Monday to Thursday, 10am-4pm, EST
1.855.281.5499 (toll free)

How to Assess your IT Needs and Implement Technology at your Nonprofit

Technology PlanningBackup & RecoveryComputers, Servers & NetworksSurveysFile SharingCloud Security & Privacy

This post recaps a webinar presentation by Enzo Logozzo and Eric Neufeld from 365 iT Solutions, an IT consulting firm that works closely with nonprofits. 365 iT Solutions offers discounted rates and some donated services for TechSoup Canada members. Watch the full webinar here.

Technology projects are a big undertaking for nonprofits, especially when budgeting is tight. However, any organization can perform a tech self-assessment with the guidance in this post, and better understand the shortcomings of their networks and their future technology needs.

Do-It-Yourself: A Nonprofit Network Assessment

A network assessment provides a ‘snapshot’ of your nonprofit’s entire network and helps you create IT strategies by identifying your pain points (areas where your tech is hindering productivity). Enzo and Eric guide us through a network assessment in 8 steps.

 

Step 1: Assess your Entire Organization

Your nonprofit’s organizational structure is the foundation of your network assessment, and can be broken down into five key areas. It’s important your entire management team (or your entire team, if you’re a small nonprofit) is consulted to get this part right.

Size

How many users (workers with a computer workstation) does your nonprofit have? Do you have a computer for each worker, or do you rotate computer time (can save money)? Get a clear picture of how many workstations you need to maximize access.

Geography

Does your nonprofit have multiple offices? Are they connected through a VPN, or an internal server?

Business Goals

365 iT Solutions recommends 5-year plans, as they allow for scalability. For example, if your nonprofit plans to double your work force within the next five years, your server needs to be able to support your growth.

New Technology

Is your nonprofit using the cloud? If not, how can you leverage it? An easy place to start is to find out whether current applications you use have a cloud option. For example, decide whether you need the desktop version of Quickbooks (which takes up server resources) or whether it makes sense to use the cloud version.

Pain Points

A pain point is an area where your tech is causing inefficiency and frustration, and is something your nonprofit needs to improve on. The best way to identify them is to connect with management, who hear from front line staff (or your entire team, if you’re a small nonprofit), in order to gain organizational expertise. You can even launch a staff survey to better understand their IT experiences. Programs like Survey Monkey and Google Forms have free plans with basic features that may suit your needs.

“You would be surprised with a quick survey to your employees, how many issues they actually face on a daily basis, and how many work-arounds they’ve figured out on their own, including things they shouldn’t be doing,” Enzo said.

“It’s your employees [and volunteers] that keep the lights on and move your organization forward, and they are what the assessment is really based on. You have to open up and hear what’s going on.”

 

Step 2: Assess your Network  Assets

Nonprofits must find vulnerabilities in their network, including security threats like viruses, malware and hacking attempts. The consequences can be severe: security breaches, downtime in your servers, and public exposure in the news if personal data is lost.

Firewalls and Routers

Your organization must ensure firewalls and routers are under warranty and that you have a plan to regularly update firmware (updates strengthen security).

You should also consider web content filtering to improve employee productivity, protect against lawsuits (by restricting employee access to sensitive data) and help enforce your Acceptable Use Policy, which will be addressed later on.

Your firewall and routers should also run a gateway anti-virus feature, which provides a second layer of defense by stopping threats at the edge of your network, rather than inside. Similarly, an intrusion detection feature prevents hacking attempts.

When servers are ‘spun-up’, they create open ports in your firewall that remain there even when they’re decommissioned. This may create a backdoor to your network that hackers can exploit. You should always have a business justification for keeping these ports open.

Network Switches

Nonprofits should upgrade to a gigabit switch; this significantly increases speed. Make sure you’re getting updates, and have warranties for all switches.

Perform a wireless site survey to identify WiFi hotspots and deadspots and determine whether your coverage is adequate. You should use WPA2 encryption, which gives the best speed and security.

Also consider how visitors are using your wireless. Do they have access internally? Having a Guest network is ideal, as it prevents access to internal networks and allows for a separate Acceptable Use Policy for that network.

 

Step 3: Assess your Server

Your server stores all of your data and it should therefore be accessible at all times - 24 hours a day, 365 days a year. It’s the heart of your organization and it’s always working.

Warranty

Have a valid warranty with the manufacturer. This is especially important with your server, because if individual components die, you’ll have to fetch replacement parts in the aftermarket. Have at least a 4-hour warranty, or ideally a full business-day warranty. This will also facilitate a quick replacement and minimize your server’s downtime if an emergency occurs.

Operating Systems (OS)

Windows Server 2003 reached its end of life in Jan 2015, meaning it doesn’t receive new security updates. Server 2008 will reach its end of life in 2020, but has already stopped receiving performance enhancements. If you're using Windows Server 2008, you should ideally migrate to 2012 or even 2016.

Network Services

Your nonprofit should be aware of what network services are running. For example, you may have Microsoft Exchange for email or SQL Server to manage your databases. Whatever it may be, identify what you are running, so you can decide if any server functions can be consolidated or retired.

