Getting your IT right is crucial for charities. So for articles on the use of IT for charities ranging from admin to marketing, click on the headline links below.
Click on the headlines of your choice.
When you choose a charity to donate to, your decision is usually driven by your heart. Often it’s a personal connection. Losing a family member to heart disease may prompt you to donate to fund research to prevent it, for example. Other times a cleverly positioned television ad that gives you an insight into the reality of someone else’s life or a distressing news report that makes you cry can create a powerful desire to help.
To my knowledge, no one has ever cited "efficient IT" as a reason for giving. It’s probably why many charities have neglected their IT estate.
Neglecting your IT
I can’t blame you – when you are dealing with real life issues at the sharp end – when what you do can literally be the difference between life and death – you may be forgiven for neglecting your IT. In her study Why Rich People Give, Theresa Lloyd claims that wealthy donors are motivated by five factors from belief in the cause to being a catalyst for change. ITIL, practices that align IT services with the needs of a business, doesn’t even come a close sixth!
As one charity CEO told me, “We just don’t have time to fully explore our IT so we make do with what we have. Everyone working at the charity is focused on addressing a need that is growing exponentially. To us, IT is about as sexy as the taxman!”
That last comment hurt! However, according to figures from HMRC, the value of tax relief for charities and individual donors rose to £5.14bn in the year to March 2016! Charities received £1.3bn in Gift Aid!
Maybe the taxman is sexy after all! Maybe your IT can be too.
What if your charity could get more money to the needy, fight disease better through improved allocation of resources or save more lives by eliminating administrative bottlenecks? Will more money make it to the needy if you "make do" when it comes to IT or could recipients actually get better outcomes if your charity adopted IT that is fit for purpose?
Front office excellence
I’m biased. As a donor I want every pound I donate to charity to have maximum impact and I really think that by sorting your back office IT you will maximise your front office excellence.
If you were to "rattle tins" in the street you wouldn’t just randomly turn up somewhere. You’d make sure you chose a prime location, to maximise the number of passers-by and potential donors. You would select a town centre or a shopping centre, and you would choose a day when there was plenty of footfall. You’d have posters with clear messages and a gallery of images that tell your story. You’d brief your volunteers on what to wear and make sure they could answer questions from the public about where the money goes to.
When you buy T-shirts for your fundraising crew you know buying cheap is a false economy and that buying Ralph Lauren may be frowned upon as a tad excessive. So you select accordingly; you go for value for money but of sufficient quality to survive washing and drying.
If you were organising an outdoor event you’d avoid a time when inclement weather might deter attendance. You’d have your fireworks party at night, you’d send raffle prize requests to companies which would donate prizes people would actually want to win.
My point is, you already invest time and resources in "front office" excellence. Both in the metaphorical sense above (how you fundraise) but also the actual professionalism that will be on display were I to visit your office. The treatment I would receive as a visitor would be on a par with that expected from a visitor to a FTSE 100 company and what’s more – your coffee is probably better.
The reality of IT
Between that front office excellence and your beneficiary, between the money you raise and the tangible difference that it makes - sits your IT.
Ineffective IT could be wasting your hard earned income, but it could also have an impact on your future fundraising potential.
I’ve already said that I don’t believe many people select a charity based on how efficient its IT systems are.
It is interesting though to reflect on the findings of the Centre for Charitable Giving and Philanthropy’s paper on How donors choose charities. Perceptions of charity competence can have an effect on the selection of charitable recipients on the basis of criteria such as being "well run" and "efficient", or "charities which have low overheads".
“There is a general consensus that charity competence” as demonstrated in the efficient use of money and resources “is highly attractive and likely to prompt greater donations”. A most effective way to achieve this perception is through deployment of IT systems that are worthy of your charity’s aims and mission goals.
Getting IT right
The two most common ways of getting your IT right are: 1) Do things yourself; 2) Have a third party advise and create; ... and there are advantages and potential pitfalls to both.
DO THINGS YOURSELF. The most common problem encountered by any organisation but especially a charity, is that it is difficult to sacrifice sufficient time and resources to project manage an IT makeover. Many charities tend to end up with a shiny, new, expensive system that is - to all intents and purposes - exactly the same as the one it has replaced, only less effective because it is less familiar to end users.
Analysing your charity
On the plus side, if you get it right, doing it yourself can make large savings. If you choose the DIY route I would urge you to carry out a gap analysis on your current IT infrastructure versus your charity’s goals and the part you want your IT system to play in these. There are lots of resources on gap analysis online but as a key step guide, you should:
KNOW YOUR GOALS AND THE ROLE YOU EXPECT INFORMATION TECHNOLOGY TO PLAY. These can be broad organisational goals like "improve reporting of fund raising", "reduction of overheads" and "beneficiary satisfaction" or specific goals like ‘increase shop sales revenue by 5%".
SURVEY YOUR CURRENT STATE. Take an honest objective look at how your IT is currently performing in each area you have identified. if you have data – analyse it!
ANALYSE THE GAP BETWEEN YOUR AMBITION AND YOUR REALITY. Don’t just measure how far off you are – actually drill down into the "whys" and the "hows" of your shortcomings. In this phase, really challenge your operation!
COMPILE A GAP ANALYSIS REPORT. Your report should be thorough and understandable to all the stakeholders, especially "non-techie" readers who will need to form opinions based upon your findings. Most importantly each gap should have a thoroughly costed solution that explains how it will bridge the gap you have identified.
ACT QUICKLY. Once you have identified your gaps and agreed upon how to proceed - don’t procrastinate.
AVOID SUPPLIER LOCK-INS. Beware of supplier initiated contract lock ins. You don’t want to be tied to a state of the art solution when a new player enters the market with an even better fit for your charity. Read the small print!
