Author Archive

July – Improve System Security Month!

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2018 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

While speaking at a conference recently, a cybersecurity expert whose company offers email user testing and training stated that KnowBe4.com‘s solution was the best they’d ever seen. Little did they know I was in negotiations on The Church’s behalf with KnowBe4!

What Is It?
KnowBe4 is a subscription-based solution that allows an organization to send what looks like SPAM emails to users that include links, etc. The solution tracks who clicks on the links, and when they do, adds them to a group whose members must watch a short training video online to learn what to avoid. Watching the video removes them from the group.

I’m aware of organizations whose users started at an 80% or higher click-rate. They saw the solution to educate their team and get the percentage to under 10%. The results are a more secure user community, and improved security and safety for the organization.

What’s The Deal?
KnowBe4 offers a 10% discount to not-for-profit organizations, with an additional discount of 25% for a three-year subscription. So, they normally offer up to 35% in savings to charities.

Through our negotiations, KnowBe4 offered to add an additional 20% discount to any who say they were referred by MBS, and who contact a specific employee of theirs to sign up! That means you can get a 35% – 55% discount just by telling Tiffany Yeager (727.877.8226 or ​tiffanyy@knowbe4.com) you were referred by MBS! (As always, MBS makes nothing on your referral business, as per our by-laws.)

MBS Recommends Their Platinum Package
KnowBe4 offers a few packages; we believe the best for churches and ministries is their Platinum Package.

It’s July– a good month to improve your system security. This is a great way to do so!

Identifying, Shaping, & Meeting Team IT Needs

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2018 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

A church IT forum discussion came up recently that is worth thinking through. The original post asked for input on how to keep team members from connecting their personal devices to the password-protected staff WiFi. The discussion that followed was a little like Mr. Toad’s Wild Ride! Lots of ideas being tossed around, most of which uncomfortably avoided the most important questions.

Underlying Risk
The vast majority tried to help by explaining various ways the team could be controlled or prohibited from attaching their personal devices to the staff WiFi. There were a couple voices of reason that participated, suggesting positive ways forward.

Those not in IT may not understand the underlying risk. Why shouldn’t team members connect their personal devices to the staff WiFi? There are legitimate dangers associated with letting personal devices attach to the staff WiFi.

  • The staff WiFi, usually password protected, is typically configured to give devices full access to the organization’s network as though they were connected and logged in via an Ethernet cable. That is in contrast to the public guest WiFi, which is typically configured to give devices access only to the internet, and hopefully access that is filtered.
  • The organization’s data needs to be protected. Churches and ministries maintain a lot of sensitive data that could hurt congregants and team members if not adequately protected. Data like contributions records, HR records, social security numbers of staff and some vendors, church member disciplinary notes, board minutes, and more. That data needs to be kept private, but it also needs to be kept available for team members to use in the operations of the organization. Malware like ransomware exists because hooligans understand the value associated with appropriate data access, and endeavors to block access to the data unless a ransom is paid.
  • The organization’s systems need to be protected. There are some who would like to disrupt the flow of church and ministry operations by crashing the system or participating in activities that could cause authorities to remove all computers and servers for forensic investigation and, possibly, evidence in a prosecution.

When team members use the staff WiFi on their personal devices, the organization’s data and systems are put at risk.

The Next Question
So, does that mean team members should not use the staff WiFi for their personal devices? Maybe; it depends on why they need it.

One of the forum participants, Jason Powell at Granger Community Church, contributed “Figure out what need they’re trying to solve. It took a while for our staff to be coached that there is no speed difference between our staff and public WiFi. After asking why they wanted a personal device on the staff WiFi, in almost every case, it was because they assumed it gave them something that the public WiFi didn’t. A simple conversation assured them that the public WiFi would do everything they were asking for.”

