Getting your IT right is crucial for charities. So for articles on the use of IT for charities ranging from admin to marketing, click on the headline links below.
Click on the headlines of your choice.
News from device security company Kasperksy in September - that almost a quarter of corporate computing and smartphone devices could be “unprotected” - is a warning for any type of organisation, charities included, that its data and information is at risk whether staff work from home (WFH), in the office or anywhere in between.
Then there are personal devices to consider. The survey showed that many workers access workplace systems from their personal devices. For example, 57% use their own smartphone to check work email, and 36% use their laptop or desktop for work.
The conclusion by IT news and insights publisher TechRadar was, “Your work PC could be the biggest security threat in your home”, adding, later, “Using your personal phone for work could be a terrible mistake”. More later in this article on these security risks for charities.
Perhaps unsurprisingly, Kaspersky found that personal devices are even less likely to be protected than employer-supplied equipment. Almost half - 47% - of personal smartphones and 43% of tablets lack antivirus software, and 31% of users have never thought about making their phone more secure with antivirus software. 21% think their phone can’t be hacked.
I suggest we can be sure that working from home is more “here to stay” in the months, and possibly years, ahead, than it was prior to the COVID-19 pandemic. With that in mind, let’s run through the issues arising from WFH some or a majority of the time.
For charity employers in particular, there is the dimension of explaining to affected workers that the range of IT and comms measures to be adopted are in the interests of the charity and the people it seeks to benefit in that the measures are designed ultimately to protect the charity’s ability to undertake its role effectively. Thus they should be seen in a positive light by those working from home.
Trust and performance
There needs to be degree of trust in employees actually doing their work. This may already be underwritten by the extra commitment that charity staff have to their work and so trust may be well established anyway. If not, staff can be monitored via online tools about when they are working, and their performance assessed. At a basic level, requesting from them a weekly report of work completed can be useful.
All of this should be put within the context of the charity appreciating and supporting their employees to the charity’s benefit.
Online performance tools enable charity employers to set targets for when projects should be completed by, and to manage regular performance reviews [or appraisals] which can be used as steps towards individuals’ annual appraisals. The tools can include absence tracking and be used to identify individuals who are better suited to a different job or task in the charity, a positive rather than a negative aspect.
It should be explained that online performance tools can also be used to support team morale and purpose, and personal development programmes, and help identify and staff who are suffering from working alone or in unsuitable conditions such as a noisy or crowded home environment.
Face-to-face virtual meetings can be held, free of charge, via Zoom, Skype, Google Meet and suchlike, to reinforce team bonding/learning/reviews and trust. All within the environment within which one would expect a charity’s workforce to operate.
Some staff will be using their own wired broadband connection, others a 3G or 4G/5G network signal from their provider. Wired broadband, if used with a quality router that updates itself with security updates, comes with a high level of security thanks to the firewall aspects of the router.
Employees who WFH will may not want to use their own network supplier, especially if it has a data limit. The charity could top it up or provide a dedicated, work-only data bundle. Bundles, with or without new phones, can be rented in 30-day or longer term blocks. Another option is to buy or rent (again, in 30-day or longer term blocks) a mobile router, a MiFi personal hotspot, allowing an employee to use their own phone for work but via this password protected, secure device, which comes with its own data SIM card.
Another advantage is that the MiFi can be shared with other staff if they’re living together/sharing accommodation, or wish to work at times in a coffee shop or other location. In such cases a personal, private hotspot is the only alternative to a vulnerable and perhaps over-used [resulting in slow speeds] free Wi-Fi hotspot. Even paid-for Wi-Fi is a security risk, because numbers of people will know its password, posing a security threat to all users of the hotspot.
A combination of data bundles and an MiFi can enable a charity to move to downsized or upsized offices without the usual commitment to, and costs associated with, landline broadband connection and the risk of delays in getting it.
Data and IT devices
As noted earlier, security of computing equipment and smartphones is a prime issue that will need addressing. TechRadar’s warning - “Using your personal phone for work could be a terrible mistake”, in September, was stark, and included “…apps on your phone could be used as a stepping-stone into corporate networks” - because they can be open to being hacked.
Since the pandemic started, security professionals have flagged personal computers, tablets and smartphones as weak spots that must be strengthened if those devices are used for work. Keeping track of employees who use their own devices, and ensuring the devices are well protected by antivirus, anti-malware and anti-spyware software – and good “surfing” habits - is one thing. Doing the same for freelance workers is another, but they too must conform to a charity’s IT security and work practice requirements.
There is also the situation of volunteers who, for whatever reason, may have to access a charity’s systems using their own devices.
Purchasing new or refurbished devices for WFH staff will eat into charities’ bank balances. An alternative is renting any number of different devices, in any configuration, on short term or longer-term rent.
Data backup is a vitally important area that must not be overlooked. Backing up on drives or USB sticks at home is useful, but should be carried out in parallel with backing up online in case the drives or sticks get damaged, lost or stolen. There are many online backup options to choose from, some with free offerings.
Backing up at the end of each working day is a discipline, but less so if it’s scheduled by the home worker to happen automatically at pre-determined times. The charity can liaise with employees about this, to ensure it happens and therefore removes one level of data security concerns.
Real-time backing up to a drive, stick or cloud storage is another option.
IT in the cloud
Backing up by WFH staff or freelance workers need not be necessary if the charity they are working for has its IT in the cloud. In that case they will be accessing their work remotely, using their device as their work access device, because data processing - their work - will be happening in the cloud, where it will be subjected to strict backup regimes that the staff or freelances need not be concerned with.
Preferably, from a data security point of view, the hardware at home will be set up in such a way that it can’t process anything itself. That will greatly reduce, or stop entirely, the risk of an infection, thereby safeguarding the charity’s IT from being contaminated.
That IT will be protected by the latest antivirus, anti-malware and anti-spyware software supplied through cloud services provider. If a charity is using a hybrid IT system – part cloud, part its own system - vigilance must be maintained. If it’s using its own cloud solution [a private cloud solution on its own servers] vigilance must be doubled.
Follow the guidance above for protecting data in care and wellbeing situations. Data relating to fundraising, including taking donations by credit or debit card, requires extra vigilance, as does card details being inputted into a home worker's computer and stored on a charity’s own private cloud server.
If a charity’s employees and freelances are to use their smartphones for some of their work, they could safeguard the use of its number - separating it from business use - by using a VoIP-based phone app that allows the charity to give their workers a different phone number to use. It can be a number with a “landline” and professional look, for example a number with a dialling code that’s local to the charity. Apps like that allow a lot of free calls to be made and can be used anywhere. The work number stays the same regardless of location.
Credit/debit card data
Storage, backup and archiving of credit card data requires careful attention. For the storage of cardholder data, rendering a card’s account number unreadable, or as close to that as possible, is essential. Strong cryptography is highly recommended. Regularly back data up to secure cloud storage solutions and to external hard drives that are held in secure locations.
Those steps are among standards laid down by the PCI Security Standards Council (PCI). If your charity stores and backs up personal credit/debit card data, it should comply with the PCI’s standards.
Create and implement a policy that addresses how to best handle card data, if your charity hasn’t already done so. If it has, ensure it complies with the PCI standards. You might want to implement a system that uses unique employee PINs to track sales and refunds - and train your staff in the proper handling of credit card transactions, and what to be aware of in potential fraud situations.
Freelance workers and volunteers must absolutely not be over-looked in any move to improve data and device security. No more backing up on USB sticks and leaving them lying around shared living accommodation and/or shared workspaces!
Trend to freelance
Across the board, some employees are becoming self-employed – freelance - as cutbacks bite. They will need to be appraised of the full gamut of security risks and how to address them, if they have not already been.
By following steps that are appropriate to their size and financial situation, charities can reduce to a minimum the risks posed by the use of personal computing devices, smartphones included, for work.
In the current fast-paced technology landscape it’s inevitable that cloud will be offered up as an IT solution for charities. We’ve come a long way from the early days of cloud where security, privacy and the sheer unknown of the technology were barriers in its adoption. Today, cloud in all its forms (private, public and hybrid) can add significant value for a charity in terms of increased agility, cost savings and streamlined operations.
What’s in a cloud?
While not necessarily the answer to every IT challenge for charities, cloud can certainly change operations, make them more effective and productive. Cloud computing as a concept need not be complex or shrouded in mystery (or obscured by industry buzzwords). The odds are that you are using some element of cloud already, either in your charity or in your personal life.
Consider web based email. In effect, your Gmail or Yahoo account is in the cloud. You use an app on your phone to access your mail or visit the Gmail site on your laptop. Looking a little wider, what about Microsoft Office 365?
The same principle applies – you’re using a service and series of apps to write, edit and collaborate on documents. The same can be said for Dropbox – you’re using cloud resources to store and share files.
This is a rather simplified view. In the charity sector setting, cloud has far wider uses. Your customer relationship management (CRM) software - in effect donor management software, database system, accounting system or payment system can all be hosted in the cloud. What this means for your charity is that you don’t need any hardware on your site to host them. This takes up space, is costly (in terms of initial investment and ongoing maintenance and support) and can have rather negative consequences if damaged and information is lost.
By placing these systems in the cloud, the information you need is always available (provided you have an internet connection) to staff wherever they may be – working from home, in the field or travelling.
There are also additional benefits, particularly for those charities which operate in heavily regulated sectors – like care, health and education. Compliance and security are increasingly important and cloud service providers (with accreditations of their own) can ensure cloud environments meet regulatory requirements.