HAVE A THIRD PARTY ADVISE AND CREATE YOUR IT SOLUTION. This could be the better option for you - but when you get someone else to design your IT estate, make sure that you choose someone who will work "on your side". You don't want someone who is getting a nice little commission for providing a product that just about fits your needs - you want it to fit like a glove.
Understanding you properly
Make sure that your partner (and it should be a partnership) will diagnose before they prescribe. It is very important that your partner takes time; I mean REALLY takes time to get to know your charity, your culture and what you want from your IT.
Choose a partner who encourages you to ask "stupid questions". Designing IT is their thing not yours! I bet they couldn't do a fraction of the valuable work that you do! The right provider will have taken time to suss you out so they should already be talking your language but if they slip into jargon, call them on it! If you don’t understand any part of the process the right provider will be happy to explain and not proceed until you do and, if they're worth their salt, you'll find that they answer your questions with passion similar to that with which you talk about the work that you do!
Key services to consider
Finally, look for true end-to-end service. As a guide there are certain key areas that would benefit your charity when considering buying in IT services:
IT ADVISORY. Aligning IT infrastructure to your charity's strategy, advising on potential cost efficiencies through vendor (supplier) management and realising maximum value from existing and future technology choices. for example, cloud, networking, end user computing or telephony.
PROJECT MANAGEMENT. This is where your IT Project comes to life and where Gartner, the world's leading IT research and advisory company, believes a quarter of projects flounder through cost over runs. With robust vendor governance and the right service provider your charity can secure high quality project delivery, often with no net increase in the overall portfolio costs.
IT SERVICE DELIVERY. IT service delivery management can help you improve quality and reduce costs. The right provider will prevent you from getting locked in to costly long term contracts and achieve consistently better IT services through Service Level Agreements and Key Performance Indicators that give you greater transparency.
SUPPORT AND SERVICE MANAGEMENT. After advising, managing and delivering your IT, you want a partner who is going to stick around. A partner who will be there when you need them but who will also keep checking in to make sure everything is being delivered as promised.
Financing the benefits of IT
A lot of research has been done on how charities can maximise the raising of funds and how best to spend those donations to achieve desired outcomes. Similarly, IT has evolved through research to deliver business strategy driven solutions that allow enterprises of all sizes, from SMEs to multinationals, to achieve greater productivity and reduce costs.
We are now at a point in time where such benefits are within the budget of most charities, in fact better IT won’t cost you money – it will save it.
I hope I have given you food for thought.
If nothing else, I hope that you at least think that I am sexier than the taxman.
"Ineffective IT could be wasting your hard earned income, but it could also have an impact on your future fundraising potential."
"Take an honest, objective look at how your IT is currently performing in each area you have identified."
"IT service delivery management can help you improve quality and reduce costs."
For Jimmy works to make communities safer for young people by building a legacy of peace in memory of Jimmy Mizen, who was senselessly murdered aged 16 in May 2008. Jimmy’s family vowed to ensure something good came of his death. The Jimmy Mizen Foundation, now For Jimmy, was founded in 2009. Its mission is to share Jimmy’s story to help all young people fulfil their potential, striving toward a vision of a world characterised by communities we all want to live in, where a young person can go into their local shop and always return home safely.
Much of the charity’s work involves work with school pupils. For Jimmy’s flagship school programme is carried out in primary and secondary schools in Lewisham, south east London, and supports pupils who have been identified as socially and academically at risk. The charity runs a series of highly interactive workshops both within and outside the school that help students develop life skills and instills a sense of personal responsibility for their local community.
As part of the programme, they also spend time in their community creating “Safe Havens”, where they build relationships with shopkeepers, police officers and local people in order to create safe spaces along their high streets that they can turn to when in danger.
Lack of data consistency
Like most charities, we’ve long been collecting data about our work. This information comes from a multitude of sources. We have everything from lists of newsletter recipients to records of the number of children attending our awareness talks in certain areas, to tracking the academic progress of the young people we’ve worked with.
Yet the advantage of collecting data from such a diverse range of sources at the same time provides its drawback. We’d worked with law firm Mayer Brown on compliance, and sought to ensure that the data we were collecting from schools was protected. However, as a small charity with little experience in this area, our information was collected and stored on a rather haphazard, ad hoc basis – a quote from a trustee here, a list of talk attendees there. There was little consistency in our methods of reporting and collection, and little by the way of those oh-so-valuable hard numbers.
What made things more difficult was that we had a number of departments, all collecting information from different places for their own uses. The lack of consistency in their approach meant they were unable to effectively share data with one and other.
Nor could we update the data in a systematic way, given that each time it was gathered, it was collected in different formats. Plus, as our programmes changed and expanded, there was no reliable evidence that could help us decide how to best allocate our resources.
This all amounted to a sprawling mass of information, light on both impact and accessibility. Despite our richness in terms of data, we were unsure exactly what to do with it or how to communicate it.
That’s why we were so keen to work with data company Aimia. data philanthropy week. We were honoured to be one of six charities to participate in Aimia’s data swarms. We began with a few initial meetings to really drill down into the problem and to allow Aimia’s team to get to grips with our use of data. Discussions led us to the main purpose of our work together: to create a single dashboard containing all of For Jimmy’s data. We wanted frameworks to improve the effectiveness of our work, increase donations and showcase our impact.
A dashboard is a visualisation tool that displays an organisation’s data in a clear and accessible way. Dashboards consolidate and arrange a wide variety of information on a single screen, but can tailor the data shown for specific roles and departments.
Such a structure would enable us to consistently record data across the charity, which in turn allows the data to be accessed, updated, used and flexibly combined across all of our departments. The dashboard would also allow us to cut data in different ways, because it allows the different data fields to be searched and ordered flexibly. For example, by sorting it according to postcode, we could track our expansion across the UK, and provide powerful evidence of our increasing reach to potential benefactors.
