Posts Tagged ‘Disaster Recovery’

July – Improve System Security Month!

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2018 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

While speaking at a conference recently, a cybersecurity expert whose company offers email user testing and training stated that KnowBe4.com‘s solution was the best they’d ever seen. Little did they know I was in negotiations on The Church’s behalf with KnowBe4!

What Is It?
KnowBe4 is a subscription-based solution that allows an organization to send what looks like SPAM emails to users that include links, etc. The solution tracks who clicks on the links, and when they do, adds them to a group whose members must watch a short training video online to learn what to avoid. Watching the video removes them from the group.

I’m aware of organizations whose users started at an 80% or higher click-rate. They saw the solution to educate their team and get the percentage to under 10%. The results are a more secure user community, and improved security and safety for the organization.

What’s The Deal?
KnowBe4 offers a 10% discount to not-for-profit organizations, with an additional discount of 25% for a three-year subscription. So, they normally offer up to 35% in savings to charities.

Through our negotiations, KnowBe4 offered to add an additional 20% discount to any who say they were referred by MBS, and who contact a specific employee of theirs to sign up! That means you can get a 35% – 55% discount just by telling Tiffany Yeager (727.877.8226 or ​tiffanyy@knowbe4.com) you were referred by MBS! (As always, MBS makes nothing on your referral business, as per our by-laws.)

MBS Recommends Their Platinum Package
KnowBe4 offers a few packages; we believe the best for churches and ministries is their Platinum Package.

It’s July– a good month to improve your system security. This is a great way to do so!

Identifying, Shaping, & Meeting Team IT Needs

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2018 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

A church IT forum discussion came up recently that is worth thinking through. The original post asked for input on how to keep team members from connecting their personal devices to the password-protected staff WiFi. The discussion that followed was a little like Mr. Toad’s Wild Ride! Lots of ideas being tossed around, most of which uncomfortably avoided the most important questions.

Underlying Risk
The vast majority tried to help by explaining various ways the team could be controlled or prohibited from attaching their personal devices to the staff WiFi. There were a couple voices of reason that participated, suggesting positive ways forward.

Those not in IT may not understand the underlying risk. Why shouldn’t team members connect their personal devices to the staff WiFi? There are legitimate dangers associated with letting personal devices attach to the staff WiFi.

  • The staff WiFi, usually password protected, is typically configured to give devices full access to the organization’s network as though they were connected and logged in via an Ethernet cable. That is in contrast to the public guest WiFi, which is typically configured to give devices access only to the internet, and hopefully access that is filtered.
  • The organization’s data needs to be protected. Churches and ministries maintain a lot of sensitive data that could hurt congregants and team members if not adequately protected. Data like contributions records, HR records, social security numbers of staff and some vendors, church member disciplinary notes, board minutes, and more. That data needs to be kept private, but it also needs to be kept available for team members to use in the operations of the organization. Malware like ransomware exists because hooligans understand the value associated with appropriate data access, and endeavors to block access to the data unless a ransom is paid.
  • The organization’s systems need to be protected. There are some who would like to disrupt the flow of church and ministry operations by crashing the system or participating in activities that could cause authorities to remove all computers and servers for forensic investigation and, possibly, evidence in a prosecution.

When team members use the staff WiFi on their personal devices, the organization’s data and systems are put at risk.

The Next Question
So, does that mean team members should not use the staff WiFi for their personal devices? Maybe; it depends on why they need it.

One of the forum participants, Jason Powell at Granger Community Church, contributed “Figure out what need they’re trying to solve. It took a while for our staff to be coached that there is no speed difference between our staff and public WiFi. After asking why they wanted a personal device on the staff WiFi, in almost every case, it was because they assumed it gave them something that the public WiFi didn’t. A simple conversation assured them that the public WiFi would do everything they were asking for.”

What if the need is legitimate, though? Jason continued, ‘For legit needs like interns, volunteers, etc needing a personal device to have more access, build a simple BYOD network.” A BYOD (Bring Your Own Device) network is not difficult or costly to do. The cost factors involved are more to create systems that can enforce protections and recover from breaches in case they occur.

Who Decides What IT Needs are Legitimate?
This is the part often overlooked. IT is not responsible for determining what access needs are legitimate or not; that is leadership’s responsibility. IT should communicate the benefits, risks, and any mitigation costs to leadership and ask for direction. Only leadership is responsible for determining who should and who should not have access to systems and data. IT’s role is to engineer and configure, train, monitor, and enforce the decisions made by leadership.

