Archive for May, 2017

Should Churches Continue to Reimburse Cell Phone Fees?

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

Churches reimburse some staff members for their cell phone and internet costs. In the early days of those technologies, doing so made sense. Has the way we communicate changed so much that it’s time to reconsider? What are the issues?

Historical Perspective
I got my first cell phone in 1987, and was one of only 1 million in the U.S. who had one. But it was worth the cost (often $750+ monthly for one line!) to be available to our clients as I travelled across the USA. Five years later that number had grown to 11 million, and in 2000 passed 100 million! By 2010 there were more cellphones (and smartphones) in use than there were people in the U.S., and by 2015 half of all U.S. households no longer had a landline connecting their home to the telephone system network (we removed our landlines in 2007).[1]

Why does that matter? In the earlier years of cellular phones they were very costly to buy and use, and were perceived as additional phone lines. As great tools enabling a burgeoning mobile workforce, churches wanted their staff to have cellphones to facilitate better communications between themselves, their teams, and their congregations. Because they were an added phone to the home phone, many church team members couldn’t afford to have one.

The same is true for internet connections at team members’ homes. In the 1990s and early 2000s they were considered optional. Reimbursing staff for the expense of being connected made sense for many team roles.

So churches developed a number of ways to underwrite the cost for these services for their staff via reimbursements, allowances, and more. The IRS finally helped by simplifying the tax treatment of cellphones provided to employees in 2011 following the Small Business Jobs Act of 2010.[2]

Should Reimbursements & Allowances Continue?
There may be circumstances where those are appropriate, but for most the answer going forward should be no. Those communications services are no longer considered additional methods in the U.S., but are now integral to our communication fabric.

At a gathering of megachurch church business administrators and managers (CBAs) I recently attended, one of the CBAs asked, “When staff leave the church, they don’t want to turn in their cellphone or terminate their service! If they will pay for it themselves after they leave our staff, why do we pay for their service and phones while they are on staff?” Good question!

Today nearly all working adults in the U.S. have a cell phone (or more accurately, a smartphone), and most households have broadband internet service. So why should the church reimburse the cost of these services? It no longer needs to.

Transitions are Sensitive
Simply deciding to no longer reimburse for these services could be problematic. I suggest the following:

  • Set a policy that reimbursements for cell phones and internet service will no longer be made to church staff. This policy would apply to all new hires.
  • To ‘grandfather’ those who have been receiving assistance for these services, add the amount they have been receiving to their base pay; a sort of one-time adjustment to their pay. This allows you to eliminate assistance going forward without hurting any team members that depend on it. It also simplifies the payroll process– a win-win!

Transitioning in this way will remove the discussion for any new team members, and continue meeting the needs of existing team members.

People no longer need assistance with their cellular or internet service. It’s part of the standard way we communicate today in America. It’s okay to end the practice of evaluating who to assist, how much to assist, and then account for those decisions in budgets and in the payroll process. Handled in this way, no one will get hurt in the process, and no one will suffer because of the policy.

[1] These statistics are from, an association representing all sectors of the U.S. wireless communications industry.

[2] See for details.

Don’t Become a Cybercrime Victim

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
Ministry Business Services, Inc. President
Reprinted from inSIGHT

The most current stats published by the FBI (2015 via show they received nearly 290,000 cybercrime complaints that year, with an associated loss of $1.1 billion! At the time of this writing a new ransomware called WannaCry (aka WannaCrypt) is infecting computers worldwide. Are you and your data safe? What do you need to do– and not do– to be safe?

Age Groups Affected
The two age groups most impacted by cybercrime are ages 20-39, and ages 40-59, and both of those groups are about evenly split. Together they account for 80% of cybercrime victims in the U.S. Thatmakes sense when you figure that those under 20 (4% of victims) don’t have much to spend online, and of those over 60 (16% of victims), only a portion of those are heavy computer users. So, what the stats seem to say is that if you use a computer, you are equally at risk no matter what your age is.