What if the need is legitimate, though? Jason continued, ‘For legit needs like interns, volunteers, etc needing a personal device to have more access, build a simple BYOD network.” A BYOD (Bring Your Own Device) network is not difficult or costly to do. The cost factors involved are more to create systems that can enforce protections and recover from breaches in case they occur.

Who Decides What IT Needs are Legitimate?
This is the part often overlooked. IT is not responsible for determining what access needs are legitimate or not; that is leadership’s responsibility. IT should communicate the benefits, risks, and any mitigation costs to leadership and ask for direction. Only leadership is responsible for determining who should and who should not have access to systems and data. IT’s role is to engineer and configure, train, monitor, and enforce the decisions made by leadership.

Effects of IT Setting Policy
When IT makes decisions without leadership’s direction, those decisions usually take the form of policies and system settings that frustrate team members. In organizations where that is the case, IT often becomes the “No” people. Some church and ministry teams get dysfunctional in the wake of those policies. Team members– who feel called by God to fulfill their ministry call– often take the posture of doing whatever it takes to fulfill their call even if it means going around IT’s policies and system settings.

Effects of Leadership Setting Policy
Policies set by leadership are ultimately enforced or modified by leadership. IT has the potential of having a ministry-facilitating impact by letting leadership set policy. And leadership should fully fund whatever is required by the policy decisions it makes, which means that IT doesn’t have to try to string together inadequate strategies. If leadership doesn’t fund IT with what is needed, IT should let leadership know and ask for either a change in policy or a change in the budget.

March is IT-Be-Green Month!

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2018 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

March is the month of St. Patrick’s Day, whose modern-day associated color is green. When we think ‘green’, we also think of doing things that are friendly to the environment. What are some quick tasks we can do to make IT more ‘green’?

Why the Green Focus?
Many in our congregations and ministry constituencies want us to be good stewards– not only of our financial resources, but also in the way we consume resources to accomplish ministry. I live in California, and folks– especially millennials– esteem homes, businesses, churches, and more as ‘better’ if they’re more environmentally sensitive. There are many in your congregation or ministry constituency that would be all the more pleased with associating with your organization if they knew that there are initiatives underway to help protect the environment. And that makes cost-effective green initiatives a win-win!

Green Server Rooms
A common issue we see in server rooms is that they become storage areas for all kinds of things. That happens mostly because team members don’t understand the need to keep the server room clean, cool, and secure; many perceive the space as ‘available’ even though it isn’t. Defending the space can be exhausting.

March is a great month to go through the server room and remove anything that shouldn’t be there. In addition to boxes of things others have deposited there, consider what IT-related items are stored there too! Churches and ministries sometimes have a hard time letting go of retired technology that still worked when it was retired, even though they’ll never use it again. “But what if…?”

When I visit clients, I often offer to clean out all those old CRT monitors, Pentium computers, keyboards, roller-ball mice, and cords that are gathering dust (a fire hazard) and are taking up space. Seriously, if you haven’t used it in a couple of years, it is probably trash. It’s actually good stewardship to let them go! Here are just a couple of reasons why:

  1. There are many electronics recyclers that are willing to help, and usually for free! If they’re certified electronics recyclers, you can even trust them to erase hard drives, etc as they do their recycling! And recycling is a good thing.
  2. The more things that are stored in a server room, the less cool air is available to absorb the heat exhausted by your servers and other electronic gear. That can contribute to running hotter and consuming more electricity, and cause a shorter life for some equipment. Clean server rooms are always best.

Green Systems
There are a few things worth considering and doing that will help make your IT systems more ‘green’ in general.