The first step in creating the dashboard was to hold an internal "data swarm" to evaluate and interpret prior to cleansing, during which we drew together our whole collection of data - no small task! Doing this really hammered home the huge volume of data within the charity, much of which we had never done anything with. In fact, at this stage it could hardly be called a data collection. A more apt description might have been a data mess.
One of Aimia’s data analysts got to work on "cleansing" the data. This essentially means formatting the information so it can become useful. Very simply, the data all needs to be in the same format. This exercise also means that, long term, data entry becomes a faster and more democratic process.
A single dashboard
Then to the exciting part – the main data swarm. We had already worked alongside the analyst to gather a team of his analyst colleagues with the necessary technical skills to help create the dashboard and draw out insights. Each analyst worked on a specific task or area of the dashboard.
We were on hand throughout the day to answer questions about the data, such as where a particular donation came from or how it was used. It was important that the new system was created precisely for how For Jimmy would be using it. While, of course, there are best practices in the use of data, no two charities have identical needs.
Key areas of focus
Splitting out the different areas of data we work with helped us to clarify how we could use this data, what we should prioritise, and what was the important information to communicate to stakeholders and in funding applications.
Donations provided a major area of focus, for the first time allowing us to seriously analyse who and where our donors are. Who are the biggest contributors? Do they donate regularly? How do we communicate with them? Not only could this information enlighten our marketing strategy going forward, but we are now also able to extract more specific operational details, like whether a donor has been contacted after their support has been received. Such change will make the daily running of the charity smoother and will improve our relationship with our benefactors.
Another area we looked at was how we can better utilise social media data. We were fascinated to find out the demographics of the users who were engaging with us, and to be able to make a more scientific and comprehensive exploration of which content proves most popular. It’s amazing how the smallest tweak – such as the time of day a post is published – can make a big difference. It just goes to show how data analysis should inform a charity’s operations, even the seemingly mundane, instead of being seen as a big external project.
So, a few months on from the initial data swarm, what have we learnt? In many ways, the questions raised have been more important than the answers reached. We’ve started to think about why and how we’re collecting data; it is no overstatement to say that we’ve experienced a cultural change in the way we think about data.
We urge all charities, big and small, to take a little time to reflect on their data. Collect as much as possible – yes. But think about what you’re collecting – and, most importantly, why. It’s well worth the time to get it right. Data should be part of a charity’s core structure, not just a side project.
As a small charity, our increased awareness of our data is allowing us to compete with bigger charities as we learn and grow. We’ve used the insights we drew out thinking about our data, combined with our use of the new dashboard, for 10 recent funding applications. This has provided vital hard evidence of our results which used to be too laborious – or even impossible – to find.
Taking our data further
The key for the future is to keep looking at how we can improve our use of data. For us this will involve monthly meetings with the analyst during which we’ll work on our system to ensure that data remains at the forefront of our progress. We’re continually moving further down the path to achieving this, and the ability to now use data to help our charity undoubtedly takes us further.
"Splitting out the different areas of data we work with helped us to clarify how we could use this data, what we should prioritise, and what was the important information to communicate..."
"We've started to think about why and how we're collecting data; it is no overstatement to say that we've experienced a cultural change in the way we think about data."
Whether your charity handles its IT, and data and information security – and backups – in-house, or has outsourced it all to the cloud, a basic truth is as follows: ironically, improvements in anti-virus software - provided the software is regularly updated - mean that, 99% of the time, charities are not exposed to viruses and as a result are taken by surprise when receiving a malicious attachment.
Viruses and associated ransomware are as insidious and tenacious as ever, though, and there is no lack of malicious attempts to use them, but good gatekeeping can keep the majority at bay.
Then there are Distributed Denial of Service [DDoS] attacks, which can cause mayhem to websites and computer networks. More about those later in this article.
Gatekeeping is not only about technology. It also involves human behaviour, which, if undisciplined, can result in a potentially dangerous virus infection or, in the case of ransomware, the complete shutdown of a computer unless a ransom is paid.
Not taking security for granted
To explain that differently, staff, volunteers and interns in a charity shouldn’t get too comfortable with their online activities and take security for granted. In order to protect themselves to a greater extent, charities should remain vigilant and train their people not to open unknown emails or visit suspicious – “phishing” - websites.
The latter can have as serious a consequence as opening a malicious attachment, because the sites can download malware and other threats, or take you to a web page that, for example, looks like your bank’s home page but isn’t. By logging in to what you believe to be your account, through giving your log-in details, you are at risk of ID theft as well as financial loss. The same applies to fake PayPal and similar websites.
Individuals working for a charity can be tricked by a phishing website, thereby putting themselves or the charity at huge risk.
Regular data backups essential
Let’s not forget the vital role that data backups play in good gatekeeping. Backups are not only useful in the event of a hard disk crash or theft of computers, or damage caused by fire or flood. In all those cases they can enable rapid business continuity through data/information restoration.
They also come in handy where ransomware demands are made, by enabling the demand to be ignored because the most recent backup can be put on to another computer.
Backups are most effective when a disciplined regime of making them is followed. Real time backups are ideal, but not always practical, especially in a small organisation. Making frequent backups, however, is viable but does depend on a level of discipline or selecting automated, scheduled, backups.
Bear in mind that any backups made locally, i.e. not online but in the office, whether on NAS [Network Attached Storage] devices, or even USB drives, do need to be stored safely off-site until being used again. Many smaller organisations don’t do that, adding to the risks they face from data breaches or loss of data - and subsequent fines by the Information Commissioner.
Charities which suffer data breaches face the wrath of the Commissioner. Breaches can come from the theft of office based data backups, computers, tablets or smartphones. It can come from insecure coding on a charity’s website or software applications, resulting in websites being hacked into and information – the names and contact details of donors, or details of children or the elderly or other vulnerable groups of people, for example – stolen.