How Do Cybercrime Infections Happen?
Most cybercrime happens one of two ways:

  1. Via Email. An email appears in your inbox that has a link, graphics, or a form to complete, or may appear to be from someone you know (known as spear phishing).
  2. Via Infected Websites. Websites, even those that are legitimate, can be infected with malware easily if their hosts are not keeping up with security patches and strategies. Criminals can buy inexpensive ‘crimekits’ that look for and infect vulnerable websites. We’ve even seen that happen to church and ministry websites!

How to Protect Yourself and Your Data
Let’s address this in the two categories of email and websites.

  1. Via Email. There are a number of things you can do and are best not to do to help in this area:
    • Make certain your email is scanned by a capable SPAM filter to help minimize the number of dangerous emails that get to your inbox. I say minimize because some will still get through even the best SPAM filter; those are often referred to as zero hour emails. Zero hour emails are newly introduced methods and strategies that have not yet been identified as a pattern of dangerous email.

      Our firm prefers Barracuda SPAM filters. We even tested Microsoft’s O365 SPAM filtering solution, and found that it let many more unwanted emails through than the Barracuda– especially­ from other O365 email accounts.

    • The FBI warns as follows:
      • Do not click links in emails. I modify their warning, that you can click only if you first hover your mouse over the link, which will show you where it wants to take you. If you’re not certain the destination is safe; do not click the link.
      • Never reply to senders you don’t know. This gets tricky, though, because the sender can be spoofed, as in spear phishing. If you want to reply to someone– even someone you know, look at the email address in the ‘To’ field when you’re composing your response to be certain that address is what you expected to see there before clicking ‘Send’.
      • Do not fill out forms in emails.
      • Do not open attachments in unsolicited email.
      • Be skeptical of those representing themselves as surviving victims or friends in need.
    • I add one more item to the FBI’s list. Immediately delete SPAM emails, and empty your deleted items daily.
  1. Via Infected Websites. I recommend two methods of protection in this area:
    • Use a good firewall to protect your entire system from dangerous content transmitted from websites. The better firewalls let you filter content, but for this discussion, the focus is on protecting your systems from malware. Typically there is a subscription from the firewall provider that must be kept current to protect you from newer methods and strategies.

      The firewalls my firm recommends are SonicWALL firewalls running their Total Secure subscription package. We find those to be the sweet spot of features, protection, and cost for churches and ministries.

      If you’re a consumer vs an organization, check with your Internet Service Provider (ISP) and confirm with them that they have all of the protections turned on in the modem or router they provided.

    • Use a capable anti-malware solution on your computers– whether Windows or Mac (yes, Macs get infected too, regardless of what many say). The solution my firm likes most is; it is capable and reasonably priced.

Finally, keep a history of total data backups to help you recover from an infection that somehow slips through. There are no total guarantees of protection, and having a history of backups available (we prefer a full month of daily backups to cover an infection that has an incubation period and doesn’t ‘go live’ and get noticed for awhile), you should be able to recover from any infection that happens.

What About WannaCry Ransomware?
WannaCry takes advantage of a Windows vulnerability that Microsoft patched months before the outbreak occurred for all their supported operating and network operating systems. That said, it is important to keep your systems and apps up to date regarding patches; many of the updates are security-related.

It appears WannaCry is gaining access to files from people responding to a spear phishing attack. Be cautious with the emails in your inbox!

If you are running an unsupported Microsoft operating system, like XP, Windows 8.x, or Server 2003, Microsoft recently released a patch you can manually download and apply to shore up the vulnerability WannaCry exploits. Here’s a link directly to Microsoft for help:

Don’t become a victim of cybercrime! These are easy-to-implement strategies and disciplines that you, your staff, and your family can adopt. And there will likely come a time when you’ll be glad you did.