  1. Virtualize your servers. Virtualization is a software technology that makes it possible to reduce the number of physical servers in your organization. It uses an app called a hypervisor that allows you to install more than one virtual server on each of your physical servers, which we then call hosts. In addition to saving money by not having to purchase a bunch of physical servers, virtualization reduces the amount of electricity consumed because the number of physical servers is smaller. It also helps reduce electricity consumption by reducing the amount of heat in a server room that must be overcome by air conditioning systems because there are fewer electronic devices exhausting heat!
  2. Move Servers to The Cloud. In addition to virtualizing your local servers, consider going a step further by determining whether their roles can be moved to a hosted cloud service provider. In recent years my firm has moved many clients’ entire group of local servers into our cloud infrastructure, dramatically reducing electrical consumption while also outsourcing the responsibility to maintain those servers. The cloud is a terrific way to make your systems more green, while also reducing capital expenses.
  3. Clean Dust from Inside Computers. It’s amazing how much dust accumulates in computers. For those computers that remain on-site (servers, workstations, etc), consider cleaning their cooling fans. Perhaps organize a volunteer work party that goes to each workstation and cleans their insides! Cleaning them out every March as part of your ‘green’ initiative will reduce their electrical consumption and may extend their life because they’ll run cooler!

St. Patrick’s Day! What a great time of year to clean up server rooms– or maybe even eliminate them by moving into the cloud! And a great time to clean the dust from inside your servers and workstations (before the weather begins to warm up).

February is IT ‘Love Your Team’ Month!

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2018 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

February is the month we celebrate Valentine’s Day – you might say it is the Month of Love! How does that look in church and ministry IT?

The IT Challenge
IT is often perceived by those not on the IT team as “The NO Guys”. Some of us have worked hard to earn that title and enjoy it! Most of us in church and ministry IT, however, are often caught by surprise when reminded by other ministry team members that we’re perceived as The NO Guys.

There are at least a few reasons why we’re often perceived that way. One is that we try to enforce good IT policies, and few outside of our discipline understand the need for some of those policies. A second is that we typically lean towards being introverts vs extroverts. That characteristic has a number of side effects, like that we don’t often communicate as warmly as others, talk in acronyms, and so on. And a third is that we have a difficult time with certain people of the ministry team, and grow passive/ aggressive styles with them that can communicate inflexibility.

Okay, enough psychological analysis.

Why We Should Try
The answers are obvious to us. We’re commanded to love one another, and we’re told that by doing so, observers will know we are Christians. If you’re like me, you find those kinds of verses encouraging, but also a little frustrating. It’s hard to express love in our professional discipline sometimes!

But Jesus is not surprised by technology, and he understands the need for order. So, it’s worth coming up with ways that our non-IT team members will know that we love them. And that we love serving them. And that we are their ministry partners.

What Are Some Things We Can Do in February?
February is thought of by many as the month of love. In it we celebrate Valentine’s day– a universal day of love! So, it seems like a good time of the year to ask our fellow ministry team members to ‘be our Valentine’ through our actions. Which James tells us is necessary (see James 2:14-17).

Here are a few very practical, tactical ways to show your team members that you love them:

  1. Clean their monitors/ displays, mice, and keyboards. After hours, go through the offices and clean the gunk off those devices! If your organization’s team is too large for that to happen, organize some volunteers to help you! There are members of your congregation who would love to join you on this.
  2. Pray for those on your organization’s team, and send them a handwritten note or email or text saying simply that you prayed for them: for protection from the enemy–for them and their family–and for their effectiveness in ministry.
  3. You could even combine the two! Encourage the volunteers helping you clean monitors/ displays, mice, and keyboards to pray for the team member while at their task, and to leave behind a brief note saying they were prayed for.

You may even want to add this to your task list as a recurring task every February!

This seems so simple, but even so, it can have a huge impact on how those on the ministry team perceive those in your IT Department. Or you, specifically. Maybe it’ll help get beyond the prevalent misperception that the IT Department is where The NO Guys are.

Five Things Worth Doing in January

Written by Nick B. Nicholaou on . Posted in Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

January, 2018! The start of a new year! New beginnings are part of the Christian life, and January is a great time to make certain a few IT items are ready for the New Year. Let’s focus on protecting systems and data….

