Posts Tagged ‘Managing IT’

Can You Trust Your Leadership?

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2019 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

In 2008 I wrote an article about how to tithe on behalf of a business. There is surprisingly little published on the topic, which is why I addressed it. After ten years, it’s still the 3rd highest ranked resource via Google, and I continue to get questions from people wanting to know specifics on how to apply it to their business.

I received an interesting question this weekend that really was about whether one can trust their church’s leadership and, ultimately, the Lord. The ramifications go much further than the original question– even to church IT, and seemed worthy of an article.

The Question Posed
“If I feel that the leaders of the church are not doing what they suppose [sic] to do in the church and when something is needed for the house of God they don’t buy it like furniture, carpets etc, can I use my tithe money to buy those necessary things for the house of God. PLEASE ADVISE”

It felt to me like this is a larger question that relates to faith. Faith in the Lord, and faith in his ability to lead through the leadership he’s put in place in his church.

The Answer I Gave
“If your faith is in the God of the Bible through Jesus Christ, then you can’t help seeing in scripture that the church is his church. In fact, it is referred to as the bride of Christ!

“If it is his church, and he says that he puts those he wants in leadership positions, can you trust him to lead his church? My guess is that your answer is yes, you want to. If so, we’re told to bring our tithes in, not to direct how they are managed. Interestingly, even the IRS says that when you give a donation you relinquish control.

“But what if you believe the church leadership is mismanaging? If that’s the case, you may need to find another church. Or decide to trust that God is in charge.

“Ultimately, tithing is a faith issue. Money always has an emotional tie to our heart. I encourage you to focus on trusting God to manage his church and decide to trust the leadership he’s put in place (unless they’re violating scripture). Focusing on him– even when you’re not certain leadership is going in the right direction– is a terrific step of faith the Lord will bless.”

Ramification for Church IT Employees and Volunteers
I really believe that! There have been plenty of times in my 40+ years as a Christ follower that my church’s leadership has made a decision I wasn’t convinced was great. God says he leads the church, and I have chosen to follow him.

A pastor friend once told someone who was leaving the church who said he couldn’t agree with a decision made that, until that moment they had only been walking in parallel paths. Each of the church’s previous decisions were what the congregant believed was right. “But with this issue, this is your first opportunity to follow leadership.”

Leadership sometimes makes decisions that IT staff and volunteers think may not have been the best IT decision. The common response is to protect the rest of the church by making decisions that leadership should make so leadership can’t make the wrong decision. Doing so leads to dysfunction! Staff begin a culture of making their own IT decisions too. Before long, the leadership, staff, and IT are all frustrated.

Worth Considering
IT’s role is not making policy decisions– even about IT issues. IT’s role is to inform and influence leadership’s IT decisions, and then to implement and support them. That takes pressure off IT, and helps the entire team to focus on living within leadership’s decisions.

The next time IT is tempted to make an IT policy decision, instead present the issues to leadership and let them make the decision. Trust the Lord! It’s his church.


GDPR and the Golden Rule

Written by Jonathan Smith on . Posted in Articles

© 2018 by Jonathan E. Smith, all rights reserved
Director of Technology, Faith Ministries
Reprinted from MinistryTech Magazine
 

I know what you’re thinking. You’ve received numerous emails over the past few months about GDPR and you are sick of hearing about it. Seeing GDPR one more time makes you want to scream. I’m with you. I’ve gotten emails about GDPR from companies I have no record of ever interacting with, and I’m a geek so I keep track.

While traveling around the past few months since GDPR went into effect on May 25, 2018, I’ve been amazed at the number of questions folks are asking about it and the astonishing lack of information there is about it, especially as GDPR relates to churches and ministries. In an attempt to narrow the knowledge gap here is my best effort to tackle the GDPR issue, specifically how it relates to churches and ministries. Please note, I’m not an attorney, I don’t even play one on TV, so while I’ve done my research it is always good to ask your legal counsel to sign off on any plans or changes you may have or plan to implement in response to GDPR.