In some instances they even take this a step further by offering additional IT compliance services that help charities not only achieve compliance, but remain compliant on an ongoing basis. The whole activity of data management generally for charities is an increasingly big issue – particularly with fundraising regulation and GDPR – so that any solution which assists with IT compliance is making a valuable contribution.
While there is an acknowledgement of these benefits, there are challenges when it comes to moving to the cloud, particularly for charities, especially when it comes to the budget. But perhaps one of the biggest challenges is: where do you start? Many cloud service providers liken cloud migration to a journey – and that is quite apt. And with every journey, there needs to be a place to start.
The first cloud step
The path to secure and compliant cloud begins with a readiness assessment. Not all workloads, apps and systems need to be moved to the cloud, and there might be things that can’t be moved due to regulatory or compliance issues.
Working with a cloud service provider can certainly help – as long as they know what you’re trying to achieve and what your challenges are. They will help you find the right cloud model for your requirements whether that’s public cloud from the likes of AWS, Google or Microsoft, a private environment or a hybrid of both.
In essence, a readiness assessment looks at three main areas: technology, people and processes.
By examining at what your charity looks like today, in terms of applications, workflows and infrastructure, you can determine the cost and benefits of migration. Here you, alongside your chosen cloud provider, gather insightful data on how these various aspects are used, when they’re used and how frequently. This helps you build a cost model to see what can be moved and where it should be moved to, as well as what shouldn’t be migrated.
Looking at applications, as an example: if they are too old, they will need to be re-developed or re-architected if they are moved to the cloud — often at great time and expense. These could remain locally, or what may work better is moving the server that runs those applications to the cloud so that they will sit on an infrastructure hosted in the cloud, but effectively remain the same.
What this example illustrates is that while there are benefits in moving technology to the cloud, they are not always straightforward and may not always be worth it. It’s important to identify the best candidates for migration, as well as how to make that move. If you push too hard for migration, or try to make it happen too quickly, something is bound to break - sometimes it’s the technology and sometimes it’s the people responsible for the technology.
Often moving to the cloud results in changing the ways a charity operates. It’s almost always better – because it’s faster, easier to operate, and offers a quicker time to achieve results — but from a people point of view you may encounter a lot of resistance. As a result, you need strong executive sponsorship to drive that journey.
Moving to the cloud effectively means that a lot of jobs will also move to the cloud. In areas like service, support and operations, the work these teams do in terms of building, managing or maintaining technology may be taken away because it is either no longer needed or falls to the cloud provider.
This may result in the fear of job losses, or insecurity when it comes to possessing the right technical skills to support this new technology. A cloud readiness assessment will help you identify the current strengths of your staff, as well as skills or training gaps.
For a cloud service provider, as an example, failure to understand how the charity operates and the people who manage that operational process can often stunt or stop a cloud migration. For the charity itself, it’s not simply a case of extolling the benefits of cloud, you need to take your staff on the migration journey as well, guiding them through the change.
It stands to reason that the move to the cloud will result in a lot of process change. While cloud itself may be technically less complex, the chances are that your operations and processes will become more complicated. This is especially true in a hybrid environment where you’re not just looking after tangible assets that can be physically seen, changed and monitored, but instead you’re managing something that is remote.
Your cloud readiness assessment will also look at these operational and “business” processes, and the willingness of your charity to change. You also need to consider vital aspects like access, security and the change process when thinking about cloud migration.
A cloud readiness assessment can also help with security and compliance requirements. Because charities already operate in varying degrees in a regulated environment, this is especially important and should form an integral part of the migration process. As part of the assessment, you can identify and define your security and governance requirements, set out a risk management framework, and then understand how these elements will help you achieve compliance.
Cloud is worth it
So moving to the cloud can be daunting. but it is worth it. As explained, migrating your charity to the cloud and ensuring you’re able to properly benefit from the move needn’t be an impossible task. Once you have undergone the cloud readiness assessment which helps you put things into perspective, you are ready to make the right decisions (of course with help), including choosing the right operating model for your charity.
The majority of today’s organisations are undergoing digital transformation, adopting new technologies in order to become more efficient, offer new products and services, and offer new ways for customers to access existing products and services. Cloud based technologies and services have been a big part of this, and research has shown that the overall adoption of cloud technology by businesses and public sector organisations has now hit 88%. However, one sector that often works differently from most is charities.
Rather than looking to maximise profit, charities’ core purpose is championing a specific cause. However, when it comes to back-end operations such as IT, charities have to function like any other organisation and give their teams the tools they need to work effectively whilst managing their costs. In fact, they often have to be even more savvy and careful with both finances and time than other organisations. So, can technologies such as cloud help charities do this? If so, what are the specific benefits and how can they be maximised?
Managing IT costs effectively
It’s probably not surprising that managing cost is important for charities. But what’s important is also how costs are distributed. The cash flow at charities — intermittent, uneven, and without large sums sitting in the bank — often makes it difficult for IT directors to get sign-off for extensive capital expenditure IT investments.
Cloud operational expenditure models and monthly subscription-style billing mean that good infrastructure becomes more easily accessible without huge, upfront investments that might detract from charitable work. Charities, as well as businesses, are finding that operational expenditure models make it easier to manage IT costs and build them into their regular cash flow. However, this only works in practice when you have predictable cloud billing to plan around.
The underlying infrastructure is not the only cloud implementation where the OpEx model helps manage costs. The rise of Software-as-a-Service (SaaS) allows charities to be more flexible when changing and trying new application solutions that contribute towards core functions. Importantly, SaaS makes it easier to remain up to date with the latest software without having to invest in a new package when there’s an update, as well as those updates being automated.
Office 365 is just one example of SaaS enabling enhanced productivity, increased mobility and real-time collaboration. Migrating the familiar Microsoft Office suite to the cloud helps meet charity volunteer management needs, such as quickly enabled, scalable email storage and the easy addition of new users.
Focusing on the cause
Organisations in every sector are increasingly looking for ways to spend less time managing their backend resources and more time focusing on their core activities. Charities are no exception. Removing tasks around areas such as licensing, security and patching means focusing charity time on solutions that help people, animals, the environment or any other cause for which the charity is fighting.
The issue with managing IT and cloud environments in-house is also one of access to appropriate expertise and skills. In a hybrid and multicloud world, it can be difficult for charities to recruit the necessary IT skills to manage increasingly complex infrastructures. Furthermore, it’s not cost effective, either, to have a full-time employee to manage just one specific part or application of your collective environment.
Where they have been able to adopt managed clouds, one is seeing charities shifting resources to develop “Digital Teams” instead of teams working solely on IT. These teams are focused on the application layer of the technology stack, and instead of spending time maintaining infrastructure, will be creating new solutions and innovations which directly advance charity goals.
Managing campaign cycles
Many charities operate on campaign cycles for their all-important fundraising activities. This can be difficult to manage from an IT perspective, especially on owned hardware. How do you handle large traffic or donation spikes at certain times of the year, for example, without paying for underutilised assets outside of these periods? As you’ve probably guessed, the answer is “with the cloud”.
Cloud bursting and access to public cloud allow for quickly scalable infrastructures that can meet these spikes in demand. Coupling this with a pay as you go model also allows for developing and testing throughout the year, in order to be ready for these peaks.
Website traffic, in-store payments and overall donations online can see both significant peaks and troughs, and charity IT systems need to be flexible enough to deal with both. The scalability of the cloud, combined with a pay as you go model on an ad hoc basis means that charities do not have to invest in large numbers of physical servers that are underutilised 364 days of the year, thereby alleviating unnecessary costs.
Keeping sensitive data safe
Charities hold a host of personal data: from donors’ financial details, to sensitive data on the people they help. While the security put around data centres is amongst the best in the world, it’s still the case that some charities are nervous about putting data into that unknown cloud space. Security needs to run throughout user systems and networks, so it is crucial that data is properly backed up and retained in ways that meet regulatory requirements.
However, to add another layer to the security picture, it’s about their retail space as well – a very significant revenue source for many charities. Retail space requires hardware such as PDQ systems, computers that connect back to the core IT systems with access to email, an intranet and any other internal software which connects to their shops and their networks.
Here, cloud services like Desktop-as-a-Service (DaaS) can play a key role in securing data. Many charity retail locations, relatively speaking, can be vulnerable to theft, fire, floods and any other physical threats. However, using DaaS, vital systems and data are protected from even physical threats. As the data is not stored locally on end-point devices, DaaS gives the ability to prevent data theft.
Managing volunteers effectively
Another way that charities differ from most organisations is their reliance on a relatively high proportion of volunteers and temporary staff. With variable staffing levels and thus regular changes to access requirements, systems need to cater for both permanent and volunteer staff. The question is how to efficiently and securely give (and revoke) volunteers’ access to IT systems.
If a charity brings in a large group of volunteers for a big campaign, cloud can scale with the team, and the quick creation and removal of accounts are easy, and ,again, mean the charity is only paying for what it uses.
Cloud also enables remote working – so the 300 volunteers who have been brought in to support a campaign do not need to be facilitated in restricted office space and there’s no need to reimburse for travel costs. Remote working alleviates all these issues by enabling workers to connect to networks and servers from any location. DaaS also means that volunteers can work using their personal mobile, laptop or tablet by securely connecting to servers, again, decreasing investment requirements for the charity.