Security Updates

How are security updates (aka patches) being installed? If you’re doing it manually, consider using WSUS, which is a service that gives central control to push out updates to your computer workstations.

Performance

Check your RAM and CPU cycles, and your disk space. If you notice something is approaching capacity, deal with it - running computers at high rates decreases the life of equipment and slows down your network.

You should always have at least 20% of your disk space free.

Disaster Recovery

It’s important to back your data up in the cloud, in addition to local backups like a hard drive. It’s another layer of protection for your data in the case of a IT disaster. Decide at what increment your nonprofit will back up its data.

If you use a 3rd-party to store data off-site to ensure the data is on Canadian soil, or for other reasons, make sure the company is reputable, fully insured, and is ISO-certified. As well, make sure it’s clear and in writing who owns the data and where your data is going! This will protect your nonprofit legally.

Microsoft is building data centres in Canada, and has already opened two.

 

Step 4: Assess your Workstations

Computer workstations are the frontline of your nonprofit - they keep us productive, but are also a source of security risk and downtime.

Operating system

Windows XP reached end of life April 2014, and Vista will do so too in April 2017. You should have Windows 7* at the very least.

*If you’re a TechSoup Canada member and have a Windows 7 or 8 license, get a free upgrade to certain editions of Windows 10 directly from Microsoft until July 29, 2016. 

Endpoint Security

Endpoint security is any antivirus or firewall that run on workstations. They should be centrally managed so that you can ensure they’re updated and virus-free from one location.

Also have settings passwords for antivirus clients - users shouldn't have that control.

Local admin access

Users shouldn’t have local admin access - only a select few of trusted or senior employees should.

Enzo and Eric found some organizations have added domain users to their local administrators group, so users can jump around to different machines and use them as if the were their own. This is a huge security risk, and creates conditions for a virus to rapidly spread through your network.

 

Step 5: Assess your Line-of-Business Software (LOB)

Support Contract

Most nonprofits use LOB software to run business operations or manage donors. A support contract is needed, because LOB software is usually niche and you need experience from the company to help you troubleshoot and to get updates. Often, this service isn’t available without support contracts!

Future proofing

You need to consider your LOB software’s compatibility. Often, these smaller companies can’t keep up with Microsoft updates. So before you upgrade,  makes sure it’s compatible with updates from other aspects of your computer - including your server and OS.

Reliability and Accessibility

LOB software is a perfect avenue to move your business to the cloud, which can improve reliability and accessibility. If you do use cloud-based LOB software, make sure you retain control of your information - this is especially important if the company goes out of business!

For example, Iron Mountain has their Technology Escrow Service, where they hold your data, and have an insurance policy to save your data and code in case they do go out of business. This way, you don’t lose the investment you made into your LOB software.

 

Step 6: Assess your Policies and Procedures

Acceptable Use Policy (AUP)

AUP’s outline exactly what is and is not an acceptable use of your network, and what the consequences are for breaching the policy. Put it in your employee and volunteer handbooks; It will give you ground to stand on if conflict does arise.

Speak to an IT consultant or HR professional to develop an AUP.

Computer & email monitoring policy

This policy states that management may monitor emails and/or computer use, and that computers and emails are owned by your organization. This protects your nonprofit in case of conflict. Most organizations don’t even use this unless there’s a specific reason!

Bring Your Own Device (BYOD)

BYOD policies protect your nonprofit’s data when it’s being accessed from a device you don’t own and/or control. Smartphones can move lots of data around, and BYOD policies provide the ground to remove your data from those devices.

If you face resistance from employees or volunteers, there are ways to remotely wipe data off phones or computers, or to isolate your nonprofit’s data and then change access passwords for that data.

 

Step 7: Choose the right IT Consultant

It can’t be stressed enough: do not under any circumstances rush tech projects. When shopping for IT companies, you’ll find they’re only two of these three things: Good, Fast and Cheap.

Have clear objectives, budget lines, and timelines on delivery. Often IT consultants are working on other projects, so you need them to understand your expectations.

Write an RFP (request for proposal) that lays out the terms of engagement, objectives, timelines, and budget. Include anyone at your nonprofit who has experience in this. Having an RFP will eliminate a lot of IT companies who may not be willing to be tied down to such details (some people think differently).

Find IT consultants with industry experience who understand Canadian privacy laws. Nonprofits hold a lot of personal information, and if it leaks it can be a PR nightmare, so it’s risky dealing with IT consultants who don’t have these qualities.

Evaluate the IT consultant's response to your RFP; are your goals addressed? Everything should be planned, documented and totally black and white - in fact, if they are engaged, they will point out the grey areas to you! Make sure they guarantee the proposal; reputable companies have guarantees they won’t over charge.

 

Step 8: Do your Due Diligence

When dealing with IT consultants, take your time, check references, and ask questions. Do not make decisions to try and hit a deadline, as this will almost always backfire.

Be sure to involved your Board of Directors as well - they are experienced professionals and have a wealth of knowledge and skills to contribute to tech plans.

Good luck on your next tech project!

365 iT Solutions offers great nonprofit deals, including complimentary network assessments!