Charities should therefore ensure that website developers they use meet minimum but acceptable standards at least. The same goes for software applications they buy in or borrow; or build on their own, perhaps with the help of a freelance software developer - another risk, however well intentioned the developer might be!
On the subject of external support, there is a risk to data from the practice of charities relying on outworkers, whose work devices might be exposed to information and data loss for a variety of reasons including theft.
Another reason is bad practice - this ranging from allowing friends or associates to use the devices to relying on inadequate or out of date anti-virus and anti- malware tools, visiting phishing websites and using Wi-Fi hotspots. Even “secure” hotspots pose security threats.
Safeguarding sensitive data is high on the agenda of charities, but with many being run on a shoestring, others with resources stretched to the limit, they are not always adequately prepared for the risks their data and information face.
An alternative approach to security
Charities with 10 or more people working for them have an affordable answer to issues regarding cyber security and backups – and threats posed by inadequately written applications: the hosted desktops element of cloud computing.
Where hosted desktops are deployed, all data and information processing is carried out in a secure data centre rather than an in-house server or individual desktop, laptop or tablet. Backups are therefore also made in the data centre, by the hosted desktops provider.
If the provider is ISO 27001 certified, charities can be sure that every action taken in the centre is in compliance with what is the international gold standard in information security management.
ISO 27001 accreditation means that backup regimes are strictly adhered to, allowing business continuity to be optimised should it ever be required. Secure storage of backups is no problem. A second secure data centre ensures that in the unlikely event of the primary centre being affected by a “disaster”, the service offered by the hosted desktops provider continues.
Hosted desktops - or Desktop as a Service [DaaS] - also relieve a charity of all concerns about purchase and support of IT. And, crucially, with cloud computing being device independent, hosted desktops cannot pose a security threat. That is, staff can work on their own devices without compromising the charity’s security policies because they are only using the devices as hardware to access their work.
Distributed Denial of Service attacks
Recent research by security company Imperva concluded that the UK is now the second most targeted country after the US when it comes to DDoS attacks, which are designed to bring websites down and make computer networks unworkable. The number of attacks was up 200% in the past year, according to the firm, with some being directed by former workers disgruntled at their employer.
These disgruntled workers paid as little as a few pounds sterling to buy an attack by a DDoS provider, highlighting the dangers that can come from within.
The smaller a charity the less likely it is to have the resources to combat, or at least be prepared for, a DDoS attack. If its computer network has been outsourced to the cloud, as is increasingly happening, the cloud services provider should have the capability to stop an attack on the network or make it as brief and ineffectual as possible.
Small charities and security
The hosted desktops approach to cloud computing enables even small charities to benefit from the sort of cyber security they may have envied until now: corporate level online tools that provide robust firewalls, web filtering, optional encryption of sent emails and management of all the access devices.
Other tools in the provider’s arsenal control and enforce acceptable use policies, block access to inappropriate websites and other sites the charity wants to exclude from staff access, and generally reduce misuse of the internet by a charity’s workers.
The fact that charities rely on volunteers/outworkers and interns for some or much of their day to day functioning exposes them to risks that have to be considered.
The risks can be countered through a combination of good practice and basic tools that the charity can use itself, if its IT hasn’t been outsourced to the cloud or a traditional IT company, and it therefore doesn’t have access to the high level, enterprise quality tools used by a cloud services provider.
However, and critically for many charities, those tools are now affordable to them because the costs are shared with other customers of the provider. Also shared is the cost of high end, enterprise grade software applications, massively reducing, effectively to nothing, at a stroke, risks posed by insecure coding of applications.
Dual factor authentication, or 2FA, is an option offered by some providers. It helps prevent unauthorised access to information and data, by enforcing the identification of individuals through a combination of user name, password and information known only to them.
However, 2FA that uses SMS has now been declared insecure by the National Institute of Standards and Technology [NIST], ensuring there will be an impact at some point for users of the 2FA that is utilised by Gmail, Apple, etc.
Making the security decision
Charities can go it alone with cyber security and data backups or outsource the management of them.
Going it alone, combined with good gatekeeping, will reduce risks. Many smaller charities may have thought, until now, that that is the only option open to them. They would be wrong because of the much lower costs made possible by cloud computing; costs that include safeguarding of computer networks to standards formerly enjoyed only by the biggest charities and companies.
Charities have the opportunity to make a break from past practices and bad habits and look at how cloud computing can meet their data and information security needs while delivering superior built and better performing software applications.
Charities act as the custodians of masses of highly sensitive data and collaborate frequently with a wide network of partners – be that the NHS, councils, or the emergency services. Many of the people they work with are very vulnerable, making trust a critical component of the vital services they provide. Yet a recent freedom of information request to the Information Commissioner’s office showed that the charity sector has seen a 110% rise in data breaches in the past three years.
In the last year we have also seen charities hitting the headlines due to poor information security. In January, the ICO took action against the Alzheimer's Society for its data protection failings. Then in March, the British Pregnancy Advice Service was fined £200,000 by the ICO for exposing thousands of personal details to a malicious hacker. These are pretty sobering facts. The impact of such negative headlines could have serious financial implications and cause untold damage to trust.
Tough financial constraints
Yet charities, like many industries face tough financial constraints, with pressure to demonstrate cost efficiency, but without the budgets of some of the larger corporates to invest in much needed technology. As a result, it is difficult to balance the need for security against the need to deliver vital services.
However, the reality is that more money will not necessarily solve the problem. The vast majority of the breaches one sees in the charity sector are not malicious, they are mistakes – someone sends an email to the wrong person, or uploads a file to the wrong place. In fact, as research shows, human error is the leading cause of all data breaches.
So while investment in data security technology is crucial, it equally important that consideration is given to how the solution will effectively protect data, not only at the point of send but through its lifecycle from creation through to archiving, auditing and reporting.