Effects of IT Setting Policy
When IT makes decisions without leadership’s direction, those decisions usually take the form of policies and system settings that frustrate team members. In organizations where that is the case, IT often becomes the “No” people. Some church and ministry teams get dysfunctional in the wake of those policies. Team members– who feel called by God to fulfill their ministry call– often take the posture of doing whatever it takes to fulfill their call even if it means going around IT’s policies and system settings.

Effects of Leadership Setting Policy
Policies set by leadership are ultimately enforced or modified by leadership. IT has the potential of having a ministry-facilitating impact by letting leadership set policy. And leadership should fully fund whatever is required by the policy decisions it makes, which means that IT doesn’t have to try to string together inadequate strategies. If leadership doesn’t fund IT with what is needed, IT should let leadership know and ask for either a change in policy or a change in the budget.

Five Things Worth Doing in January

Written by Nick B. Nicholaou on . Posted in Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

January, 2018! The start of a new year! New beginnings are part of the Christian life, and January is a great time to make certain a few IT items are ready for the New Year. Let’s focus on protecting systems and data….

Firewalls
The most common entry point for malware and other system ills is the internet. The best way to protect your system and data from bots, rascals, and compromised websites is to be certain your firewall is adequate and is current. Some points worth examining:

  • Is your firewall adequate? There are many options to consider when buying firewall solutions– whether hardware or software. My firm’s preference is SonicWALL firewalls (we don’t sell or benefit from our hardware and software recommendations). We find the features and price point are a good ‘sweet spot’ for churches and ministries. Yes, you can buy more expensive and capable firewalls, but very few churches and ministries benefit from any features beyond what SonicWALL includes in their firewalls. We also recommend purchasing their Total Secure package, which can filter internet content.
  • Is your firewall subscription current? Regardless of which firewall you use, make certain that if it requires a subscription to stay current, your subscription is current and in force. Not doing so is the equivalent of welcoming intruders, rascals, bots, and malware that have developed new methods for gaining access to your systems and data.
  • Make certain there is no connection from your systems to the internet that don’t go through your firewall. We have seen many churches and ministries mistakenly connect their internet connection directly to their network switch. The internet connection should connect to your firewall, and then your firewall to your switch so that all internet traffic MUST go through it.

SPAM
The second most common way for malware to access your systems and data is via email attachments and links. SonicWALL is not our preference for this important role; we prefer the Barracuda SPAM Filter. It is best of breed and a best practices solution.

My firm inexpensively hosts SPAM filtering for many churches and ministries. I don’t mention that to try to sell our service, but to point out that we were surprised to see how many users of Microsoft O365 email use our hosted SPAM filtering solution (yes, we use a Barracuda SPAM Filter, model 600). We moved our email to O365 for six months and were shocked at how much SPAM got through Microsoft’s filter! Now we know why so many O365 users have their email scrubbed by other solutions!

Anti-Malware
Protecting systems and data requires multiple layers. An important one is your anti-malware solution. And simply purchasing and installing it is not enough! These solutions also have subscriptions that keep them updated and identifying new methods used to cause  harm. It is essential that the subscription on your anti-malware not be allowed to lapse– the same as your firewall subscription. I know churches and ministries that have been hit by new ransomware methods because they didn’t keep their subscriptions current.

The anti-malware my firm recommends is Thirtyseven4.com. It is capable, and it is reasonable in cost.

BTW… it should be installed on every Windows and Mac computer– whether notebook, tablet, desktop, or server. Some say it’s not necessary on Macs, but that isn’t true. Even though few anti-malware threats are written to impact Macs, Macs can be carriers that infect shared data drives and more.

Passwords
What is your password policy? Here are some quick thoughts on this important topic:

  • Passwords should be strong (minimum of 7 characters that include uppercase and lowercase alpha, numbers, and common punctuation).
  • Passwords should not be required to periodically change! Our firm has been saying for many years that forcing users to change their passwords actually lowers system security. In 2016 the U.S. Federal Trade Commission agreed with us based on two studies! You can read about it at https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes.