So, can cloud technology help charities in their quest to further their cause? It is clear that cloud can offer huge benefits to charities by helping them to manage their monthly costs, volunteers and donation cycles, allowing them to focus on their core mission. Essentially, cloud can offer huge benefits by allowing charities to move costs to an operational expenditure model and ensure that they only pay for the IT services they use. When charities are stretched for time and resources, using a cloud provider can enable them to focus on their chosen cause.
Many charities have evolved into more commercial organisations, increasingly reliant on raising income through their network of shops and being accountable to their supporters for their operating costs and the actual percentage that is ploughed back into their cause.
Admin is one of the biggest cost centres for a charity, a financial drain few can afford and often criticised by supporters for perceived inefficiency and wastage.
Charity income and spend are unique. There is not just the rational need to cut spend and increase profit but also the dynamic of a charity to take into account, founded on the emotion of the “good cause” from supporters and volunteers.
Much information about charities is now made publicly available via the Charities Commission and supporters who are curious about hoIncreasing operational efficiencyw charities raise and spend money can use the Commission’s search tool to find their charity and quickly access income and spend figures.
Increasing operational efficiency
The charity retail sector is being forced to rethink how it increases system and operational efficiency to greatly reduce administration time and costs by following in the footsteps of its commercial retail counterpart, harnessing modern technology to intelligently and efficiently operate retail shop networks.
Charity EPoS (electronic point of sale) technology has made a giant leap forward since most charities first adopted electronic point of sales systems. Today’s EPoS solutions go way beyond transaction to drive multi-faceted efficiency and optimise profit.
Charity EPoS technology can and should be the driving force at the heart of the retail organisation’s system and operational architecture, uniting every element from transaction, return, inventory, Gift Aid, loyalty programmes through to eBay and other online outlets. Improved volunteer till usability is a bonus and speeding up the till process is important in meeting basic customer experience expectations.
Integrated EPoS and management
However, the new breed of EPoS technology is fundamentally about increasing gross profit by slashing admin, eradicating mistakes and critically streamlining everything into one tightly integrated EPoS and management platform, creating a central hub to leverage everything from price and inventory optimisation through to enhancing supporter engagement.
This new breed of EPoS was born from the new retail and consumer world we operate in and are continually challenged by. What worked before is becoming inefficient, a cost drain that charities can ill afford.
It has also become an admin battle to scramble together processes and plug profit leakage across the organisation, ranging from new goods inventory; multi-channel stock management; data protection; instore fraud; keeping supporters engaged; and clinching maximum Gift Aid from an increasingly on-the-go and in-a-hurry shopper.
Operationally, things just aren’t as simple as they used to be. For many charities, staying afloat and pushing forward has meant a total review and rethink of the underlying technology systems that support their organisations. The core areas that have proved to greatly relieve charity retail administration are: cross-channel retail stock optimisation, Gift Aid, supporter communications, community engagement, and data security.
Cross-channel stock optimisation
When donated goods come into a charity shop, they need to be sorted through, examined for quality, allocated a product category and then priced. This alone can be a difficult process, reliant on staff and volunteers to choose a reasonable price and for that price to then be entered correctly at the till. There’s also the additional complication of how you log the category of the item sold. Without this data, how can you know what is selling well in each of your shops?
When it comes to sorting and pricing donated stock, charities can benefit from looking to high street retailers for inspiration. This is where the technology comes into play. With the right retail software, each store can be given its own pricing guide and when the goods are sorted, the system can print out a barcode label with all the product and price information encoded enabling the volunteer to simply scan the code to process the sale.
This helps charities to bring the level of data available up to high street standards, enabling them to understand exactly what sells in each store, for what price, and guarantees that the price shown is what is charged - which can ultimately lead to an increase in average transaction values as well.
Accuracy and stock visibility
Using new technology including cloud-based retail systems, charities can also achieve the same level of accuracy and stock visibility for new goods across multiple channels, whether they’re selling instore, online, on eBay or all three. For example, through a more accurate picture of sales and stock, Lindsey Lodge Hospice has been able to make decisions to increase sales based on facts, improving cash flow and reducing stock holding.
As Michael Coulson, internet trading coordinator at Lindsey Lodge Hospice, explains: “We know what stock we’ve got in the warehouse, all of the shops, website and now we’re using an eBay module, that’s all integrated as well. We’re able to buy in more new goods now, so sales of those have increased 25%.”
With the necessary structure in place to operate across multiple channels, charities can also easily start selling specialist or high value donated goods online as well, from women’s designer clothing to rare books. Listing such items on their own ecommerce website or eBay enables them to reach a whole new and expanded audience, which in turn helps to achieve the best price.
Without a centralised stock system, this is likely to become another administration-heavy task to manage, especially for smaller charities which may be short on staff. Some larger charities now have specialist teams who centralise these items and put them online but it’s an expensive process with goods being shipped around the country before they have been listed.
It can also ruin the traditional rummage that shoppers so often enjoy in stores, as they come to realise all the rare and collectable items are on eBay, subsequently reducing footfall. With a fully integrated retail system, charities can choose to keep such items in store too, expanding item marketplace exposure, quicker donation to sale and helping to obtain optimum prices.
Getting to grips with Gift Aid
Managing Gift Aid claims and encouraging staff and volunteers to actively promote Gift Aid can be a big obstacle for many charities, big and small. Gift Aid is a valued income stream but adds another level of complexity to charity retail. The charity has to capture the details of the supporter donating goods, enrol them for Gift Aid, link the goods to that donor and then record the sale against them for a Gift Aid claim to take place.
This can be a huge administrative burden and is especially complicated when done manually. By finding the right software solution for your charity, a lot of the Gift Aid claiming process can be automated, simplified and help improve your engagement with supporters, making them feel involved and valued.
For example, the registration process can be speeded up by using postcode verification to capture donor details on the till or via a tablet. Using the same data, supporter cards can be issued and used for all future donations with quick and simple printing of single barcodes to be attached to the individually-recognised supporter donations, which also includes all the essential supporter Gift Aid information as well.
Never missing Gift Aid sales
Creating a structured process ensures no Gift Aid sales are ever missed by capturing data accurately and allocating sales to the right department and price. It also encourages volunteers to ask more supporters about becoming a Gift Aid donor when they know it’s a simple process.
In fact, deafblind charity Sense recently reported a 31% uplift in Gift Aided sales, a dramatic increase achieved simply through volunteers promoting it more following the implementation of an integrated Gift Aid and EPoS solution.
Adrian Darkin, trading director at Sense, explains: “Interaction with people is so important. Technology has moved on from what it used to be and customer expectations have moved on as well. Customers want a professional transaction and customer interaction in charity retail now, so it’s important for us to train staff to use the new technology and increase customer engagement.”
Better through unified databases
Charity retail technology nowadays can significantly increase revenue through unifying store and fundraising supporter databases. Why shouldn’t a store customer who spends money with the charity in store or donates to the charity be rewarded? Many charities are now giving supporters their own card which can serve multiple purposes.
It can hold their Gift Aid data along with supporter loyalty points. With all this customer information, charities can keep in contact with supporters through personalised communications, such as reminder emails about what good work their donations are enabling the charity to do.
Enhancing data security
There is one other area of day to day in store operations that technology can improve and that is security. It is often initially assumed that theft would not be an issue within a charity store environment, however some less scrupulous people have been known to target charity stores as historically they’ve not had security systems in place.
This is another area where technology can revolutionise security by providing data on all aspects of the store through stock control, detailed analysis of sales and staff operations, all endeavouring to massively reduce if not eradicate fraud within the charity store. With everything logged on a system including set prices for goods, it’s much harder for staff and volunteers to alter prices on goods, whether it’s on purpose or by mistake.
Selecting the right technology
Reviewing current and future technology systems and needs goes beyond just IT. It’s about keeping focused on the charity’s strategic commercial objectives including the long and short term investment costs calculated against the financial admin savings and gross profit potential.
Changing and rolling out new solutions can be expensive in both time and money. There is a wide choice of technology vendors in the charity sector and their solutions take on a wide variety of shapes, sizes, functionality, scalability and flexibility to shape around your specific charity.
Dramatically reduce admin time
From better stock control to automated processes, technology can dramatically reduce administration time in charity stores, all while increasing accuracy, improving security and bringing in more revenue.
Some key questions to consider are:
- What will you be doing in two, three or even five years’ time? Will the system be able address these plans?
- Is the system user friendly enough for your staff and volunteers?
- Does the software provider offer suitable training plans?
- Where will your data be stored and how secure is it?
- Can the system address fraud?
- How simple is the Gift Aid process and can it be integrated within one barcode with the price and category?
- Does the system automatically adjust to HMRC changes for Gift Aid?
- What reporting tools are offered for retail, fundraising and finance?
- Can it help you operate across multiple channels easily?
- Can it help you improve supporter communications with a CRM database, supporter cards etc?
- Is the software automatically updated and if so, how frequently?
- Can you have access to the provider’s product roadmap for a full view of future developments?
- What sort of return on investment can you expect and within what timescale?
The administration pain point of charities can be relieved by the right technology platform and solution with many national and local charities already reaping the financial and time-saving benefits of automation, synchronisation and real time streaming of data, intelligent reporting and an improved point of sale customer experience.
Reviewing what we need today and tomorrow, and rethinking how we do things in the modern world of retail and prolific growth of technology applications and functionality, will be the key driver to reshaping the future success and protection of charity retail revenue.