What is GDPR?
GDPR stands for General Data Protection Regulation. It was passed by the European Union to provide their citizens with more control over their personal data and to determine what those they’ve given their personal data to can do with it. In many ways, it could stand for Golden Data Protection Rule, one with a biblical worldview could sum up GDPR as the Golden Rule of Data, treating others data the same way you want your data treated.

The law also provides a few specific provisions for EU citizens. First, what is considered personal data is defined. Second, EU citizens can request their data be completely removed or can only be used for certain purposes. For example, you can contact me using my data but you cannot send me ads using my data. Third, organizations operating in the EU have to report any data breaches within 72 hours.

Reading what GDPR does you can understand why it was written. It took Equifax weeks to notify the world they had been hacked, GDPR addresses that. Your data on Facebook makes you the product, not the customer and you have no control over what Facebook does with your data, GDPR addresses that.

How does this affect those not in the European Union?
This is the biggest question surrounding GDPR and one the entire planet is struggling to understand. The European Union has 500 million citizens, so they have the ability to push their agenda a bit. The challenge for organizations operating worldwide is the EU has set the strictest of standards, so do you operate with multiple policies concerning data collection and use based on where the individual lives, or do you work off GDPR since that ensures the most people will be covered by your policies. If you don’t fully understand, you aren’t alone.

Some companies in response have stopped operating in the EU until they can figure this out. The issue is they operate in the EU and are storing data for EU citizens. GDPR states how you should do that if you meet both qualifications.

Enforcement
This is where the world of international law gets complicated. While GDPR tells you how you can/should store and use the information of its citizens, it cannot be enforced on organizations that do not have a physical presence in the EU. Let’s take Facebook for example; they have a large, lucrative presence in the EU. They have data centers, offices, etc in the EU. The EU is able to enforce GDPR because Facebook has a physical presence there. In other words, there is a location that can be seized, personnel that can be arrested, and executives that can be taken to court.

For organizations that do not have a physical presence in the EU, this does not apply. There is no office or data center or person they can hold accountable and the EU is not able to enforce its laws on those outside the EU, for example, in North America. That’s how international borders work.

Blah, blah, blah. How does this Impact Churches?
If you’ve skimmed the first part of this, that’s fine but this is the part in which to pay close attention. At its heart, the GDPR legislation is about being a good steward of data. While data can mean many things from name, address, phone number to t-shirt size and food allergies, it is important for us to remember in the church world: data means people and people mean souls. We did not need GDPR to tell us to be good stewards of the people our ministries serve.

The Bible tells us to be good stewards (1 Corinthians 4:2), the Bible also tells us to obey the authority (Romans 13), including governments, placed over us. In this case, it seems the EU is telling those who operate in the EU to do what the Bible says and be good stewards of data.

GDPR requires a few things I would hope churches around the globe are already doing:

  1. If your data is breached, report it within 72 hours. Even without GDPR, every church should have a data breach plan and procedure in place and want to be open and honest when mistakes happen. The church is the last place that should try to cover it up for weeks or months.
  2. If a user wants you to remove them from your database, remove them. Even without GDPR, every church should have a procedure to remove a record from their database if someone does not want any of their information stored within your organization.
  3. If a user wants you to email them prayer requests but nothing else, honor their request. Even without GDPR, you should be able to send folks what they want and not require them to get everything you send out. There is a difference between sending out prayer requests and fundraising requests. Do you allow folks to determine how you use their data?

I’m sure by now some of you are wondering about financial data. What happens when someone gives you money and then wants to be totally removed? In the US you are required to keep a record of financial transactions for 7 years. Even without GDPR, if someone wants to be removed, but they’ve given you money, do you have a procedure to remove them while still keeping the financial record for 7 years and then removing them completely when the 7 years are up?

Most churches don’t have a physical presence in the EU so there isn’t an issue here but what happens if you do have a presence in the EU and someone from the EU gave you money and then wanted to be removed from your database? The principle is to apply donor intent; they don’t want to be in your database so you treat them as if they weren’t there by removing everything you can until you can remove their record entirely.