Mobile Devices, Apps, & Other Exciting Technologies

Written by Nick B. Nicholaou on . Posted in Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

The world of computing is going through more changes, thanks to the cloud and its ability to make data–and access to it–pervasive. Anywhere and everywhere! How does a church or ministry decide what technologies to adopt? The answer is surprisingly Old School.

New & Exciting Technologies
There are so many new ways to access and process data! iPads and Androids are changing everything! Or they at least want to! Between those devices and our smartphones, it doesn’t seem like we need desktop and notebook computers anymore.

There are two issues worthy of addressing here: 1) the hardware, and 2) where our data is located in the cloud.

Tablets are terrific tools, but are they the right tools for those jobs we are called to in The Church? For some jobs they are, but for some they aren’t. How can you tell which is correct for your organization?

My perspective is impacted by my degree and subsequent studies in management. That affects how I approach and strategically use technology. I told a member of our team recently that I like to manage as though I were a NASCAR driver: I want maximum RPMs and output, but I need to be equally focused on maintenance and care. With regards to maintenance, different members of the crew need different tools to get their job done (imagine giving the jackman’s jack to the engine tuner, or the engine tuner’s computer to the jackman!). This relates to the hardware options available today.

Depending on someone’s role, they may be best to use a tablet (iPad or Android) rather than having a desktop or notebook computer. This might be true for those who rarely work in accounting or databases, for example. Tablets are terrific for email, browsing, organizing thoughts in preparation to teach or lead a meeting, and so on.

Others, however, can only be efficient with a desktop or notebook computer. This might be true for those who work in accounting or databases, as well as graphic design and audio/video editing. Those roles need full keyboards, mice or trackpads, and monitors (displays in the Apple world). While it’s true that some of this work can be done on a tablet, the process will very likely take a big hit in efficiency. As those who want to hear “Well done” at the end of this earthly journey, good management means balancing efficiency with maintenance and care.

Data Location in The Cloud
The cloud is the vehicle driving us toward more use of tablets and smartphones to do the operational side of ministry. To be fair, some solutions have focused on creating very good and efficient apps to help us do more on those devices. But some solutions, like accounting systems and databases, are so large and intense that apps only access a subset of all that the computer version of the solutions have to offer.

There’s another issue that should be strategized when trusting our data to the cloud. The issue is the safety and availability of our data. The practical issue is whether our data will be available to us when we need it.

Let’s break this into two categories: how the data is available, and the safety of the data.

  • Churches and ministries function most efficiently and safely when certain kinds of data are sharable among members of a group or department. For instance, the children’s or youth department of a church may have multiple team members on staff, and those team members each need to access the same data. Their data needs to be in a shared folder. The administrative or human resource departments may have similar needs, but their data is sensitive and needs to be secure so that only the members of those departments can get to their data.

    It is important that whoever we’re entrusting the hosting of our data to can meet those sharable and security needs. There are some providers that can’t, and thus may not be good candidates to host our data.

  • Not all datacenters are created equal. The key issues are how they protect the data stored within their buildings (physical and technical security), and how redundant the necessary systems are to ensure uptime. The redundancy is the easiest to score. I created the following chart for my book, Church IT: Strategies and Solutions:






no redundancy (only one source of power, only one internet trunk, only one way to manage HVAC)


up to 22.8 hours of downtime annually


partial redundancy


up to 22 hours of downtime annually


full redundancy, a.k.a.
N+1 fault tolerance


up to 1.6 hours of downtime annually


at least double redundancy, a.k.a. 2N+1 fault tolerance


up to 26.3 minutes of downtime annually

I recommend only entrusting your data to a certified Tier 3 or Tier 4 datacenter. Anything less may mean you can’t get to your data when you need or want to. Remember, your busiest day of the week is when many others might schedule maintenance!

There are so many exciting technologies we can use today! Good management means getting optimal output from our team members, and that is dependent on providing them with the right tools based on their role in our organization.