"For many charities, staying afloat and pushing forward has meant a total review and rethink of the underlying technology systems that support their organisations."
"Managing Gift Aid claims and encouraging staff and volunteers to actively promote Gift Aid can be a big obstacle for many charities, big and small."
"With everything logged on a system including set prices for goods, it's much harder for staff and volunteers to alter prices on goods..."
When you choose a charity to donate to, your decision is usually driven by your heart. Often it’s a personal connection. Losing a family member to heart disease may prompt you to donate to fund research to prevent it, for example. Other times a cleverly positioned television ad that gives you an insight into the reality of someone else’s life or a distressing news report that makes you cry can create a powerful desire to help.
To my knowledge, no one has ever cited "efficient IT" as a reason for giving. It’s probably why many charities have neglected their IT estate.
Neglecting your IT
I can’t blame you – when you are dealing with real life issues at the sharp end – when what you do can literally be the difference between life and death – you may be forgiven for neglecting your IT. In her study Why Rich People Give, Theresa Lloyd claims that wealthy donors are motivated by five factors from belief in the cause to being a catalyst for change. ITIL, practices that align IT services with the needs of a business, doesn’t even come a close sixth!
As one charity CEO told me, “We just don’t have time to fully explore our IT so we make do with what we have. Everyone working at the charity is focused on addressing a need that is growing exponentially. To us, IT is about as sexy as the taxman!”
That last comment hurt! However, according to figures from HMRC, the value of tax relief for charities and individual donors rose to £5.14bn in the year to March 2016! Charities received £1.3bn in Gift Aid!
Maybe the taxman is sexy after all! Maybe your IT can be too.
What if your charity could get more money to the needy, fight disease better through improved allocation of resources or save more lives by eliminating administrative bottlenecks? Will more money make it to the needy if you "make do" when it comes to IT or could recipients actually get better outcomes if your charity adopted IT that is fit for purpose?
Front office excellence
I’m biased. As a donor I want every pound I donate to charity to have maximum impact and I really think that by sorting your back office IT you will maximise your front office excellence.
If you were to "rattle tins" in the street you wouldn’t just randomly turn up somewhere. You’d make sure you chose a prime location, to maximise the number of passers-by and potential donors. You would select a town centre or a shopping centre, and you would choose a day when there was plenty of footfall. You’d have posters with clear messages and a gallery of images that tell your story. You’d brief your volunteers on what to wear and make sure they could answer questions from the public about where the money goes to.
When you buy T-shirts for your fundraising crew you know buying cheap is a false economy and that buying Ralph Lauren may be frowned upon as a tad excessive. So you select accordingly; you go for value for money but of sufficient quality to survive washing and drying.
If you were organising an outdoor event you’d avoid a time when inclement weather might deter attendance. You’d have your fireworks party at night, you’d send raffle prize requests to companies which would donate prizes people would actually want to win.
My point is, you already invest time and resources in "front office" excellence. Both in the metaphorical sense above (how you fundraise) but also the actual professionalism that will be on display were I to visit your office. The treatment I would receive as a visitor would be on a par with that expected from a visitor to a FTSE 100 company and what’s more – your coffee is probably better.
The reality of IT
Between that front office excellence and your beneficiary, between the money you raise and the tangible difference that it makes - sits your IT.
Ineffective IT could be wasting your hard earned income, but it could also have an impact on your future fundraising potential.
I’ve already said that I don’t believe many people select a charity based on how efficient its IT systems are.
It is interesting though to reflect on the findings of the Centre for Charitable Giving and Philanthropy’s paper on How donors choose charities. Perceptions of charity competence can have an effect on the selection of charitable recipients on the basis of criteria such as being "well run" and "efficient", or "charities which have low overheads".
“There is a general consensus that charity competence” as demonstrated in the efficient use of money and resources “is highly attractive and likely to prompt greater donations”. A most effective way to achieve this perception is through deployment of IT systems that are worthy of your charity’s aims and mission goals.
Getting IT right
The two most common ways of getting your IT right are: 1) Do things yourself; 2) Have a third party advise and create; ... and there are advantages and potential pitfalls to both.
DO THINGS YOURSELF. The most common problem encountered by any organisation but especially a charity, is that it is difficult to sacrifice sufficient time and resources to project manage an IT makeover. Many charities tend to end up with a shiny, new, expensive system that is - to all intents and purposes - exactly the same as the one it has replaced, only less effective because it is less familiar to end users.
Analysing your charity
On the plus side, if you get it right, doing it yourself can make large savings. If you choose the DIY route I would urge you to carry out a gap analysis on your current IT infrastructure versus your charity’s goals and the part you want your IT system to play in these. There are lots of resources on gap analysis online but as a key step guide, you should:
KNOW YOUR GOALS AND THE ROLE YOU EXPECT INFORMATION TECHNOLOGY TO PLAY. These can be broad organisational goals like "improve reporting of fund raising", "reduction of overheads" and "beneficiary satisfaction" or specific goals like ‘increase shop sales revenue by 5%".
SURVEY YOUR CURRENT STATE. Take an honest objective look at how your IT is currently performing in each area you have identified. if you have data – analyse it!
ANALYSE THE GAP BETWEEN YOUR AMBITION AND YOUR REALITY. Don’t just measure how far off you are – actually drill down into the "whys" and the "hows" of your shortcomings. In this phase, really challenge your operation!
COMPILE A GAP ANALYSIS REPORT. Your report should be thorough and understandable to all the stakeholders, especially "non-techie" readers who will need to form opinions based upon your findings. Most importantly each gap should have a thoroughly costed solution that explains how it will bridge the gap you have identified.
ACT QUICKLY. Once you have identified your gaps and agreed upon how to proceed - don’t procrastinate.
AVOID SUPPLIER LOCK-INS. Beware of supplier initiated contract lock ins. You don’t want to be tied to a state of the art solution when a new player enters the market with an even better fit for your charity. Read the small print!
HAVE A THIRD PARTY ADVISE AND CREATE YOUR IT SOLUTION. This could be the better option for you - but when you get someone else to design your IT estate, make sure that you choose someone who will work "on your side". You don't want someone who is getting a nice little commission for providing a product that just about fits your needs - you want it to fit like a glove.
Understanding you properly
Make sure that your partner (and it should be a partnership) will diagnose before they prescribe. It is very important that your partner takes time; I mean REALLY takes time to get to know your charity, your culture and what you want from your IT.
Choose a partner who encourages you to ask "stupid questions". Designing IT is their thing not yours! I bet they couldn't do a fraction of the valuable work that you do! The right provider will have taken time to suss you out so they should already be talking your language but if they slip into jargon, call them on it! If you don’t understand any part of the process the right provider will be happy to explain and not proceed until you do and, if they're worth their salt, you'll find that they answer your questions with passion similar to that with which you talk about the work that you do!
Key services to consider
Finally, look for true end-to-end service. As a guide there are certain key areas that would benefit your charity when considering buying in IT services:
IT ADVISORY. Aligning IT infrastructure to your charity's strategy, advising on potential cost efficiencies through vendor (supplier) management and realising maximum value from existing and future technology choices. for example, cloud, networking, end user computing or telephony.
PROJECT MANAGEMENT. This is where your IT Project comes to life and where Gartner, the world's leading IT research and advisory company, believes a quarter of projects flounder through cost over runs. With robust vendor governance and the right service provider your charity can secure high quality project delivery, often with no net increase in the overall portfolio costs.
IT SERVICE DELIVERY. IT service delivery management can help you improve quality and reduce costs. The right provider will prevent you from getting locked in to costly long term contracts and achieve consistently better IT services through Service Level Agreements and Key Performance Indicators that give you greater transparency.
SUPPORT AND SERVICE MANAGEMENT. After advising, managing and delivering your IT, you want a partner who is going to stick around. A partner who will be there when you need them but who will also keep checking in to make sure everything is being delivered as promised.
Financing the benefits of IT
A lot of research has been done on how charities can maximise the raising of funds and how best to spend those donations to achieve desired outcomes. Similarly, IT has evolved through research to deliver business strategy driven solutions that allow enterprises of all sizes, from SMEs to multinationals, to achieve greater productivity and reduce costs.
We are now at a point in time where such benefits are within the budget of most charities, in fact better IT won’t cost you money – it will save it.
I hope I have given you food for thought.
If nothing else, I hope that you at least think that I am sexier than the taxman.
"Ineffective IT could be wasting your hard earned income, but it could also have an impact on your future fundraising potential."
"Take an honest, objective look at how your IT is currently performing in each area you have identified."
"IT service delivery management can help you improve quality and reduce costs."
For Jimmy works to make communities safer for young people by building a legacy of peace in memory of Jimmy Mizen, who was senselessly murdered aged 16 in May 2008. Jimmy’s family vowed to ensure something good came of his death. The Jimmy Mizen Foundation, now For Jimmy, was founded in 2009. Its mission is to share Jimmy’s story to help all young people fulfil their potential, striving toward a vision of a world characterised by communities we all want to live in, where a young person can go into their local shop and always return home safely.
Much of the charity’s work involves work with school pupils. For Jimmy’s flagship school programme is carried out in primary and secondary schools in Lewisham, south east London, and supports pupils who have been identified as socially and academically at risk. The charity runs a series of highly interactive workshops both within and outside the school that help students develop life skills and instills a sense of personal responsibility for their local community.
As part of the programme, they also spend time in their community creating “Safe Havens”, where they build relationships with shopkeepers, police officers and local people in order to create safe spaces along their high streets that they can turn to when in danger.
