IT for Charities & NFPs

Todays workplaces are faced with challenges every day because of the introduction of new technologies. It can be difficult to keep up with the steady stream of new advances and even trickier to know which ones could, with correct usage, make your office life easier.

Take Skype for example. Skype – and other similar services such as Gizmo - allow users to make telephone calls over the internet to other users of the same service free of charge. This communication method has its benefits although there are a few potential downsides that you need to consider as well.

Services such as Skype are fast gaining in popularity. Calling between computers both using the chosen service is completely free, obviously an appealing feature to many people. Most of the services also offer the ability to call “normal” telephone numbers (mobile or land lines) at fairly competitive rates – often really competitive for international calls. Some providers also provide an additional service that (for a monthly or yearly fee) provides you with an incoming phone number. This is a fantastic way to get a number in (depending on the provider) the town or country you want – giving you a pseudo-presence there and making it cheaper for you colleagues, or supporters in that area to call you.

However, though the services are generally reliable, we would not advise relying on them as your only method of telephony - incoming or outgoing. If the service does fail (as happened for several days last year to many SkypeIn users for example) you will be left without any method of telephone contact – which not only will cause major inconvenience but does little for your professional profile.

According to the majority of users the audio is generally superb but the big question is really is it secure to use in an office environment? Each provider will have their own individual security features, so let’s take Skype as an example.

When calling Skype to Skype the calls are strongly encrypted so therefore at the higher end in the security stakes compared to other things that use the internet. If using Skype to call to mobile or landlines however, the calls are only encrypted for the Skype portion and not when they hit the public domain. This is fine if you have offices dotted about the country, or world, and you can implement a company-wide policy of Skype usage between offices, but if you are a smaller organisation mainly communicating with customers using a regular landline/mobile service you cannot guarantee the complete security of the conversations. This is not to say that using Skype is more of a threat to charities than other ‘techie’ tools, such as email, but because Skype is newer the vulnerabilities may not be as well known.

Compliance and protection of information within organisations is also a hot topic these days. Organisations need not only to know what information is entering and leaving the office but also to log and archive it as well. It is difficult for third party applications (ie monitoring tools) to interface with Skype. This makes it very difficult to know exactly what information is entering or leaving the organisation. Sensitive information could be passed on with no way of tracking where and from whom it originated.

Perhaps the answer is not to ban Skype flat-out but if you are going to consider its use, then control it – as you do with email. Policies on acceptable usage, such as no file transfers, and cautions against using it for sensitive communications, should be written and enforced.

Any comments, queries or suggestions for follow up topics that you would like us to cover? Just leave a comment or contact us (details on the About Us page) and we will do our best to help.

We have received a question about using Instant Messaging services (such as AIM, Yahoo, MSN Messenger & Skype Chat) in the office: “Is it safe to allow our employees to do this, what are the benefits and what are the dangers?”

This is a pretty complex subject for a single blog entry – and as with anything to do with security and technology, things are changing all the time – but here are some pointers for you to consider when making your decision.

IM can be handy as a means to communicate very quickly when situations require. The ‘real time’ aspect of messaging is appealing to many as it can save huge amounts of time if you require advice or an opinion in a hurry - without the cost of a telephone call. You can’t get faster than instant!   Also, as most IM software is available as a free download so it’s unarguably a cost-effective communication tool.

But, it is also undeniably an easy way for people to chat about non-work related subjects, or even moan about work in general. It’s not really the done thing in offices these days for people to sit at their desk and chat on the phone to friends. However, chatting on IM is a means for people to do the same thing without getting caught. Co-workers and supervisors may assume the person was discussing serious work matters but in practice it could actually be plans for the weekend or the latest episode of EastEnders!

It may be quick and convenient but is it secure? Different IM applications use different protocols and standard firewalls may not block or detect them. Some IM clients can use ports other than those associated with IM even commonly open ports such as 80 (normally associated with web browsing).

IM programs such as AIM, Yahoo and MSN Messenger pose additional possible security issues. These programs often allow more than just chat: they allow file transfers as well. Not only could users send documents – a recent study revealed that around 32% of companies have found employees passing confidential information to a third party - but users can also receive files that may possibly contain viruses or malicious code. Not to mention the liability nightmare if employees use the file transfer feature to share copyrighted music, movie or software files in violation of the law.

Is there an answer without an all-out ban? It could be a simple case of allowing one type of IM to be used over another. There are two basic types of IM technologies: peer to peer (P2P) and client-server. With a P2P system, IM clients communicate with each other directly hence they are less secure as there is no centralised control. With a client-server system, communications go through a central IM server from which it is passed on to the recipient. With client-server systems, IM communications can be monitored and logged at a central location (which also conforms to current compliance regulations). Not only do you have an audit trail but employees will be deterred from engaging in non-work related chit-chat and file swapping if they know they could be found out and held accountable!

