The following hacks are especially helpful for IT professionals.

System setup checklists. As IT pros, we often set up new systems. If the process isn’t automated, I recommend creating a checklist to help achieve standardization. In addition to improving setup consistency, checklists save time because you don’t need to review your work to determine what you’ve already done after an interruption.

Professional Relationships. It’s so helpful to build friendships with people you can turn to when a challenge comes up that stumps you! Those ‘lifeline’ calls can save so much time! The best professional organization I’ve found for those in church and ministry IT is The Church IT Network (http://churchitnetwork.com). They have a low-cost annual gathering in the Fall, and low-cost regional gatherings in the Spring.

Monthly Backup Test. Set a task in Outlook to test your backup monthly. A good test is to restore a file or folder structure and then open the file(s) to verify the backups you’re relying on are good.

Those are some hacks that can really help!

Lessons Learned in IT

Written by Nick B. Nicholaou on . Posted in Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

Once upon a time, computers were like islands in the ocean: separate and disconnected. Then a Utah company called Novell created a reliable way for them to communicate and share files that revolutionized the workplace! The network was born, and staff productivity soared!

Few today know who Novell was, but we still benefit from their inventive engineering. What can solution providers, IT professionals, and churches learn from Novell’s story?

Some Novell History
Novell developed the technology to reliably connect computers and share data on any PC running on an Intel processor. There were competitors, of course, but none of them could keep up with the engineering and strategies Novell pioneered in its networking product, NetWare. It was innovative! Then they developed a global directory service (NDS), an email system (GroupWise), and a security proxy server (BorderManager) that made networking powerful, dependable, and safe for companies of any size.

A few years after Novell changed the structure of their networks by adding the global directory service, Microsoft decided to enter the networking game and created similar products to Novell’s, like Active Directory and Exchange. By 2000 Microsoft was pulling companies away from Novell’s solutions.

Why Does This Matter?
Novell’s NetWare was a superior product for years, but Microsoft won! What happened? There are lessons to be learned for solution providers, for IT professionals, and for churches in looking at what happened to Novell.

Lessons to Solution Providers
When Microsoft decides to compete head on, it often wins. The companies that pioneer solutions which propel the IT industry in new directions are always at risk from Microsoft– even if Microsoft’s solutions are not fully matched in quality for many years. Novell is an example, as was Lotus 1—2—3 and WordPerfect. The only way to survive competing with Microsoft is to continue to innovate, and to market at a ridiculously high level to keep people’s imaginations pointed your way.

We’re seeing history begin to repeat itself with hypervisor technology. VMware, similar to Novell, pioneered the hypervisor, which allows a physical server to become a host to multiple virtual servers. VMware had about 71% of the market in 2016 (down about 3% from the previous year) and is currently the foundation for most of the cloud. Microsoft’s hypervisor (Hyper-V) is currently about 23%, and Citrix’s Zen is about 6%.

The question is: What is VMware doing to keep IT professionals focused on their solutions? They continue to innovate, but are being heard from and talked about less and less in the marketplace. VMware needs to change its posture and recapture the imagination of the marketplace if it is going to survive.

Lessons to IT Professionals
IT professionals tend to focus their expertise on specific platforms and solutions because they know how to make them work well. IT professionals once argued the merits of Novell NetWare vs Microsoft Windows Server; NetWare is rarely seen anymore. (My firm’s last client running a Novell NetWare network finally transitioned to Windows Server in 2016. They kept NetWare in place because it just kept working! But it was no longer supported; a decision needed to be made.) IT professionals used to argue the merits of WordPerfect vs Microsoft Word, and of Lotus 1—2—3 vs Excel, too!

Now IT professionals argue the merits of VMware ESXi vs Microsoft Hyper-V.

IT professionals need to constantly stay aware of new technologies and shifting trends. Any IT professional who decides to doggedly stay with a hardware platform or solution has put a horizon on their career. The discipline to stay aware of new technologies and shifting trends requires constant vigilance, humility, and flexibility.

Lessons to Churches & Ministries
Churches can rarely afford to become hardware and software development labs for companies hoping to become the next Microsoft. When looking for a solution, choose maturing and proven technologies; avoid the bleeding edge and stay just behind the leading edge. Doing so will deliver acquisition and implementation savings, and improve team effectiveness.