While there may be several legal and international law issues at play here, I believe the core concept is not a legal one but one of ministry integrity. We should not have needed GDPR to tell us how to care for the data those we minister to have entrusted to us.

FAQ 

  1. We support missionaries or other ministries that operate in the EU and have a physical presence there; do we fall under GDPR?
    • No, the organization you support in the EU that has a physical presence there does fall under GDPR but you as an individual or organization supporting them do not.
  2. Should churches have data access and user rights policies?
    • Yes, even if in a basic format a policy showing who gets access to your data, for what purposes, and how you handle the data you’ve been given is important. It is also important to note how you handle requests for removal from your databases and/or email lists. With everyone talking about GDPR, you may find a guest or two asking if you have any data policies before they give you their children’s allergies when they check their kids in some Sunday.
  3. Should anyone lose sleep over this?
    • No, what we are talking about here is Golden Rule stuff. If you are losing sleep over GDPR then there are probably bigger issues to address in how you handle user data.
  4. Is this really new?
    • No, in 1995 the EU had a privacy policy called Data Protection Directive. It expired when GDPR was enacted. In many ways, GDPR further refines and enhances privacy and data protection provisions that have been around since 1995.
  5. What counts as data?
    • This is harder to answer because there is admittedly some subjectivity here. The obvious name, address, phone number, email address, SSN, picture, etc are pieces of data that can be used to positively identify a person. Recently an EU court ruled that under certain circumstances an IP address can also be considered personal data and is therefore subject to GDPR.
  6. If we take signups and collect data on our website, do we need to make changes for GDPR?
    • Only if you have a physical presence in the EU.

Next Steps 

  1. If your church or ministries do not have a data access and management policy, then get one. Even a basic policy and procedure for how you handle user data and requests is important and shows you’ve thought about it and care about it.
  2. This is not an IT issue nor should this be dumped on the IT team. While IT clearly has a role in data management, they should not be the decision makers. GDPR requires organizations operating in the EU to have a privacy compliance officer. This can be a new employee or a role added to an existing employee. While churches and ministries may not need a privacy compliance officer the concept of having someone constantly checking to make sure you are being good stewards of data and coordinating data stewardship across ministry and church departments and silos is valid.
  3. Get legal counsel. If you operate in the EU or are concerned you might, it would be wise to consult with a licensed attorney with experience in this area. Don’t try to figure it out on your own. The EU is intent on enforcing GDPR and no church or ministry should want to be on their radar.

The Golden Rule comes from Matthew 7:12 and Luke 6:31. “Do unto others as you would have them do unto you.” This applies to how individuals relate to each other in person and online, and to how organizations treat each other and those they serve. Whether we are talking about money, data, time, or talent the Golden Rule is more than just a rule or ideology from long ago; it is the Word of God.


Jonathan Smith is the Director of Technology at Faith Ministries in Lafayette, IN. You can reach Jonathan at jsmith@faithlafayette.org and follow him on Twitter @JonathanESmith.

Communication— IT’s Key to Success

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2018 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

How we communicate dramatically affects our success in every aspect of life! We often forget how important that is, and forgetting limits us.

This is especially true in Information Technology (IT). The question becomes, then, How successful do you want to be? And along with that, Do you want to maximize how The Lord can use you?

Biblical Perspective
Paul says in Ephesians 5:15, “Be very careful, then, how you live– not as unwise but as wise.”[1] The phrase to be very careful is translated in some versions as “walking circumspectly”. The word circumspect means to have full awareness of your entire surroundings, like an animal cautiously walking through an open field. That is a good way to communicate, but it’s not easy. It leaves no room for laziness; in fact, it requires a high level of focus! But the wise pay attention!

Getting Practical
Every profession has its acronyms, and in IT we have a lot of them. When IT professionals talk to each other we use those acronyms; when we’re talking with non-professionals, however, using them limits our ability to be understood. It is always the responsibility of the one communicating to do so in a way that their message can be understood by their audience. Is it easy to switch our communication style to match our audience? No! But the wise do so because it is essential.