Many places already have employees using IM at work, and the automatic assumption - that it cannot be used safely or is hindering productivity and therefore should be blocked - is probably unfair. Used and monitored properly, IM can be a great tool – but, like most other modern tools, it does need to be controlled and monitored if you are to ensure that productivity doesn’t suffer and that your network and data is to be kept secure. Like most other things out there, you just need to know what you are dealing with and know how to control it.

Any comments, queries or suggestions for follow up topics that you would like us to cover? Just leave a comment or contact us (details on the About Us page) and we will do our best to help.

Last time we took a slightly cynical look at the mountain of green rhetoric we are all being subjected to these days. This week we are trying to cut through the marketing propaganda to give some suggestions that are practical and usable for all organisations – not just the huge ones with large budgets and resources.

First of all, forget about the hype and get back to basics. Remember the recycling mantra:

• - Reduce
• - Reuse
• - Recycle

Reduce is an easy one. Ensuring your computers and printers are shut down at night and not just left on standby will cut down on wasteful power consumption and immediately improve your green footprint. Remember to also switch off monitors when not in use – you can adjust the settings to switch off after a certain period of inactivity. Laptops (and even some PCs) can be set to go into a standby lower power mode if not used for a set period.

Reducing your office paper consumption is another hot issue. You could use less by using both sides and thinking before you print – do you really need ten copies in full colour? Using cheaper low-grade or recycled paper for general use and keeping high-quality paper usage to a minimum is another simple green solution.

Also, don’t forget that a lot of the simple greener changes you have probably already made at home can be carried over into the office – like using low energy bulbs and rechargeable batteries.

Reuse your IT equipment for as long as it is practical and economical. Upgrade only when extra features, speed or processing power is essential – or if the equipment is particularly old and “power hungry”. Some organisations use snazzy new computers that are far more powerful than necessary to run simple office applications. Older machines with less powerful processors could simply be fitted with additional memory or bigger hard disks to remain in service. If you do need a new computer, check the manufacturers website to how green (both in terms of power consumption and the components used) – and when choosing a manufacturer, consult independent organisations such as Greenpeace (www.greenpeace.org/electronics) who regularly monitor how well the main manufacturers are truly doing on the green front or visit the EPEAT website (www.epeat.net) where an increading number of PCs, notebooks and monitors are evaluated and scored according to set environmental criteria.

Think about refilling rather than discarding your printer cartridges. (But take care to check manufacturers warranty if your printer is new because sometimes use of third-party consumables can lead to warranty exclusions.) National companies such as Cartridge World have outlets across the UK where you can take your empty cartridges to be refilled. Or, if you prefer, you can also buy special kits and refill the cartridges yourself – though this can get messy and isn’t always particularly successful. By reusing your cartridges you will not only help save landfill space but you can save money.

Recycle! Under the European Union’s Waste Electrical and Electronic (WEEE) Directive, all manufacturers of electrical equipment are responsible for its environmentally friendly disposal, and the infrastructure required for collection. This allows old equipment to be reused and recycled where possible, with any potentially hazardous components properly disposed of. Your IT supplier may well have facilities in place to recycle your old equipment, if not consult your local council website or national one like www.recyclenow.co.uk.

Once again, the recycling efforts you probably make at home can be reproduced in the office. Don’t forget that not only can your waste paper be recycled, but cans, bottles, cardboard or even plastics. It might not be as easy or cheap (unlike the private house refuse collection facilities provided by councils, most commercial waste collectors will only provide recycling collection at an additional cost) but with a bit or organisation it can be done – and a bottle or can recycled from your office will save just as much energy and resources as one from home.

There are many green options available for smaller organisations and even small changes can make a difference to the environment - and also to your finances. Here are some links you may find useful:

www.netregs.gov.uk - Waste Legislation Information

www.itsnoteasybeinggreen.org/forum - Internet forum with ‘green office’ ideas (amongst many other green topics)

www.donateapc.org – “matchmaking” service for people wanting to get rid of old IT equipment and people wanting to recycle it

www.globalactionplan.org.uk – helping organisations reduce their environmental impact.

www.greenpeace.org/electronics – highlights green IT issues and produces regular reports of how much manufacturers are truly doing to be greener

www.epeat.net - contains details of of PCs, notebooks and monitors that have been evaluated and scored according to set environmental criteria

www.recyclenow.co.uk - website is dedicated to raising recycling awareness and promoting responsible waste management

Any questions or comments?  Or any useful websites you would like to see added to our list?  Just leave a comment or contact us (details on the About Us page) and we will do our best to help.

Recycling your empty soft drink cans and glass bottles is by now second nature to most people. The introduction of kerbside collection has made recycling such a convenience that it almost goes against natural instincts to throw your recyclables in the ‘normal’ bin! But how many think of recycling and specifically Green IT at the office? As a Charity we know you are probably trying hard to do your bit, but if you are not a huge organisation it can be confusing to know where to start.

Put simply, Green IT is using your computing resources more efficiently. Some larger corporations are already taking steps to become more environmentally friendly. Quite apart from any concerns for our planet, they believe being green can reap benefits from cost savings to higher productivity. And of course better environmental credentials look very hip these days! But what does Green IT mean for the smaller organisations and what are some practical solutions?