Sharing data means risk
Charities rely on a network of volunteers, staff outworkers, homeworkers and field workers who need to utilise data (both to access and input) when not physically in a charity's building. As such, data sharing policies and procedures are often poorly communicated, leaving workers unsure of the rules of engagement until it’s too late.
Many workers are communicating on the move, potentially using personal email addresses and consumer tools to share sensitive information. Trying to control and manage the lifecycle of data is therefore extremely challenging. With so many remote, part-time and volunteer workers it becomes very hard to communicate data security policies and procedures, which means there is a lack of clarity around how data should be treated.
Mixed technical expertise
Charity workforces can also have mixed levels of technical expertise. This means that even if technology is available to enable secure working, user adoption can be difficult to achieve as many are reluctant to change. If technology is difficult or complex to use users will bypass it. Similarly, if people have to adapt the way they work, slowing down productivity, they are likely to take risks. In this environment, human error thrives.
This is particularly true if the intentions of security policies are not communicated clearly – sending a file unencrypted might seem like a very small risk compared to the real and present danger of missing a deadline or leaving a vulnerable person at risk for longer.
Achieving safer sharing
These problems are not going to go away over night, but there are actions that charities can take to help protect themselves. Here are some steps to safer sharing:
CLASSIFY YOUR DATA. Trying to apply blanket rules and restrictions on all data can often be counter-productive. If every email you send creates a pop-up to remind you to encrypt it – despite the fact it contains no sensitive information – then people will soon start to ignore those alerts; as such, they become redundant. Spending time to really understand your data and what is or isn’t sensitive, how it is used, and who it is most commonly shared with will enable you to classify it.
Classification first step
Classification is the first step on the road to control. By classifying data at the point of creation, you can manage the end-to-end lifecycle much more effectively and only apply security where it is needed.
CREATE POLICIES, PROCEDURES AND CONTROLS. Once you have classified your data it is crucial that you define policies and procedures that clearly outline how sensitive data should be treated. This should include what data can and can’t be shared externally, and what security measures need to be applied.
Once these are set, then it is vital that users are educated about the rules, and are made accountable for following them. By driving greater awareness of the importance of security, and the potential risks and impact of a data breach, then the issue becomes all the more real. Then when someone is faced with the dilemma of doing something quickly or safely they will hopefully place more weight on the importance of security.
APPLY CONTROLS. Once data has been classified and policies set, then encryption technology can help to enforce good behaviour and provide a safety net should mistakes be made. For example, putting controls that prevent certain information from being shared outside the organisation, or being printed, and so on.
Revoking receipt access
In addition, having the ability to control data once it has left the organisation – for example, having the ability to revoke recipient access – means that mistakes can be reversed. Having this control can help to prevent data breaches due to human error and provide a record of the exchange for reporting and auditing purposes.
ENCOURAGING ADOPTION. Buying a data security solution is only half the battle; you need to ensure that people then use it. One of the main challenges relating to information security is that people simply avoid trying something new and are concerned that it will create more work. This can be true of IT departments too. One often sees that anti-virus and other security solutions are prioritised simply because they are easier to deploy, yet they often do not solve the human error challenge.
This is why we see many technologies sitting on shelves unused. Dealing with this problem requires the following:
FUNCTIONALITY. Any technology solution deployed needs to be user-intuitive and easy to understand. Charities should assume that users are not technical and offer appropriate tools which anyone could use.
INTEGRATION. People do not like change, so asking anyone to adopt a new technology will often be met with resistance. This is particularly true if it means they need to change their way of working or forces them to abandon tools – such as Outlook – that they are happy using to open additional applications, as that impacts how long it takes them to do their job. This is why it is vital for any encryption solution to seamlessly integrate with their existing information sharing tools.
EDUCATION. You cannot just tell people to use technology; you need to show them how. People need to feel comfortable with what they are using, and they need to have any concerns they may have discussed. Providing training on the product and an open forum for questions is therefore incredibly important.
GET PARTNERS ON BOARD. On-boarding your internal stakeholders is only one part of the puzzle. The next step is to communicate your objectives to your extended network of trusted partners with whom you share data. There will be a need to educate your partners on why changes are necessary. In some cases you may even have to communicate the difficult message to partners that you can only share certain information if it is encrypted.
Free security arrangements
This is where classification comes back into play, as you will have already defined what level of security is required in each instance. However, this can be met with resistance if partners feel you are asking them to make investments they may not have otherwise made, particularly in cases where communication is rare. This is why finding a solution that is free to use for recipients can help smooth the transition.
No one is immune to breach or human error, mistakes will happen and we will always have to balance productivity and security, taking on some elements of risk. But there are things we can do to manage and reduce that risk, and having great control over data throughout its lifecycle is certainly the first and best line of defence.
"...if people have to adapt the way they work, slowing down productivity, they are likely to take risks."
"It is vital that users are educated about the rules, and are made accountable for following them."
"In some cases you may even have to communicate the difficult message to partners that you can only share certain information if it is encrypted."
Technology is transforming the charity sector and revolutionising its methods of fundraising and generating awareness. Whether it’s through IT management of events to drum up support, social networking to spread the word or provision of more convenient ways to donate, technology is becoming inextricably tied into the foundations of a charity’s core existence, resulting in an increasing reliance that requires more and more maintenance.
Simultaneously, IT managers of charities have to contend with a growing number of connected devices and a greater reliance on more complex, broader ranging applications. But the truth is, while IT managers are busily migrating into the cloud, going mobile and facilitating new ways of flexible working, most are relying on an IT systems management approach incapable of successfully governing the management of IT.
In an increasingly digital age, the traditional break/fix model of IT management is simply no longer good enough. Instead, charities need to embrace a predictive environment that delivers 100% uptime, or they run significant risks of diminishing donations that, in the context of persistent budget cuts and increasing competition, they simply can’t afford to take.