Backup
Some say protecting the integrity of system data is IT’s most important responsibility. Do you have a comprehensive backup strategy? And do you test it? An untested strategy is dangerous! Here’s what we recommend:

  • Establish a strategy that makes certain all important data is on your server. This is worth doing because 1) it is the organization’s data, and 2) it eliminates the requirement that all systems need to be connected to the network (facilitating notebooks, etc).
  • Backup all system data nightly to an appropriate device. LTO tape is the most affordable and durable technology for this, and is preferred by most of corporate America. Our favorite backup solution is Veeam. It’s powerful, easy to use, and they offer churches and ministries very reasonable pricing.
  • Take a copy of your backup tape off-site weekly to protect your organization from a larger disaster.
  • Create a monthly task in whatever task tracker you use (like Outlook) to test the backup. You can do this by restoring a random file or folder, and then confirming that the restored files are intact.

These five things will likely take less than an hour to check, and can help ensure that your organization’s systems and data are well-protected for 2018! Happy New Year!

How Do I SPAM Thee…

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

SPAM email can be dangerous and painful to the recipient and to any data they have access to. Whether it’s ransomware, phishing, pushing of malware, or impersonation, a strategy is needed to protect ourselves. I’ll address these different types of SPAM, and how each should be strategically managed.

SPAM Comes in Many Flavors
In addition to what many think is a tasty lunchmeat, SPAM also refers to unsolicited email, and those emails are usually intended to do the recipient harm. Sometimes the pain is small, but often it is big and costly. The most costly to an organization are usually ransomware and business email compromise; the most costly to an individual are usually phishing scams.

Here are some categories of email SPAM and how to respond to them:

  • Business Email Compromise (BEC), a.k.a. Impersonation Emails
    • Form: These SPAM emails used to only target businesses working with foreign suppliers and businesses who use financial wire transfer methodology. But in the last year we have seen many occurrences hit churches and ministries using checks! The form of the attack, as it affects churches and ministries, is usually an email supposedly from a pastor or executive in the organization directing the recipient to immediately transfer funds or cut a check. These attacks are usually well researched (we are welcoming and friendly environments, and we give them all of our staff structure and names on our websites!), and can feel legitimate.
    • What To Do: Never comply with the request. Always, require a live voice confirmation of the request in person or via live telephone call.
  • Ransomware
    • Form: Ransomware is malware installed on your computer that usually gets introduced through a SPAM email, compromised website, or even through a bot (internet program) that looks for Remote Desktop Protocol vulnerabilities. Once infected with the ransomware malware, data is encrypted and held for ransom.
    • What To Do: One of the best defenses against ransomware is to keep multiple days (we prefer a full month) of full data backups so your system can be ‘reset’ if an infection gets through your defenses. In addition to ensuring good backups:
      1. Never click on a link or graphic in an email you weren’t expecting. Even if it came from someone you know, do not click any links. If you think the email and its links may be legitimate and want to click them– before clicking on them– hover your mouse pointer over the link without clicking. Doing so should show the destination of the link. I recently did this on an email I received from Microsoft that looked legitimate, but the link would have taken me to a very different location than what I expected. Best rule: if you’re not sure that it’s okay to click, do not click!
      2. Make certain your computer has a good anti-malware program running on it. That’s true whether you’re using a Windows or a MacOS computer. The solution my firm recommends is www.thirtyseven4.com… doing so will help prevent you from accessing most compromised websites.
  • Phishing
    • Form: Phishing has a few forms, almost all of which happen through email SPAM. Phishing is the attempt to get the recipient to provide personal information about themselves that could be used to accomplish some form of identity theft. Phishing is sometimes referred to as clone phishing (a previously legitimate email that has been recreated with malware embedded or in links and re-sent to the same list of recipients as the original), whaling (phishing attacks aimed at executives and high-profile targets), and spear phishing (attacks targeting specific individuals that may even contain information about them discovered through websites, social media, and other sources.
    • What To Do: Never respond to a request for personally identifying information in an email without first confirming the source. I even take this a step further if I get a phone call from my bank about possible fraudulent activity in my credit card account! In the call they ask for my password to prove I am who they intended to reach. I decline their request and tell the caller they need to tell me my password to prove they are who they say they are since they initiated the call! They’re not allowed to tell me, of course, so that’s when I disconnect and call the number on my credit card– that way I know I’m talking to my bank.

These are a few SPAM categories. It is imperative that every organization use a high-quality SPAM filter on its email server to eliminate most of the SPAM from being delivered to email account holders. There are a lot of SPAM filter solutions available; our favorite is from Barracuda. They are the gold standard and best-of-breed in that industry.