Lack of data consistency
Like most charities, we’ve long been collecting data about our work. This information comes from a multitude of sources. We have everything from lists of newsletter recipients to records of the number of children attending our awareness talks in certain areas, to tracking the academic progress of the young people we’ve worked with.
Yet the advantage of collecting data from such a diverse range of sources at the same time provides its drawback. We’d worked with law firm Mayer Brown on compliance, and sought to ensure that the data we were collecting from schools was protected. However, as a small charity with little experience in this area, our information was collected and stored on a rather haphazard, ad hoc basis – a quote from a trustee here, a list of talk attendees there. There was little consistency in our methods of reporting and collection, and little by the way of those oh-so-valuable hard numbers.
What made things more difficult was that we had a number of departments, all collecting information from different places for their own uses. The lack of consistency in their approach meant they were unable to effectively share data with one and other.
Nor could we update the data in a systematic way, given that each time it was gathered, it was collected in different formats. Plus, as our programmes changed and expanded, there was no reliable evidence that could help us decide how to best allocate our resources.
This all amounted to a sprawling mass of information, light on both impact and accessibility. Despite our richness in terms of data, we were unsure exactly what to do with it or how to communicate it.
That’s why we were so keen to work with data company Aimia. data philanthropy week. We were honoured to be one of six charities to participate in Aimia’s data swarms. We began with a few initial meetings to really drill down into the problem and to allow Aimia’s team to get to grips with our use of data. Discussions led us to the main purpose of our work together: to create a single dashboard containing all of For Jimmy’s data. We wanted frameworks to improve the effectiveness of our work, increase donations and showcase our impact.
A dashboard is a visualisation tool that displays an organisation’s data in a clear and accessible way. Dashboards consolidate and arrange a wide variety of information on a single screen, but can tailor the data shown for specific roles and departments.
Such a structure would enable us to consistently record data across the charity, which in turn allows the data to be accessed, updated, used and flexibly combined across all of our departments. The dashboard would also allow us to cut data in different ways, because it allows the different data fields to be searched and ordered flexibly. For example, by sorting it according to postcode, we could track our expansion across the UK, and provide powerful evidence of our increasing reach to potential benefactors.
The first step in creating the dashboard was to hold an internal "data swarm" to evaluate and interpret prior to cleansing, during which we drew together our whole collection of data - no small task! Doing this really hammered home the huge volume of data within the charity, much of which we had never done anything with. In fact, at this stage it could hardly be called a data collection. A more apt description might have been a data mess.
One of Aimia’s data analysts got to work on "cleansing" the data. This essentially means formatting the information so it can become useful. Very simply, the data all needs to be in the same format. This exercise also means that, long term, data entry becomes a faster and more democratic process.
A single dashboard
Then to the exciting part – the main data swarm. We had already worked alongside the analyst to gather a team of his analyst colleagues with the necessary technical skills to help create the dashboard and draw out insights. Each analyst worked on a specific task or area of the dashboard.
We were on hand throughout the day to answer questions about the data, such as where a particular donation came from or how it was used. It was important that the new system was created precisely for how For Jimmy would be using it. While, of course, there are best practices in the use of data, no two charities have identical needs.
Key areas of focus
Splitting out the different areas of data we work with helped us to clarify how we could use this data, what we should prioritise, and what was the important information to communicate to stakeholders and in funding applications.
Donations provided a major area of focus, for the first time allowing us to seriously analyse who and where our donors are. Who are the biggest contributors? Do they donate regularly? How do we communicate with them? Not only could this information enlighten our marketing strategy going forward, but we are now also able to extract more specific operational details, like whether a donor has been contacted after their support has been received. Such change will make the daily running of the charity smoother and will improve our relationship with our benefactors.
Another area we looked at was how we can better utilise social media data. We were fascinated to find out the demographics of the users who were engaging with us, and to be able to make a more scientific and comprehensive exploration of which content proves most popular. It’s amazing how the smallest tweak – such as the time of day a post is published – can make a big difference. It just goes to show how data analysis should inform a charity’s operations, even the seemingly mundane, instead of being seen as a big external project.
So, a few months on from the initial data swarm, what have we learnt? In many ways, the questions raised have been more important than the answers reached. We’ve started to think about why and how we’re collecting data; it is no overstatement to say that we’ve experienced a cultural change in the way we think about data.
We urge all charities, big and small, to take a little time to reflect on their data. Collect as much as possible – yes. But think about what you’re collecting – and, most importantly, why. It’s well worth the time to get it right. Data should be part of a charity’s core structure, not just a side project.
As a small charity, our increased awareness of our data is allowing us to compete with bigger charities as we learn and grow. We’ve used the insights we drew out thinking about our data, combined with our use of the new dashboard, for 10 recent funding applications. This has provided vital hard evidence of our results which used to be too laborious – or even impossible – to find.
Taking our data further
The key for the future is to keep looking at how we can improve our use of data. For us this will involve monthly meetings with the analyst during which we’ll work on our system to ensure that data remains at the forefront of our progress. We’re continually moving further down the path to achieving this, and the ability to now use data to help our charity undoubtedly takes us further.
"Splitting out the different areas of data we work with helped us to clarify how we could use this data, what we should prioritise, and what was the important information to communicate..."
"We've started to think about why and how we're collecting data; it is no overstatement to say that we've experienced a cultural change in the way we think about data."
Whether your charity handles its IT, and data and information security – and backups – in-house, or has outsourced it all to the cloud, a basic truth is as follows: ironically, improvements in anti-virus software - provided the software is regularly updated - mean that, 99% of the time, charities are not exposed to viruses and as a result are taken by surprise when receiving a malicious attachment.
Viruses and associated ransomware are as insidious and tenacious as ever, though, and there is no lack of malicious attempts to use them, but good gatekeeping can keep the majority at bay.
Then there are Distributed Denial of Service [DDoS] attacks, which can cause mayhem to websites and computer networks. More about those later in this article.
Gatekeeping is not only about technology. It also involves human behaviour, which, if undisciplined, can result in a potentially dangerous virus infection or, in the case of ransomware, the complete shutdown of a computer unless a ransom is paid.
Not taking security for granted
To explain that differently, staff, volunteers and interns in a charity shouldn’t get too comfortable with their online activities and take security for granted. In order to protect themselves to a greater extent, charities should remain vigilant and train their people not to open unknown emails or visit suspicious – “phishing” - websites.
The latter can have as serious a consequence as opening a malicious attachment, because the sites can download malware and other threats, or take you to a web page that, for example, looks like your bank’s home page but isn’t. By logging in to what you believe to be your account, through giving your log-in details, you are at risk of ID theft as well as financial loss. The same applies to fake PayPal and similar websites.
Individuals working for a charity can be tricked by a phishing website, thereby putting themselves or the charity at huge risk.
Regular data backups essential
Let’s not forget the vital role that data backups play in good gatekeeping. Backups are not only useful in the event of a hard disk crash or theft of computers, or damage caused by fire or flood. In all those cases they can enable rapid business continuity through data/information restoration.
They also come in handy where ransomware demands are made, by enabling the demand to be ignored because the most recent backup can be put on to another computer.
Backups are most effective when a disciplined regime of making them is followed. Real time backups are ideal, but not always practical, especially in a small organisation. Making frequent backups, however, is viable but does depend on a level of discipline or selecting automated, scheduled, backups.
Bear in mind that any backups made locally, i.e. not online but in the office, whether on NAS [Network Attached Storage] devices, or even USB drives, do need to be stored safely off-site until being used again. Many smaller organisations don’t do that, adding to the risks they face from data breaches or loss of data - and subsequent fines by the Information Commissioner.
Charities which suffer data breaches face the wrath of the Commissioner. Breaches can come from the theft of office based data backups, computers, tablets or smartphones. It can come from insecure coding on a charity’s website or software applications, resulting in websites being hacked into and information – the names and contact details of donors, or details of children or the elderly or other vulnerable groups of people, for example – stolen.
Charities should therefore ensure that website developers they use meet minimum but acceptable standards at least. The same goes for software applications they buy in or borrow; or build on their own, perhaps with the help of a freelance software developer - another risk, however well intentioned the developer might be!
On the subject of external support, there is a risk to data from the practice of charities relying on outworkers, whose work devices might be exposed to information and data loss for a variety of reasons including theft.
Another reason is bad practice - this ranging from allowing friends or associates to use the devices to relying on inadequate or out of date anti-virus and anti- malware tools, visiting phishing websites and using Wi-Fi hotspots. Even “secure” hotspots pose security threats.
Safeguarding sensitive data is high on the agenda of charities, but with many being run on a shoestring, others with resources stretched to the limit, they are not always adequately prepared for the risks their data and information face.
An alternative approach to security
Charities with 10 or more people working for them have an affordable answer to issues regarding cyber security and backups – and threats posed by inadequately written applications: the hosted desktops element of cloud computing.
Where hosted desktops are deployed, all data and information processing is carried out in a secure data centre rather than an in-house server or individual desktop, laptop or tablet. Backups are therefore also made in the data centre, by the hosted desktops provider.
If the provider is ISO 27001 certified, charities can be sure that every action taken in the centre is in compliance with what is the international gold standard in information security management.
ISO 27001 accreditation means that backup regimes are strictly adhered to, allowing business continuity to be optimised should it ever be required. Secure storage of backups is no problem. A second secure data centre ensures that in the unlikely event of the primary centre being affected by a “disaster”, the service offered by the hosted desktops provider continues.