But quite apart from the reputational problems with IT failure, including when charities are operating under outsourced public service contracts, there are the resilience requirements under SORP and by the Charity Commission. IT failure can lead to a whole range of negative consequences. Effective IT systems management for charities isn't just an operational necessity; it is essential to meeting both the spirit and rules of charity sector compliance.
Proactive is reactive
Many charities are taking advantage of the web and mobile technologies to ensure giving remains both convenient and compelling to a tech-savvy society. The problem, however, is that in a number of cases new connected devices are added to the IT network without true consideration of the impact they might have on the overall infrastructure. The result is a potential lack of governance which could lead to serious security concerns, downtime and constrained decision-making.
The use of real time monitoring to flag such potentially business impacting IT issues before they occur is now a standard Managed Service Provider (MSP) service. Yet, while knowing that network capacity is at 90% or email levels are approaching capacity before the infrastructure hits critical may reduce the likelihood of massive failure, just how much business value does this really deliver?
The reality is that when the MSP calls to say key thresholds have been breached and alarm bells are ringing, an IT manager has no option but to react; to make an immediate investment to address the problem and avoid downtime. Such panic buying is never going to be cost effective – nor will it tie in to any strategic plan. It will certainly result in an unplanned spike in costs.
A little bit of network monitoring may stop a major outage but it still feeds a reactive IT strategy managed on the basis that services will be available 99.999% of the time, when the stark reality in today’s environment is that only 100% uptime will do.
This is not just a question of semantics either. No charity can afford to lose a morning of inbound and outbound calls while a hardware failure is resolved, or to find its existing infrastructure has no room to accommodate a proposed increase in staff or volunteer numbers, ultimately impeding future growth. The break/fix approach that still dominates in most charity IT environments is simply not acceptable for these critical components and there is no tolerance for failure.
No time for downtime
With today’s hybrid environment, charities need to use IT and telephony effectively all the time. They need to exploit collaboration with donors and enable employees and volunteers to be productive irrespective of location.
This is a quantum leap in IT consumption – and it needs to be reflected by a quantum leap in IT service and support. Success should be a measure of the actual day to day user experience, essentially the provider’s ability to work with internal IT resource to prevent those telephony problems or router issues before they occur.
At the heart of both of these changes is information – the use of real time monitoring of every aspect of the IT and telephony infrastructure that can be analysed and assessed to predict requirements well in advance and, critically, be presented in a simple to comprehend fashion to deliver valuable business insight.
While there is no one monitoring system that can deliver this view, the successful interaction of multiple, separate tools overlaid with a business intelligence layer can create a predictive environment that transforms the way the infrastructure is assessed and managed on both a day to day and strategic basis.
To achieve this 100% uptime, the newest breed of Managed Service Providers use intelligent monitoring to predict potential failures before they occur – and replace the relevant component to avoid any downtime. This is hardly a new approach: this predictive model has been successfully deployed for years in any number of industries from aeronautics to Formula 1. Individual components are continuously monitored for any signs of potential weakness – and intelligently replaced during planned downtime to avoid any unplanned failures or glitches in performance.
This small but growing minority of IT organisations has also begun to explore the value of consolidating monitoring tools to move beyond break/fix to a predictive model that delivers 100% uptime. Combining trends in performance with business plans can predict potential issues six, 12, even 18 months in advance, giving the charity time to cost, assess options and plan.
This is a continual process of refinement that not only prevents issues occurring but essentially levels out the spend. There are no peaks and troughs, the charity has a flat-line, controlled IT expenditure and, critically, the opportunity to realise real productivity gains through more intelligent, well managed use of technology. With clear insight into IT and telephony performance, it is far easier to have highly intelligent, meaningful conversations about the strategic direction and opportunities for planned investment.
Furthermore, combining in-depth and real time understanding of the entire infrastructure with self-healing technologies enables the preventative measures that fundamentally transform users’ day to day experience with technology. Rather than hoping the fix will occur within the Service Level Agreement (SLA), problems can be routinely addressed to avoid interruption.
Weighing up the risk
For all charities, IT outage in an era of 24x7 operations, mobile users and online business models is incredibly damaging and expensive. Given the speed with which technology is becoming increasingly vital to facilitating donations, stimulating future growth and adhering to compliance in the charity sector, there is no time to delay.
The role of IT is evolving to encompass every aspect, amidst more complicated applications and millions of connected devices, and effective IT utilisation requires far more than the proactive support model that dominates today. Predicting the problems that may occur or business needs that may arise well ahead of time is key to achieving healthy IT in a charity. After all, when every aspect of the infrastructure is so critical, can any charity really afford for failure to occur before swinging into action?
The vital work of charities is too important to jeopardise by taking risks on unproven technologies. Charity managers and on-the-ground workers alike retain a healthy scepticism when it comes to supposedly silver bullet solutions that promise to transform the way they work for the better. Sometimes, though, a technology matures to the point where the benefits it offers become so compelling that it warrants a closer look. One such technology is unified communications (UC).
UC can keep managers happy by improving a charity’s productivity and cost efficiency, as well as enhancing the oversight and transparency of its operations. Just as crucially, it can simplify and speed up the day to day work of co-ordinating campaigns and fundraising undertaken by frontline staff and volunteers in offices, shops and out in the field.
Bringing together technologies
So what is UC exactly, and how can it help? Without getting bogged down in the technical details, it’s an umbrella term that brings together a series of well established technologies designed to improve communication and collaboration among individuals and groups. These include, but aren’t limited to, audio and video calling and conferencing, instant messaging, file sharing and "presence" (the ability to see instantly when someone is available).
While many people will have used some of this technology on an ad hoc basis, their experience might not have done much to convince them of its merits. For example, the frustration and miscommunication that can arise from a choppy video-conference call, with embarrassed IT staff fumbling to restore broken connections, is now such a familiar office experience that it has become a staple gag for the writers of workplace-set sitcoms.