There are always folks ready to tell you what new solution or platform you should move to, but do your due diligence before agreeing. Research to see how IT professionals are perceiving the maturity of the option you’re considering, and check its market trend. Many technologies have entered the marketplace that had terrific promise, yet they were left in the tech-dust as the industry went in another direction.

Should Churches Continue to Reimburse Cell Phone Fees?

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

Churches reimburse some staff members for their cell phone and internet costs. In the early days of those technologies, doing so made sense. Has the way we communicate changed so much that it’s time to reconsider? What are the issues?

Historical Perspective
I got my first cell phone in 1987, and was one of only 1 million in the U.S. who had one. But it was worth the cost (often $750+ monthly for one line!) to be available to our clients as I travelled across the USA. Five years later that number had grown to 11 million, and in 2000 passed 100 million! By 2010 there were more cellphones (and smartphones) in use than there were people in the U.S., and by 2015 half of all U.S. households no longer had a landline connecting their home to the telephone system network (we removed our landlines in 2007).[1]

Why does that matter? In the earlier years of cellular phones they were very costly to buy and use, and were perceived as additional phone lines. As great tools enabling a burgeoning mobile workforce, churches wanted their staff to have cellphones to facilitate better communications between themselves, their teams, and their congregations. Because they were an added phone to the home phone, many church team members couldn’t afford to have one.

The same is true for internet connections at team members’ homes. In the 1990s and early 2000s they were considered optional. Reimbursing staff for the expense of being connected made sense for many team roles.

So churches developed a number of ways to underwrite the cost for these services for their staff via reimbursements, allowances, and more. The IRS finally helped by simplifying the tax treatment of cellphones provided to employees in 2011 following the Small Business Jobs Act of 2010.[2]

Should Reimbursements & Allowances Continue?
There may be circumstances where those are appropriate, but for most the answer going forward should be no. Those communications services are no longer considered additional methods in the U.S., but are now integral to our communication fabric.

At a gathering of megachurch church business administrators and managers (CBAs) I recently attended, one of the CBAs asked, “When staff leave the church, they don’t want to turn in their cellphone or terminate their service! If they will pay for it themselves after they leave our staff, why do we pay for their service and phones while they are on staff?” Good question!

Today nearly all working adults in the U.S. have a cell phone (or more accurately, a smartphone), and most households have broadband internet service. So why should the church reimburse the cost of these services? It no longer needs to.

Transitions are Sensitive
Simply deciding to no longer reimburse for these services could be problematic. I suggest the following:

  • Set a policy that reimbursements for cell phones and internet service will no longer be made to church staff. This policy would apply to all new hires.
  • To ‘grandfather’ those who have been receiving assistance for these services, add the amount they have been receiving to their base pay; a sort of one-time adjustment to their pay. This allows you to eliminate assistance going forward without hurting any team members that depend on it. It also simplifies the payroll process– a win-win!

Transitioning in this way will remove the discussion for any new team members, and continue meeting the needs of existing team members.

People no longer need assistance with their cellular or internet service. It’s part of the standard way we communicate today in America. It’s okay to end the practice of evaluating who to assist, how much to assist, and then account for those decisions in budgets and in the payroll process. Handled in this way, no one will get hurt in the process, and no one will suffer because of the policy.

[1] These statistics are from CTIA.org, an association representing all sectors of the U.S. wireless communications industry.

[2] See https://www.irs.gov/irb/2011-38_IRB#NOT-2011-72 for details.

Don’t Become a Cybercrime Victim

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
Ministry Business Services, Inc. President
Reprinted from inSIGHT

The most current stats published by the FBI (2015 via ic3.gov) show they received nearly 290,000 cybercrime complaints that year, with an associated loss of $1.1 billion! At the time of this writing a new ransomware called WannaCry (aka WannaCrypt) is infecting computers worldwide. Are you and your data safe? What do you need to do– and not do– to be safe?