When I’m talking with a fellow engineer, it’s okay to say something like, “You could speed up that system by swapping the HD with SSD and bumping the RAM.” Simple. But if I’m talking to someone who is not technical, it would be better to say, “You could speed up that computer by replacing the old hard drive with a newer technology, like a solid state storage device and increasing the memory available for processing the amount of data you’re working with.”

Those who can quickly adjust their communication style to match the needs of those they’re communicating with have the greatest chance for success. Who can do that? Anyone who chooses to put out the effort to walk circumspectly. It requires more brain processing power, but that additional power consumption is worth it!

Some who know my story know that before becoming a Christian I was a major drug user. That’s not something I’m proud of, but it is part of my story. One of the drugs I used a lot was LSD. So much so, in fact, that I was losing my ability to communicate! How could I tell? By being observant and interpreting the facial expressions of people I was talking to. Their facial expressions told me they were struggling to understand what I was trying to say. So I started listening to myself while I was talking, and realized that the subject of my sentences was changing so often that I didn’t make sense! No wonder they were struggling to understand me! I concluded that I had work to do if I wanted to be successful.

Humility & Dedication
A good communicator interprets the facial expressions and body language of those they’re talking to and makes real-time adjustments to improve the success of their message. Some are too lazy or don’t care enough to communicate well. Realizing you’re not communicating successfully and making adjustments takes focus, effort, and humility. Good communicators do not insist that their audience rise to meet their communication level, but instead humbly adjust their style as needed.

Knowing Your Audience
When I talk, speak, or write, I try to identify my audience to increase my success. My professional topics are usually related to technology, so I often ask questions after using a term that might be unfamiliar like, “Is that a term you’re comfortable with?” Their response to that non-judgmental question helps me modify my content to increase my communication success.

Often there are multiple audiences we’re communicating to all at once. Writing a response to a support ticket is like that! I usually try to meet the communication needs of the user who opened the ticket, their supervisor, my supervisor, and sometimes (depending on the issue) our legal system. All at one time! Can I do that effortlessly or quickly? No, especially since it’s in writing. I have to re-read the content with each audience in mind and make terminology adjustments before it’s ready for the SEND button.

The Bottom Line
Don’t limit how The Lord can use you or your professional success by not communicating circumspectly. Slow down and make the effort to communicate well to your audiences, whether in a one-on-one conversation, in a group setting, or in writing. Watch for visual cues when possible and make adjustments! Those you’re communicating with will be blessed, and so will you.

[1] The Holy Bible: New International Version. (1984). (Eph 5:15). Grand Rapids, MI: Zondervan.

July – Improve System Security Month!

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2018 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

While speaking at a conference recently, a cybersecurity expert whose company offers email user testing and training stated that KnowBe4.com‘s solution was the best they’d ever seen. Little did they know I was in negotiations on The Church’s behalf with KnowBe4!

What Is It?
KnowBe4 is a subscription-based solution that allows an organization to send what looks like SPAM emails to users that include links, etc. The solution tracks who clicks on the links, and when they do, adds them to a group whose members must watch a short training video online to learn what to avoid. Watching the video removes them from the group.

I’m aware of organizations whose users started at an 80% or higher click-rate. They saw the solution to educate their team and get the percentage to under 10%. The results are a more secure user community, and improved security and safety for the organization.

What’s The Deal?
KnowBe4 offers a 10% discount to not-for-profit organizations, with an additional discount of 25% for a three-year subscription. So, they normally offer up to 35% in savings to charities.

Through our negotiations, KnowBe4 offered to add an additional 20% discount to any who say they were referred by MBS, and who contact a specific employee of theirs to sign up! That means you can get a 35% – 55% discount just by telling Tiffany Yeager (727.877.8226 or ​tiffanyy@knowbe4.com) you were referred by MBS! (As always, MBS makes nothing on your referral business, as per our by-laws.)