But this cliché took root when the technology was still in its infancy and broadband internet service was far less robust and widespread than it is today. Implemented in the right way, UC is now just as reliable as more established methods of communication such as the telephone and email, while being both cheaper and considerably more versatile.
A key point is that all the components of a unified communications solution integrate seamlessly, using simple, common means of access. People can quickly and easily see who’s available, arrange and join meetings irrespective of how they’re connecting – whether they’re on a workstation in the office, a laptop at home, or out and about with their smartphone or tablet.
They can access shared calendars, documents, spreadsheets and other files (with changes being made to a central copy, thus eliminating the need for a long and confusing chain of disjointed emails and attachments).
People sharing ideas
People can call up a shared whiteboard during a call to sketch out ideas collaboratively or communicate points more visually when needed. They can record meetings to ensure these are available for later review and can be shared (or transcribed and shared) with those who weren’t able to attend. And more besides.
In other words, UC allows disparate networks of people to collaborate more effectively without technology or bureaucracy getting in their way or causing time-wasting bottlenecks. Given how most charities work, this clearly has many advantages. The business of gathering donations or applying for grants, for instance, generally involves many geographically dispersed people being able to collaborate as smoothly as possible.
For instance, a mental health charity had been struggling to co-ordinate efforts across 13 offices, a swathe of high street shops, plus volunteers, homeworkers and fundraisers spread all over the country. With UC, the charity is now able to ensure everybody is aware of the latest campaign messages and fundraising focus, and can mobilise teams at a moment’s notice.
The positive impact of the technology isn’t restricted to large charities or organisation-wide campaigns, either. Even something as apparently simple as setting up a fundraising stall at a local fête or market is made far easier. It often takes weeks of calls, emails and poring over diaries to firm up who’s labelling the jam jars, setting up the stall, leafleting the area and so on. With UC, a charity can organise the whole thing in a single call.
Dramatic cost savings
For charity managers, the technology brings other important benefits, most notably the potential for dramatic cost savings through productivity gains and vastly improved operational efficiency. This results in a higher proportion of their vital funding being spent on the causes they support rather than on things like travel, expenses and office expansion.
For example, UC lets charity managers make far better use of their existing premises through "hot-desking" – since anyone can sit down and work productively from anywhere. And the ease of setting up virtual meetings means they can eliminate the common costs associated with assembling a group of people in a room together – for instance, having to pay for them to travel perhaps an hour each way to attend.
Other operational staff, such as procurement and IT managers, see similarly positive results. Unifying communications across a charity simplifies what is often a messy mix of technologies and services, purchased ad hoc by different offices and departments, with one system or service often incapable of talking to another elsewhere. UC, meanwhile, can be delivered as a service at low cost, doesn’t require you to buy any specific hardware, and people joining in sessions simply need a web browser and a broadband connection.
Then there’s the whole issue of transparency. With all communications unified and on record, the technology gives managers an unparalleled ability to track and review a charity’s activity to ensure it is working in line with the Government’s Charities Statement of Recommended Practice, as well as any compliance requirements, so that it can remain fully accountable to the authorities, governing bodies, supporters and beneficiaries.
While much of the private sector has been investing in UC for some time, and is already reaping many of its benefits, charities have to date been slower to investigate the technology. Their caution is understandable. Commercial businesses are always looking to gain an edge over competitors so they’re prepared to take greater risks trying out new things. But when you’re a charity, you can’t afford to spend precious funds on a whim - you need to be certain any investment will allow you to serve your charitable cause more effectively.
Promoting cultural change
Because UC fundamentally alters the way people work and interact on a daily basis, it also helps to promote a cultural change throughout the organisation, and again some charities are reluctant to embrace such change because they see it as "more for the private sector". Cultural change seems to imply big, expensive programmes that divert funds away from an organisation’s core work, so many charities perceive it as a risk and don’t view it as a priority.
There seems to be a fear that by changing what they’ve done for a long time, and what people are used to, they might throw their operations into chaos and their staff into confusion – better the devil you know and all that.
This position is becoming increasingly self-defeating. Charities can gain so much by switching to unified communications that the sooner they follow the private sector’s lead, the better. But it is important to seek out and work with providers which understand the particular needs of the sector and can help you introduce the technology in the right way. With so many different suppliers and offerings on the market, that isn’t always easy.
As a rule of thumb, it’s best to avoid providers which only frame UC’s advantages in terms of cost savings and management efficiency (important though these undoubtedly are). Implementing UC from on high, with little thought to the cultural impact it might have on the organisation or any help to smooth the transition, can make it far harder to realise any benefits.
It’s vital when implementing UC for those responsible to spend as much time as needed supporting the frontline staff and volunteers who’ll actually be using this stuff. They need to understand not only to how to work it, but why it will help them do their jobs more effectively and, by extension, allow them to provide greater help to the causes they care about.
"A key point is that all the components of a unified communications solution integrate seamlessly, using simple, common means of access."
"...UC allows disparate networks of people to collaborate more effectively without technology or bureaucracy getting in their way or causing time wasting bottlenecks."
"...the technology gives managers an unparalleled ability to track and review a charity's activity..."
Deaf Direct is a local charitable company which has worked with and for deaf and hard of hearing people since 1927. Our primary purpose is to promote responsive, professional and empowering opportunities to a diverse and unique community comprised of deaf and hard of hearing people with the goal of creating a society in which deaf and hard of hearing people enjoy equal participation and access without barriers or prejudice.
The charity offers a wide range of services to deaf and hard of hearing people, family members and carers, and professionals and other organisations across Worcestershire, Herefordshire and Oxfordshire. Our key services include access to information, booking of communication professionals such as sign language interpreters, meetings, events or training through to outreach services, advice about hearing aids, social activities and access to a network of Deaf Clubs.