Hosted desktops - or Desktop as a Service [DaaS] - also relieve a charity of all concerns about purchase and support of IT. And, crucially, with cloud computing being device independent, hosted desktops cannot pose a security threat. That is, staff can work on their own devices without compromising the charity’s security policies because they are only using the devices as hardware to access their work.
Distributed Denial of Service attacks
Recent research by security company Imperva concluded that the UK is now the second most targeted country after the US when it comes to DDoS attacks, which are designed to bring websites down and make computer networks unworkable. The number of attacks was up 200% in the past year, according to the firm, with some being directed by former workers disgruntled at their employer.
These disgruntled workers paid as little as a few pounds sterling to buy an attack by a DDoS provider, highlighting the dangers that can come from within.
The smaller a charity the less likely it is to have the resources to combat, or at least be prepared for, a DDoS attack. If its computer network has been outsourced to the cloud, as is increasingly happening, the cloud services provider should have the capability to stop an attack on the network or make it as brief and ineffectual as possible.
Small charities and security
The hosted desktops approach to cloud computing enables even small charities to benefit from the sort of cyber security they may have envied until now: corporate level online tools that provide robust firewalls, web filtering, optional encryption of sent emails and management of all the access devices.
Other tools in the provider’s arsenal control and enforce acceptable use policies, block access to inappropriate websites and other sites the charity wants to exclude from staff access, and generally reduce misuse of the internet by a charity’s workers.
The fact that charities rely on volunteers/outworkers and interns for some or much of their day to day functioning exposes them to risks that have to be considered.
The risks can be countered through a combination of good practice and basic tools that the charity can use itself, if its IT hasn’t been outsourced to the cloud or a traditional IT company, and it therefore doesn’t have access to the high level, enterprise quality tools used by a cloud services provider.
However, and critically for many charities, those tools are now affordable to them because the costs are shared with other customers of the provider. Also shared is the cost of high end, enterprise grade software applications, massively reducing, effectively to nothing, at a stroke, risks posed by insecure coding of applications.
Dual factor authentication, or 2FA, is an option offered by some providers. It helps prevent unauthorised access to information and data, by enforcing the identification of individuals through a combination of user name, password and information known only to them.
However, 2FA that uses SMS has now been declared insecure by the National Institute of Standards and Technology [NIST], ensuring there will be an impact at some point for users of the 2FA that is utilised by Gmail, Apple, etc.
Making the security decision
Charities can go it alone with cyber security and data backups or outsource the management of them.
Going it alone, combined with good gatekeeping, will reduce risks. Many smaller charities may have thought, until now, that that is the only option open to them. They would be wrong because of the much lower costs made possible by cloud computing; costs that include safeguarding of computer networks to standards formerly enjoyed only by the biggest charities and companies.
Charities have the opportunity to make a break from past practices and bad habits and look at how cloud computing can meet their data and information security needs while delivering superior built and better performing software applications.
Charities act as the custodians of masses of highly sensitive data and collaborate frequently with a wide network of partners – be that the NHS, councils, or the emergency services. Many of the people they work with are very vulnerable, making trust a critical component of the vital services they provide. Yet a recent freedom of information request to the Information Commissioner’s office showed that the charity sector has seen a 110% rise in data breaches in the past three years.
In the last year we have also seen charities hitting the headlines due to poor information security. In January, the ICO took action against the Alzheimer's Society for its data protection failings. Then in March, the British Pregnancy Advice Service was fined £200,000 by the ICO for exposing thousands of personal details to a malicious hacker. These are pretty sobering facts. The impact of such negative headlines could have serious financial implications and cause untold damage to trust.
Tough financial constraints
Yet charities, like many industries face tough financial constraints, with pressure to demonstrate cost efficiency, but without the budgets of some of the larger corporates to invest in much needed technology. As a result, it is difficult to balance the need for security against the need to deliver vital services.
However, the reality is that more money will not necessarily solve the problem. The vast majority of the breaches one sees in the charity sector are not malicious, they are mistakes – someone sends an email to the wrong person, or uploads a file to the wrong place. In fact, as research shows, human error is the leading cause of all data breaches.
So while investment in data security technology is crucial, it equally important that consideration is given to how the solution will effectively protect data, not only at the point of send but through its lifecycle from creation through to archiving, auditing and reporting.
Sharing data means risk
Charities rely on a network of volunteers, staff outworkers, homeworkers and field workers who need to utilise data (both to access and input) when not physically in a charity's building. As such, data sharing policies and procedures are often poorly communicated, leaving workers unsure of the rules of engagement until it’s too late.
Many workers are communicating on the move, potentially using personal email addresses and consumer tools to share sensitive information. Trying to control and manage the lifecycle of data is therefore extremely challenging. With so many remote, part-time and volunteer workers it becomes very hard to communicate data security policies and procedures, which means there is a lack of clarity around how data should be treated.
Mixed technical expertise
Charity workforces can also have mixed levels of technical expertise. This means that even if technology is available to enable secure working, user adoption can be difficult to achieve as many are reluctant to change. If technology is difficult or complex to use users will bypass it. Similarly, if people have to adapt the way they work, slowing down productivity, they are likely to take risks. In this environment, human error thrives.
This is particularly true if the intentions of security policies are not communicated clearly – sending a file unencrypted might seem like a very small risk compared to the real and present danger of missing a deadline or leaving a vulnerable person at risk for longer.
Achieving safer sharing
These problems are not going to go away over night, but there are actions that charities can take to help protect themselves. Here are some steps to safer sharing:
CLASSIFY YOUR DATA. Trying to apply blanket rules and restrictions on all data can often be counter-productive. If every email you send creates a pop-up to remind you to encrypt it – despite the fact it contains no sensitive information – then people will soon start to ignore those alerts; as such, they become redundant. Spending time to really understand your data and what is or isn’t sensitive, how it is used, and who it is most commonly shared with will enable you to classify it.
Classification first step
Classification is the first step on the road to control. By classifying data at the point of creation, you can manage the end-to-end lifecycle much more effectively and only apply security where it is needed.
CREATE POLICIES, PROCEDURES AND CONTROLS. Once you have classified your data it is crucial that you define policies and procedures that clearly outline how sensitive data should be treated. This should include what data can and can’t be shared externally, and what security measures need to be applied.
Once these are set, then it is vital that users are educated about the rules, and are made accountable for following them. By driving greater awareness of the importance of security, and the potential risks and impact of a data breach, then the issue becomes all the more real. Then when someone is faced with the dilemma of doing something quickly or safely they will hopefully place more weight on the importance of security.
APPLY CONTROLS. Once data has been classified and policies set, then encryption technology can help to enforce good behaviour and provide a safety net should mistakes be made. For example, putting controls that prevent certain information from being shared outside the organisation, or being printed, and so on.
Revoking receipt access
In addition, having the ability to control data once it has left the organisation – for example, having the ability to revoke recipient access – means that mistakes can be reversed. Having this control can help to prevent data breaches due to human error and provide a record of the exchange for reporting and auditing purposes.
ENCOURAGING ADOPTION. Buying a data security solution is only half the battle; you need to ensure that people then use it. One of the main challenges relating to information security is that people simply avoid trying something new and are concerned that it will create more work. This can be true of IT departments too. One often sees that anti-virus and other security solutions are prioritised simply because they are easier to deploy, yet they often do not solve the human error challenge.
This is why we see many technologies sitting on shelves unused. Dealing with this problem requires the following:
FUNCTIONALITY. Any technology solution deployed needs to be user-intuitive and easy to understand. Charities should assume that users are not technical and offer appropriate tools which anyone could use.
INTEGRATION. People do not like change, so asking anyone to adopt a new technology will often be met with resistance. This is particularly true if it means they need to change their way of working or forces them to abandon tools – such as Outlook – that they are happy using to open additional applications, as that impacts how long it takes them to do their job. This is why it is vital for any encryption solution to seamlessly integrate with their existing information sharing tools.
EDUCATION. You cannot just tell people to use technology; you need to show them how. People need to feel comfortable with what they are using, and they need to have any concerns they may have discussed. Providing training on the product and an open forum for questions is therefore incredibly important.
GET PARTNERS ON BOARD. On-boarding your internal stakeholders is only one part of the puzzle. The next step is to communicate your objectives to your extended network of trusted partners with whom you share data. There will be a need to educate your partners on why changes are necessary. In some cases you may even have to communicate the difficult message to partners that you can only share certain information if it is encrypted.
Free security arrangements
This is where classification comes back into play, as you will have already defined what level of security is required in each instance. However, this can be met with resistance if partners feel you are asking them to make investments they may not have otherwise made, particularly in cases where communication is rare. This is why finding a solution that is free to use for recipients can help smooth the transition.
No one is immune to breach or human error, mistakes will happen and we will always have to balance productivity and security, taking on some elements of risk. But there are things we can do to manage and reduce that risk, and having great control over data throughout its lifecycle is certainly the first and best line of defence.
"...if people have to adapt the way they work, slowing down productivity, they are likely to take risks."
"It is vital that users are educated about the rules, and are made accountable for following them."
"In some cases you may even have to communicate the difficult message to partners that you can only share certain information if it is encrypted."
Technology is transforming the charity sector and revolutionising its methods of fundraising and generating awareness. Whether it’s through IT management of events to drum up support, social networking to spread the word or provision of more convenient ways to donate, technology is becoming inextricably tied into the foundations of a charity’s core existence, resulting in an increasing reliance that requires more and more maintenance.