MBS Recommends Their Platinum Package
KnowBe4 offers a few packages; we believe the best for churches and ministries is their Platinum Package.

It’s July– a good month to improve your system security. This is a great way to do so!

Identifying, Shaping, & Meeting Team IT Needs

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2018 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

A church IT forum discussion came up recently that is worth thinking through. The original post asked for input on how to keep team members from connecting their personal devices to the password-protected staff WiFi. The discussion that followed was a little like Mr. Toad’s Wild Ride! Lots of ideas being tossed around, most of which uncomfortably avoided the most important questions.

Underlying Risk
The vast majority tried to help by explaining various ways the team could be controlled or prohibited from attaching their personal devices to the staff WiFi. There were a couple voices of reason that participated, suggesting positive ways forward.

Those not in IT may not understand the underlying risk. Why shouldn’t team members connect their personal devices to the staff WiFi? There are legitimate dangers associated with letting personal devices attach to the staff WiFi.

  • The staff WiFi, usually password protected, is typically configured to give devices full access to the organization’s network as though they were connected and logged in via an Ethernet cable. That is in contrast to the public guest WiFi, which is typically configured to give devices access only to the internet, and hopefully access that is filtered.
  • The organization’s data needs to be protected. Churches and ministries maintain a lot of sensitive data that could hurt congregants and team members if not adequately protected. Data like contributions records, HR records, social security numbers of staff and some vendors, church member disciplinary notes, board minutes, and more. That data needs to be kept private, but it also needs to be kept available for team members to use in the operations of the organization. Malware like ransomware exists because hooligans understand the value associated with appropriate data access, and endeavors to block access to the data unless a ransom is paid.
  • The organization’s systems need to be protected. There are some who would like to disrupt the flow of church and ministry operations by crashing the system or participating in activities that could cause authorities to remove all computers and servers for forensic investigation and, possibly, evidence in a prosecution.

When team members use the staff WiFi on their personal devices, the organization’s data and systems are put at risk.

The Next Question
So, does that mean team members should not use the staff WiFi for their personal devices? Maybe; it depends on why they need it.

One of the forum participants, Jason Powell at Granger Community Church, contributed “Figure out what need they’re trying to solve. It took a while for our staff to be coached that there is no speed difference between our staff and public WiFi. After asking why they wanted a personal device on the staff WiFi, in almost every case, it was because they assumed it gave them something that the public WiFi didn’t. A simple conversation assured them that the public WiFi would do everything they were asking for.”

What if the need is legitimate, though? Jason continued, ‘For legit needs like interns, volunteers, etc needing a personal device to have more access, build a simple BYOD network.” A BYOD (Bring Your Own Device) network is not difficult or costly to do. The cost factors involved are more to create systems that can enforce protections and recover from breaches in case they occur.

Who Decides What IT Needs are Legitimate?
This is the part often overlooked. IT is not responsible for determining what access needs are legitimate or not; that is leadership’s responsibility. IT should communicate the benefits, risks, and any mitigation costs to leadership and ask for direction. Only leadership is responsible for determining who should and who should not have access to systems and data. IT’s role is to engineer and configure, train, monitor, and enforce the decisions made by leadership.

Effects of IT Setting Policy
When IT makes decisions without leadership’s direction, those decisions usually take the form of policies and system settings that frustrate team members. In organizations where that is the case, IT often becomes the “No” people. Some church and ministry teams get dysfunctional in the wake of those policies. Team members– who feel called by God to fulfill their ministry call– often take the posture of doing whatever it takes to fulfill their call even if it means going around IT’s policies and system settings.

Effects of Leadership Setting Policy
Policies set by leadership are ultimately enforced or modified by leadership. IT has the potential of having a ministry-facilitating impact by letting leadership set policy. And leadership should fully fund whatever is required by the policy decisions it makes, which means that IT doesn’t have to try to string together inadequate strategies. If leadership doesn’t fund IT with what is needed, IT should let leadership know and ask for either a change in policy or a change in the budget.