These days there is much hype surrounding the Green IT issue. If you listened to all of it you would be scrapping your current IT for energy efficient PCs made from natural materials, ditching your servers for new high efficiency blade versions and encouraging your employees teleconference into work rather than drive. But if you take a step back and look at things more practically, it doesn’t take long to work out that (quite apart from the probably prohibitive costs involved) starting anew really isn’t an option that is cast-iron guaranteed to be more environmentally friendly long-term - particularly when you take into account the energy involved in producing all those new computers and shipping them all over the world, not to mention the cost, time & money to dispose of the old IT equipment that was still really working fine for you.

Don’t beat yourself up about the fact that you are not following every green recommendation or buying every new “greener” option. Remember that a lot of the people urging you to swap to those new greener options are not acting entirely out of concern for the planet – the sales of all that replacement kit does mean that those “go-green” pleas by the computer manufacturers are likely to be more than a little self-serving.

Hype aside, there are many small changes that you can make which when combined can still make a significant difference overall.

Next week we will go back to true green basics to look at some simple ways any organisation (however small) can make a difference.

In our last post we highlighted the need for an anti-spam solution for those organisations hosting their own mail server.  In this post, we look at some of the options available, and some of the key things you need to take into account when choosing one for your orgainisation.

Anti-spam solutions can basically be broken down into two types - hosted and in-house.

Hosted solution

A hosted solution routes your mail to your chosen service provider who scans then delivers it your own mail server. Those wishing to contact you will do so via your usual email address and you continue to send email as normal. The only difference is that your anti-spam service will automatically check and process your email so that all you should receive is clean mail, free of spam and viruses. This will considerably cut down on the amount of mail that your mail server has to receive – and with up to 98% of all current emails being reported to be spam, that can make a considerable dent on the bandwidth you will need from your ISP.

Because a hosted solution provider is monitoring so many emails, it is best placed to see new spam trends developing and so is generally quickest to put new measures into place as new waves of spam arrive. It will also scan mail through multiple anti-virus solutions, from various vendors, so you can normally expect better protection.

Of course the best bit is you don’t have to worry about managing the spam yourself (also taking away the worry of added costs) - the anti-spam provider will assume these responsibilities on your behalf and, since you will normally be paying monthly or yearly for their services, it is in their best interest to make sure they do the job well!

In-House Solutions

An in-house solution is one that is installed at your own offices that you administer yourself (or get someone to do for you). The solution could be software-based (either one piece of central software that scans all emails – normally before they get to your mail server, or software that is installed on each person’s individual PC) or it can be a complete hardware “box” (containing its own software) that you plug into your network.

As in-house solutions require administering, you will need to take into account that managing the spam yourself will take time and may result in additional costs. Also, in-house systems must wait for updates to be released from the system’s manufacturer and so could be slower to be updated with the latest protection. Then there is human error, which means that there is the possibility that available updates and patches can go uninstalled.

But on the plus side, if you don’t need a complicated “bells and whistles” anti-spam solution, you may well be able to get an in-house solution cheaper than a hosted one. And, in time, you will have a much better idea of the type and level of spam that is coming into your organisation – and how to deal with it.

Do you need it to be customisable?

Depending on your specific needs, the level of customisation offered may be an important factor when choosing a solution. Some solutions (both hosted and in-house) are more customisable than others. For example, if your organisation’s area of working means that you receive legitimate messages containing on ‘spam-popular’ words (concerned with debt reduction or pharmaceutical names for example), you might ideally want to look for a solution that gives the ability to let emails containing words in those specific areas through rather than immediately label them as spam.

There are also solutions that allow more flexibility at user level – so that the spam protection for some email addresses can be set to be more or less sensitive than others. So it is wise to think whether your organizations areas of work or working methods mean that your requirements are not best covered by a “one size fits all” solution.

Whatever type of solution you choose, you do need to be aware that no anti-spam solution, whether hosted or in-house, will be 100% accurate. From time to time it is possible that a genuine email will be classified as spam, or that spam will sneak past the filter, so you will still need to check your quarantined spam area regularly - and if the solution you choose includes a simple way of doing this, it will make your life easier.

So, to summarise:

• - Think about the emails your organisation receives and decide what level of customisation (if any) you are going to need from your anti-spam solution.
• - Consider how much time and expertise you have within your organisation to administer an anti-spam solution.
• - Work out the volume of email you receive and the proportion of the current total that is spam. If your ISP currently handles your mail, remember to factor in the additional bandwidth that will be taken up with spam when your ISP’s anti-spam protection is no longer in place – and any costs involved with that extra bandwidth. (Does your ISP charge you more if you go over a monthly limit?)

In the end, as with most things (particularly in IT!) it will probably come down to balancing the features you want or need with the budget and time you have at your disposal. But hopefully the information here will help you to make a more informed choice. And if you are still confused, leave a comment or contact us (details on the About Us page) and we will do our best to help.