Simultaneously, IT managers of charities have to contend with a growing number of connected devices and a greater reliance on more complex, broader ranging applications. But the truth is, while IT managers are busily migrating into the cloud, going mobile and facilitating new ways of flexible working, most are relying on an IT systems management approach incapable of successfully governing the management of IT.
In an increasingly digital age, the traditional break/fix model of IT management is simply no longer good enough. Instead, charities need to embrace a predictive environment that delivers 100% uptime, or they run significant risks of diminishing donations that, in the context of persistent budget cuts and increasing competition, they simply can’t afford to take.
But quite apart from the reputational problems with IT failure, including when charities are operating under outsourced public service contracts, there are the resilience requirements under SORP and by the Charity Commission. IT failure can lead to a whole range of negative consequences. Effective IT systems management for charities isn't just an operational necessity; it is essential to meeting both the spirit and rules of charity sector compliance.
Proactive is reactive
Many charities are taking advantage of the web and mobile technologies to ensure giving remains both convenient and compelling to a tech-savvy society. The problem, however, is that in a number of cases new connected devices are added to the IT network without true consideration of the impact they might have on the overall infrastructure. The result is a potential lack of governance which could lead to serious security concerns, downtime and constrained decision-making.
The use of real time monitoring to flag such potentially business impacting IT issues before they occur is now a standard Managed Service Provider (MSP) service. Yet, while knowing that network capacity is at 90% or email levels are approaching capacity before the infrastructure hits critical may reduce the likelihood of massive failure, just how much business value does this really deliver?
The reality is that when the MSP calls to say key thresholds have been breached and alarm bells are ringing, an IT manager has no option but to react; to make an immediate investment to address the problem and avoid downtime. Such panic buying is never going to be cost effective – nor will it tie in to any strategic plan. It will certainly result in an unplanned spike in costs.
A little bit of network monitoring may stop a major outage but it still feeds a reactive IT strategy managed on the basis that services will be available 99.999% of the time, when the stark reality in today’s environment is that only 100% uptime will do.
This is not just a question of semantics either. No charity can afford to lose a morning of inbound and outbound calls while a hardware failure is resolved, or to find its existing infrastructure has no room to accommodate a proposed increase in staff or volunteer numbers, ultimately impeding future growth. The break/fix approach that still dominates in most charity IT environments is simply not acceptable for these critical components and there is no tolerance for failure.
No time for downtime
With today’s hybrid environment, charities need to use IT and telephony effectively all the time. They need to exploit collaboration with donors and enable employees and volunteers to be productive irrespective of location.
This is a quantum leap in IT consumption – and it needs to be reflected by a quantum leap in IT service and support. Success should be a measure of the actual day to day user experience, essentially the provider’s ability to work with internal IT resource to prevent those telephony problems or router issues before they occur.
At the heart of both of these changes is information – the use of real time monitoring of every aspect of the IT and telephony infrastructure that can be analysed and assessed to predict requirements well in advance and, critically, be presented in a simple to comprehend fashion to deliver valuable business insight.
While there is no one monitoring system that can deliver this view, the successful interaction of multiple, separate tools overlaid with a business intelligence layer can create a predictive environment that transforms the way the infrastructure is assessed and managed on both a day to day and strategic basis.
To achieve this 100% uptime, the newest breed of Managed Service Providers use intelligent monitoring to predict potential failures before they occur – and replace the relevant component to avoid any downtime. This is hardly a new approach: this predictive model has been successfully deployed for years in any number of industries from aeronautics to Formula 1. Individual components are continuously monitored for any signs of potential weakness – and intelligently replaced during planned downtime to avoid any unplanned failures or glitches in performance.
This small but growing minority of IT organisations has also begun to explore the value of consolidating monitoring tools to move beyond break/fix to a predictive model that delivers 100% uptime. Combining trends in performance with business plans can predict potential issues six, 12, even 18 months in advance, giving the charity time to cost, assess options and plan.
This is a continual process of refinement that not only prevents issues occurring but essentially levels out the spend. There are no peaks and troughs, the charity has a flat-line, controlled IT expenditure and, critically, the opportunity to realise real productivity gains through more intelligent, well managed use of technology. With clear insight into IT and telephony performance, it is far easier to have highly intelligent, meaningful conversations about the strategic direction and opportunities for planned investment.
Furthermore, combining in-depth and real time understanding of the entire infrastructure with self-healing technologies enables the preventative measures that fundamentally transform users’ day to day experience with technology. Rather than hoping the fix will occur within the Service Level Agreement (SLA), problems can be routinely addressed to avoid interruption.
Weighing up the risk
For all charities, IT outage in an era of 24x7 operations, mobile users and online business models is incredibly damaging and expensive. Given the speed with which technology is becoming increasingly vital to facilitating donations, stimulating future growth and adhering to compliance in the charity sector, there is no time to delay.
The role of IT is evolving to encompass every aspect, amidst more complicated applications and millions of connected devices, and effective IT utilisation requires far more than the proactive support model that dominates today. Predicting the problems that may occur or business needs that may arise well ahead of time is key to achieving healthy IT in a charity. After all, when every aspect of the infrastructure is so critical, can any charity really afford for failure to occur before swinging into action?
The vital work of charities is too important to jeopardise by taking risks on unproven technologies. Charity managers and on-the-ground workers alike retain a healthy scepticism when it comes to supposedly silver bullet solutions that promise to transform the way they work for the better. Sometimes, though, a technology matures to the point where the benefits it offers become so compelling that it warrants a closer look. One such technology is unified communications (UC).
UC can keep managers happy by improving a charity’s productivity and cost efficiency, as well as enhancing the oversight and transparency of its operations. Just as crucially, it can simplify and speed up the day to day work of co-ordinating campaigns and fundraising undertaken by frontline staff and volunteers in offices, shops and out in the field.
Bringing together technologies
So what is UC exactly, and how can it help? Without getting bogged down in the technical details, it’s an umbrella term that brings together a series of well established technologies designed to improve communication and collaboration among individuals and groups. These include, but aren’t limited to, audio and video calling and conferencing, instant messaging, file sharing and "presence" (the ability to see instantly when someone is available).
While many people will have used some of this technology on an ad hoc basis, their experience might not have done much to convince them of its merits. For example, the frustration and miscommunication that can arise from a choppy video-conference call, with embarrassed IT staff fumbling to restore broken connections, is now such a familiar office experience that it has become a staple gag for the writers of workplace-set sitcoms.
But this cliché took root when the technology was still in its infancy and broadband internet service was far less robust and widespread than it is today. Implemented in the right way, UC is now just as reliable as more established methods of communication such as the telephone and email, while being both cheaper and considerably more versatile.
A key point is that all the components of a unified communications solution integrate seamlessly, using simple, common means of access. People can quickly and easily see who’s available, arrange and join meetings irrespective of how they’re connecting – whether they’re on a workstation in the office, a laptop at home, or out and about with their smartphone or tablet.
They can access shared calendars, documents, spreadsheets and other files (with changes being made to a central copy, thus eliminating the need for a long and confusing chain of disjointed emails and attachments).
People sharing ideas
People can call up a shared whiteboard during a call to sketch out ideas collaboratively or communicate points more visually when needed. They can record meetings to ensure these are available for later review and can be shared (or transcribed and shared) with those who weren’t able to attend. And more besides.
In other words, UC allows disparate networks of people to collaborate more effectively without technology or bureaucracy getting in their way or causing time-wasting bottlenecks. Given how most charities work, this clearly has many advantages. The business of gathering donations or applying for grants, for instance, generally involves many geographically dispersed people being able to collaborate as smoothly as possible.
For instance, a mental health charity had been struggling to co-ordinate efforts across 13 offices, a swathe of high street shops, plus volunteers, homeworkers and fundraisers spread all over the country. With UC, the charity is now able to ensure everybody is aware of the latest campaign messages and fundraising focus, and can mobilise teams at a moment’s notice.
The positive impact of the technology isn’t restricted to large charities or organisation-wide campaigns, either. Even something as apparently simple as setting up a fundraising stall at a local fête or market is made far easier. It often takes weeks of calls, emails and poring over diaries to firm up who’s labelling the jam jars, setting up the stall, leafleting the area and so on. With UC, a charity can organise the whole thing in a single call.
Dramatic cost savings
For charity managers, the technology brings other important benefits, most notably the potential for dramatic cost savings through productivity gains and vastly improved operational efficiency. This results in a higher proportion of their vital funding being spent on the causes they support rather than on things like travel, expenses and office expansion.
For example, UC lets charity managers make far better use of their existing premises through "hot-desking" – since anyone can sit down and work productively from anywhere. And the ease of setting up virtual meetings means they can eliminate the common costs associated with assembling a group of people in a room together – for instance, having to pay for them to travel perhaps an hour each way to attend.
Other operational staff, such as procurement and IT managers, see similarly positive results. Unifying communications across a charity simplifies what is often a messy mix of technologies and services, purchased ad hoc by different offices and departments, with one system or service often incapable of talking to another elsewhere. UC, meanwhile, can be delivered as a service at low cost, doesn’t require you to buy any specific hardware, and people joining in sessions simply need a web browser and a broadband connection.