Age Groups Affected
The two age groups most impacted by cybercrime are ages 20-39, and ages 40-59, and both of those groups are about evenly split. Together they account for 80% of cybercrime victims in the U.S. Thatmakes sense when you figure that those under 20 (4% of victims) don’t have much to spend online, and of those over 60 (16% of victims), only a portion of those are heavy computer users. So, what the stats seem to say is that if you use a computer, you are equally at risk no matter what your age is.

How Do Cybercrime Infections Happen?
Most cybercrime happens one of two ways:

  1. Via Email. An email appears in your inbox that has a link, graphics, or a form to complete, or may appear to be from someone you know (known as spear phishing).
  2. Via Infected Websites. Websites, even those that are legitimate, can be infected with malware easily if their hosts are not keeping up with security patches and strategies. Criminals can buy inexpensive ‘crimekits’ that look for and infect vulnerable websites. We’ve even seen that happen to church and ministry websites!

How to Protect Yourself and Your Data
Let’s address this in the two categories of email and websites.

  1. Via Email. There are a number of things you can do and are best not to do to help in this area:
    • Make certain your email is scanned by a capable SPAM filter to help minimize the number of dangerous emails that get to your inbox. I say minimize because some will still get through even the best SPAM filter; those are often referred to as zero hour emails. Zero hour emails are newly introduced methods and strategies that have not yet been identified as a pattern of dangerous email.

      Our firm prefers Barracuda SPAM filters. We even tested Microsoft’s O365 SPAM filtering solution, and found that it let many more unwanted emails through than the Barracuda– especially­ from other O365 email accounts.

    • The FBI warns as follows:
      • Do not click links in emails. I modify their warning, that you can click only if you first hover your mouse over the link, which will show you where it wants to take you. If you’re not certain the destination is safe; do not click the link.
      • Never reply to senders you don’t know. This gets tricky, though, because the sender can be spoofed, as in spear phishing. If you want to reply to someone– even someone you know, look at the email address in the ‘To’ field when you’re composing your response to be certain that address is what you expected to see there before clicking ‘Send’.
      • Do not fill out forms in emails.
      • Do not open attachments in unsolicited email.
      • Be skeptical of those representing themselves as surviving victims or friends in need.
    • I add one more item to the FBI’s list. Immediately delete SPAM emails, and empty your deleted items daily.
  1. Via Infected Websites. I recommend two methods of protection in this area:
    • Use a good firewall to protect your entire system from dangerous content transmitted from websites. The better firewalls let you filter content, but for this discussion, the focus is on protecting your systems from malware. Typically there is a subscription from the firewall provider that must be kept current to protect you from newer methods and strategies.

      The firewalls my firm recommends are SonicWALL firewalls running their Total Secure subscription package. We find those to be the sweet spot of features, protection, and cost for churches and ministries.

      If you’re a consumer vs an organization, check with your Internet Service Provider (ISP) and confirm with them that they have all of the protections turned on in the modem or router they provided.

    • Use a capable anti-malware solution on your computers– whether Windows or Mac (yes, Macs get infected too, regardless of what many say). The solution my firm likes most is Thirtyseven4.com; it is capable and reasonably priced.

Finally, keep a history of total data backups to help you recover from an infection that somehow slips through. There are no total guarantees of protection, and having a history of backups available (we prefer a full month of daily backups to cover an infection that has an incubation period and doesn’t ‘go live’ and get noticed for awhile), you should be able to recover from any infection that happens.

What About WannaCry Ransomware?
WannaCry takes advantage of a Windows vulnerability that Microsoft patched months before the outbreak occurred for all their supported operating and network operating systems. That said, it is important to keep your systems and apps up to date regarding patches; many of the updates are security-related.

It appears WannaCry is gaining access to files from people responding to a spear phishing attack. Be cautious with the emails in your inbox!

If you are running an unsupported Microsoft operating system, like XP, Windows 8.x, or Server 2003, Microsoft recently released a patch you can manually download and apply to shore up the vulnerability WannaCry exploits. Here’s a link directly to Microsoft for help:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/.

Don’t become a victim of cybercrime! These are easy-to-implement strategies and disciplines that you, your staff, and your family can adopt. And there will likely come a time when you’ll be glad you did.