Just an fyi… we host SPAM filtering for churches and ministries nationwide using a Barracuda SPAM Filter 600. We process more than 90,000 emails daily, and it blocks about 80%. That means about 80% of the email pointed toward your email inbox is unwanted! And some of it is dangerous!

Using a solid SPAM filter won’t stop all SPAM from getting to users’ email inboxes, but doing so will stop almost all of it. That reduces the likelihood that someone will click on something they shouldn’t. But the best protection will only come from repeated training to all team members. I recommend reminding the team of the danger on a monthly basis during all-staff meetings. And if you know a story in which an organization was hurt as a result of SPAM, tell the story! Doing so will help those who don’t take threats and threat-mitigation seriously to re-consider.

Helpful Computer Hacks

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

I grew up in an age when a ‘hack’ was someone who was incompetent. In those days there were no personal computers or mobile devices. Now everyone has access to multiple computers and various mobile devices. And wouldn’t you know it– ‘hack’ has a new meaning! Today a hack can be a clever way to get things done well.

Following are some hacks that can really help improve your efficiency on a computer!

Hacks for Computer Users
The following hacks are especially helpful for computer users.

Keyboard shortcuts. In today’s world of Windows and Mac operating systems we have become dependent on pointing devices. Granted, those devices are very helpful. But before these current operating systems, we used keyboard combinations to do some of what we now do with a mouse or track pad. Those keyboard shortcuts are still available to use, and they can save time! Here are six I still use often:

Function

Windows

Mac

Print

Ctrl + p

⌘ + p

Copy

Ctrl + c

⌘ + c

Cut

Ctrl + x

⌘ + x

Paste

Ctrl + v

⌘ + v

Italics

Ctrl + i

⌘ + i

Bold

Ctrl + b

⌘ + b

Multiple Monitors/ Displays. For those who’ve always used one monitor or display, having two or may three seem excessive. But the increase in productivity with two or three is surprising! I always recommend at least two now; the cost is minimal and the benefits are significant! My desk is configured with three: the one on my left always has Outlook running on it, the one in the middle is where I do most of my work, and the one on my right is for research references (browser, database, etc). I also find it helpful when opening large spreadsheets to stretch them across my middle and right displays!

Recurring Tasks. We all have them: recurring deadlines that are due every Wednesday, once a month, quarterly, etc. I use Outlook’s task functionality to set the reminders I need to help me hit my deadlines. This is one of the most helpful and least used tools available. I also use Outlook tasks to remind me to do things I’ve promised to do, helping me avoid them falling through the cracks of my active schedule.

Managing Email. Email consumes a larger part of our days than most of us want. I have three email hacks that help me stay focused and efficient, even though my average daily email count is well over 100.

  • Inbox. I keep my Inbox as empty as possible so I don’t waste time reading the same emails over and over. When an email comes in I either respond and then delete the original (a copy of the original is in my response!), put a flag (due date) of when I want to respond by and drag it to a subfolder based on the type of email it is (personal, business, etc), or delete it if it’s one I don’t care about (like an ad).
  • Sent Items. Once I send an email I delete it unless I need a reminder that I’m waiting for a response or it was a topic that could have legal ramifications (if it was, I make a PDF copy and store it).
  • Trash. I empty my trash at the end of every day. In the rare case that I need to find something I deleted, I log into our email server via browser (using Outlook Web Access), search deleted files, and restore it.

Automatic Backup. I always feel bad for someone who says a hard drive crashed and they lost all of their files, including photos that were irreplaceable. Losing important files is painful. There are many cloud services available to consumers that will automatically back up files to their cloud servers. There are also utilities in the Windows and Mac operating systems that will automatically back up files to an external drive.

Hacks for IT Professionals
The following hacks are especially helpful for IT professionals.

System setup checklists. As IT pros, we often set up new systems. If the process isn’t automated, I recommend creating a checklist to help achieve standardization. In addition to improving setup consistency, checklists save time because you don’t need to review your work to determine what you’ve already done after an interruption.

Professional Relationships. It’s so helpful to build friendships with people you can turn to when a challenge comes up that stumps you! Those ‘lifeline’ calls can save so much time! The best professional organization I’ve found for those in church and ministry IT is The Church IT Network (http://churchitnetwork.com). They have a low-cost annual gathering in the Fall, and low-cost regional gatherings in the Spring.

Monthly Backup Test. Set a task in Outlook to test your backup monthly. A good test is to restore a file or folder structure and then open the file(s) to verify the backups you’re relying on are good.

Those are some hacks that can really help!