Then there’s the whole issue of transparency. With all communications unified and on record, the technology gives managers an unparalleled ability to track and review a charity’s activity to ensure it is working in line with the Government’s Charities Statement of Recommended Practice, as well as any compliance requirements, so that it can remain fully accountable to the authorities, governing bodies, supporters and beneficiaries.
While much of the private sector has been investing in UC for some time, and is already reaping many of its benefits, charities have to date been slower to investigate the technology. Their caution is understandable. Commercial businesses are always looking to gain an edge over competitors so they’re prepared to take greater risks trying out new things. But when you’re a charity, you can’t afford to spend precious funds on a whim - you need to be certain any investment will allow you to serve your charitable cause more effectively.
Promoting cultural change
Because UC fundamentally alters the way people work and interact on a daily basis, it also helps to promote a cultural change throughout the organisation, and again some charities are reluctant to embrace such change because they see it as "more for the private sector". Cultural change seems to imply big, expensive programmes that divert funds away from an organisation’s core work, so many charities perceive it as a risk and don’t view it as a priority.
There seems to be a fear that by changing what they’ve done for a long time, and what people are used to, they might throw their operations into chaos and their staff into confusion – better the devil you know and all that.
This position is becoming increasingly self-defeating. Charities can gain so much by switching to unified communications that the sooner they follow the private sector’s lead, the better. But it is important to seek out and work with providers which understand the particular needs of the sector and can help you introduce the technology in the right way. With so many different suppliers and offerings on the market, that isn’t always easy.
As a rule of thumb, it’s best to avoid providers which only frame UC’s advantages in terms of cost savings and management efficiency (important though these undoubtedly are). Implementing UC from on high, with little thought to the cultural impact it might have on the organisation or any help to smooth the transition, can make it far harder to realise any benefits.
It’s vital when implementing UC for those responsible to spend as much time as needed supporting the frontline staff and volunteers who’ll actually be using this stuff. They need to understand not only to how to work it, but why it will help them do their jobs more effectively and, by extension, allow them to provide greater help to the causes they care about.
"A key point is that all the components of a unified communications solution integrate seamlessly, using simple, common means of access."
"...UC allows disparate networks of people to collaborate more effectively without technology or bureaucracy getting in their way or causing time wasting bottlenecks."
"...the technology gives managers an unparalleled ability to track and review a charity's activity..."
Deaf Direct is a local charitable company which has worked with and for deaf and hard of hearing people since 1927. Our primary purpose is to promote responsive, professional and empowering opportunities to a diverse and unique community comprised of deaf and hard of hearing people with the goal of creating a society in which deaf and hard of hearing people enjoy equal participation and access without barriers or prejudice.
The charity offers a wide range of services to deaf and hard of hearing people, family members and carers, and professionals and other organisations across Worcestershire, Herefordshire and Oxfordshire. Our key services include access to information, booking of communication professionals such as sign language interpreters, meetings, events or training through to outreach services, advice about hearing aids, social activities and access to a network of Deaf Clubs.
We are always looking to save money but at the same time keep our technology up to date. Relying on an outsourced IT partner means that we don’t have the expense of having to pay for internal technical staff and we know that they are always up to date with the latest innovations. We have worked with IT solutions company Quintech for many years and they have been responsible for the installation and support of all our IT across our entire organisation – from servers and PCs through to software and Internet access across all of our three sites.
Role of communications
As you might imagine, communication plays a major role within the charity and is governed by our communication policy that clearly sets out Deaf Direct’s approach to effective communication both internally between staff and externally for clients and the public. As a charity we continually work with staff to improve communications at all levels to ensure that individuals develop a range of appropriate communication skills.
Staff who begin employment with Deaf Direct without any signing qualifications are expected to obtain the minimum BSL (British Sign Language) level 2 qualification. Our policy covers both internal and external communications but the underlying ethos is for individuals to recognise the preferred communication methods of who they are speaking with and to treat one another with respect and courtesy.
As part of our ongoing technology improvements we decided to upgrade our ageing phone system with new technology that would allow us to both reduce costs and enhance the quality of communications between staff and also with service users.
Introducing unified communications
Five years ago we had an old BT Meridian phone system that was at the end of its life and was costing us between £300 to £400 per month in maintenance charges. What we needed was a system that would be more cost effective and because we have a mixture of deaf, hard of hearing and hearing staff, we needed additional video calling functionality that could be used to support communications using sign language. We also wanted our staff across the three sites to be more accessible and support remote communications for mobile and home-based personnel.
After a recommendation from Quintech, we decided that a software-based unified communications solution from Swyx was the best fit for our requirements. We like the fact that they provide a holistic service so when they suggested a phone system that was software-based and could offer us greater functionality and flexibility and be part of our overall IT network, this made perfect sense. The fact that the system also supported video calling between staff was ideal.
As part of the charity’s communications policy it is vital that where possible sign language must be used in the presence of those who are deaf or hard of hearing. Therefore the decision to go with an Internet-based solution was really a no-brainer, as traditional phone systems simply didn’t have the same level of functionality. This also means that we can always keep up with technology.
The installation took between half a day to a day, and we went straight from the old BT system to the flexible new UC (unified communications) solution. Part of the smooth integration was down to Quintech. They took care of all the configuration including "out of office", "greetings", "auto attendant" and "call routing" and carried out all the end user training.
Greater flexibility and more responsive
At first the staff thought it was a bit strange to be using a phone via the computer and many stuck with still using the handset rather than the softphone on the screen, but as time has gone on, everyone is now using the softphone. The most loved favourite feature is the F11 function which allows staff to simply highlight a number on-screen, whether in a database or on a website and connect directly without any dialling.
Deaf Direct has 30 users of the system and up to around 20 at any one time. Our staff are based across three sites at our HQ in Worcester and sister offices in Hereford and Oxford which are connected together via ISDN 30 and a VPN (Virtual Private Network).
In addition some staff have the ability to work from home and there is one member of staff who works full-time from their home in Lincolnshire for UK Deaf Sport (an affiliated organisation to Deaf Direct) which provides information and guidance to deaf or hard of hearing people who would like to participate, enjoy and excel at sport.
The new technology gives us the ability to directly connect both incoming callers and internal staff, whether they are in the same office or at a different location. The support for video calls means that staff who need to use British Sign Language (BSL) can simply connect via the on-screen softphone in conjunction with the webcam on their PC and their image appears on to the other person’s screen.
Likewise, if a member of staff needs to ask a question of another member of staff in a different office or location, or they need someone who can sign, then they simply initiate a video call.
Improving the communication between internal staff means in turn we can provide a better and more responsive service to incoming enquiries, whether it’s access to information, booking a course, hiring an interpreter or getting in touch with third parties such as solicitors, doctors or hospitals on behalf of deaf persons or their families.
Making better use of resources
With limited resources, the new system means we can literally call on those resources regardless of where they are. For example, if the main receptionist at the Worcester office takes a call for booking a sign language interpreter and she needs to check something with another member of staff, if they are in the same building she can then call them via video, or alternatively, by wearing a wireless headset she can simply walk down the hall and ask them face to face.
Similarly if the person she needs to liaise with is at another location, she can simply contact them, either by video call, normal call or even by instant message. In circumstances where a member of staff doesn’t sign, and they need to converse with someone who is deaf, then they can simply ask a colleague who does, to step in front of their computer and communicate or translate on their behalf.
Year on year cost savings
On average, we receive between 40-60 calls per day from deaf people or family members looking for advice or access to the charity’s range of services. With all our sites now connected on the same communications system means that the charity can also save on having a receptionist at each site. Instead all calls come into Worcester and are then redirected according to the nature of the enquiry. All calls between sites are on the same IP network so are therefore free.
The main benefit is that it has made all our staff more accessible and we have also been able to make considerable cost savings year on year. Future developments on the horizon include "full video conferencing" between all of the charity’s different offices, remote desktop sharing, SwyxMobile (using the SwyxWare app on smartphones) and the integration of the unified communications solution with a CCTV and door entry system.
Key benefits summarised
Let's remind ourselves of the practical effects of taking Deaf Direct's communications policy this major step forward:
- Support for sign language-based communication via the phone.
- Lower costs – reduced phone bills and maintenance charges equating to thousands of pounds every year.
- Choice of communications – voice calls/video calls, instant messaging, email voice mails.
- Free calls between sites and remote workers.
- Support for charity’s communications strategy.
- Always having the latest technology due to software upgrades.
- 24 hour service – system automatically diverts to appropriate mobiles.
- Lower staff costs – no need to have receptionist at each site – all calls come into Worcester and are diverted (free of charge) to other locations.
- Flexible working – support for mobile and home-based staff.
We have no in-house IT resource, so outsourcing this to a third party is invaluable to us as a organisation. Due to their in-depth knowledge they can act as a single point of contact which can advise us on how to make the most of both our IT and communications for the benefit of our staff and also to the deaf community who we serve. We hold quarterly face to face meetings with an IT consultant and they provide regular top-up training for staff. Any day to day IT support issues are dealt with promptly and the majority of these are handled remotely.
As for recommendations to other charities I would simply say, due to economic circumstances, charities should consider outsourcing IT management simply because they provide advice and on-spot support. Most charities may think of employing staff to focus on the IT system internally, but this is not always ideal in terms of having time off (holidays), backups and so on. For ease of mind and for charities to provide effective services to their clients – outsource.
"The new technology gives us the ability to directly connect both incoming callers and internal staff, whether they are in the same office or at a different location."
"With limited resources, the new system means we can literally call on those resources regardless of where they are."