Firewalls
The most common entry point for malware and other system ills is the internet. The best way to protect your system and data from bots, rascals, and compromised websites is to be certain your firewall is adequate and is current. Some points worth examining:

  • Is your firewall adequate? There are many options to consider when buying firewall solutions– whether hardware or software. My firm’s preference is SonicWALL firewalls (we don’t sell or benefit from our hardware and software recommendations). We find the features and price point are a good ‘sweet spot’ for churches and ministries. Yes, you can buy more expensive and capable firewalls, but very few churches and ministries benefit from any features beyond what SonicWALL includes in their firewalls. We also recommend purchasing their Total Secure package, which can filter internet content.
  • Is your firewall subscription current? Regardless of which firewall you use, make certain that if it requires a subscription to stay current, your subscription is current and in force. Not doing so is the equivalent of welcoming intruders, rascals, bots, and malware that have developed new methods for gaining access to your systems and data.
  • Make certain there is no connection from your systems to the internet that don’t go through your firewall. We have seen many churches and ministries mistakenly connect their internet connection directly to their network switch. The internet connection should connect to your firewall, and then your firewall to your switch so that all internet traffic MUST go through it.

SPAM
The second most common way for malware to access your systems and data is via email attachments and links. SonicWALL is not our preference for this important role; we prefer the Barracuda SPAM Filter. It is best of breed and a best practices solution.

My firm inexpensively hosts SPAM filtering for many churches and ministries. I don’t mention that to try to sell our service, but to point out that we were surprised to see how many users of Microsoft O365 email use our hosted SPAM filtering solution (yes, we use a Barracuda SPAM Filter, model 600). We moved our email to O365 for six months and were shocked at how much SPAM got through Microsoft’s filter! Now we know why so many O365 users have their email scrubbed by other solutions!

Anti-Malware
Protecting systems and data requires multiple layers. An important one is your anti-malware solution. And simply purchasing and installing it is not enough! These solutions also have subscriptions that keep them updated and identifying new methods used to cause  harm. It is essential that the subscription on your anti-malware not be allowed to lapse– the same as your firewall subscription. I know churches and ministries that have been hit by new ransomware methods because they didn’t keep their subscriptions current.

The anti-malware my firm recommends is Thirtyseven4.com. It is capable, and it is reasonable in cost.

BTW… it should be installed on every Windows and Mac computer– whether notebook, tablet, desktop, or server. Some say it’s not necessary on Macs, but that isn’t true. Even though few anti-malware threats are written to impact Macs, Macs can be carriers that infect shared data drives and more.

Passwords
What is your password policy? Here are some quick thoughts on this important topic:

  • Passwords should be strong (minimum of 7 characters that include uppercase and lowercase alpha, numbers, and common punctuation).
  • Passwords should not be required to periodically change! Our firm has been saying for many years that forcing users to change their passwords actually lowers system security. In 2016 the U.S. Federal Trade Commission agreed with us based on two studies! You can read about it at https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes.

Backup
Some say protecting the integrity of system data is IT’s most important responsibility. Do you have a comprehensive backup strategy? And do you test it? An untested strategy is dangerous! Here’s what we recommend:

  • Establish a strategy that makes certain all important data is on your server. This is worth doing because 1) it is the organization’s data, and 2) it eliminates the requirement that all systems need to be connected to the network (facilitating notebooks, etc).
  • Backup all system data nightly to an appropriate device. LTO tape is the most affordable and durable technology for this, and is preferred by most of corporate America. Our favorite backup solution is Veeam. It’s powerful, easy to use, and they offer churches and ministries very reasonable pricing.
  • Take a copy of your backup tape off-site weekly to protect your organization from a larger disaster.
  • Create a monthly task in whatever task tracker you use (like Outlook) to test the backup. You can do this by restoring a random file or folder, and then confirming that the restored files are intact.

These five things will likely take less than an hour to check, and can help ensure that your organization’s systems and data are well-protected for 2018! Happy New Year!