We are always looking to save money but at the same time keep our technology up to date. Relying on an outsourced IT partner means that we don’t have the expense of having to pay for internal technical staff and we know that they are always up to date with the latest innovations. We have worked with IT solutions company Quintech for many years and they have been responsible for the installation and support of all our IT across our entire organisation – from servers and PCs through to software and Internet access across all of our three sites.
Role of communications
As you might imagine, communication plays a major role within the charity and is governed by our communication policy that clearly sets out Deaf Direct’s approach to effective communication both internally between staff and externally for clients and the public. As a charity we continually work with staff to improve communications at all levels to ensure that individuals develop a range of appropriate communication skills.
Staff who begin employment with Deaf Direct without any signing qualifications are expected to obtain the minimum BSL (British Sign Language) level 2 qualification. Our policy covers both internal and external communications but the underlying ethos is for individuals to recognise the preferred communication methods of who they are speaking with and to treat one another with respect and courtesy.
As part of our ongoing technology improvements we decided to upgrade our ageing phone system with new technology that would allow us to both reduce costs and enhance the quality of communications between staff and also with service users.
Introducing unified communications
Five years ago we had an old BT Meridian phone system that was at the end of its life and was costing us between £300 to £400 per month in maintenance charges. What we needed was a system that would be more cost effective and because we have a mixture of deaf, hard of hearing and hearing staff, we needed additional video calling functionality that could be used to support communications using sign language. We also wanted our staff across the three sites to be more accessible and support remote communications for mobile and home-based personnel.
After a recommendation from Quintech, we decided that a software-based unified communications solution from Swyx was the best fit for our requirements. We like the fact that they provide a holistic service so when they suggested a phone system that was software-based and could offer us greater functionality and flexibility and be part of our overall IT network, this made perfect sense. The fact that the system also supported video calling between staff was ideal.
As part of the charity’s communications policy it is vital that where possible sign language must be used in the presence of those who are deaf or hard of hearing. Therefore the decision to go with an Internet-based solution was really a no-brainer, as traditional phone systems simply didn’t have the same level of functionality. This also means that we can always keep up with technology.
The installation took between half a day to a day, and we went straight from the old BT system to the flexible new UC (unified communications) solution. Part of the smooth integration was down to Quintech. They took care of all the configuration including "out of office", "greetings", "auto attendant" and "call routing" and carried out all the end user training.
Greater flexibility and more responsive
At first the staff thought it was a bit strange to be using a phone via the computer and many stuck with still using the handset rather than the softphone on the screen, but as time has gone on, everyone is now using the softphone. The most loved favourite feature is the F11 function which allows staff to simply highlight a number on-screen, whether in a database or on a website and connect directly without any dialling.
Deaf Direct has 30 users of the system and up to around 20 at any one time. Our staff are based across three sites at our HQ in Worcester and sister offices in Hereford and Oxford which are connected together via ISDN 30 and a VPN (Virtual Private Network).
In addition some staff have the ability to work from home and there is one member of staff who works full-time from their home in Lincolnshire for UK Deaf Sport (an affiliated organisation to Deaf Direct) which provides information and guidance to deaf or hard of hearing people who would like to participate, enjoy and excel at sport.
The new technology gives us the ability to directly connect both incoming callers and internal staff, whether they are in the same office or at a different location. The support for video calls means that staff who need to use British Sign Language (BSL) can simply connect via the on-screen softphone in conjunction with the webcam on their PC and their image appears on to the other person’s screen.
Likewise, if a member of staff needs to ask a question of another member of staff in a different office or location, or they need someone who can sign, then they simply initiate a video call.
Improving the communication between internal staff means in turn we can provide a better and more responsive service to incoming enquiries, whether it’s access to information, booking a course, hiring an interpreter or getting in touch with third parties such as solicitors, doctors or hospitals on behalf of deaf persons or their families.
Making better use of resources
With limited resources, the new system means we can literally call on those resources regardless of where they are. For example, if the main receptionist at the Worcester office takes a call for booking a sign language interpreter and she needs to check something with another member of staff, if they are in the same building she can then call them via video, or alternatively, by wearing a wireless headset she can simply walk down the hall and ask them face to face.
Similarly if the person she needs to liaise with is at another location, she can simply contact them, either by video call, normal call or even by instant message. In circumstances where a member of staff doesn’t sign, and they need to converse with someone who is deaf, then they can simply ask a colleague who does, to step in front of their computer and communicate or translate on their behalf.
Year on year cost savings
On average, we receive between 40-60 calls per day from deaf people or family members looking for advice or access to the charity’s range of services. With all our sites now connected on the same communications system means that the charity can also save on having a receptionist at each site. Instead all calls come into Worcester and are then redirected according to the nature of the enquiry. All calls between sites are on the same IP network so are therefore free.
The main benefit is that it has made all our staff more accessible and we have also been able to make considerable cost savings year on year. Future developments on the horizon include "full video conferencing" between all of the charity’s different offices, remote desktop sharing, SwyxMobile (using the SwyxWare app on smartphones) and the integration of the unified communications solution with a CCTV and door entry system.
Key benefits summarised
Let's remind ourselves of the practical effects of taking Deaf Direct's communications policy this major step forward:
- Support for sign language-based communication via the phone.
- Lower costs – reduced phone bills and maintenance charges equating to thousands of pounds every year.
- Choice of communications – voice calls/video calls, instant messaging, email voice mails.
- Free calls between sites and remote workers.
- Support for charity’s communications strategy.
- Always having the latest technology due to software upgrades.
- 24 hour service – system automatically diverts to appropriate mobiles.
- Lower staff costs – no need to have receptionist at each site – all calls come into Worcester and are diverted (free of charge) to other locations.
- Flexible working – support for mobile and home-based staff.
We have no in-house IT resource, so outsourcing this to a third party is invaluable to us as a organisation. Due to their in-depth knowledge they can act as a single point of contact which can advise us on how to make the most of both our IT and communications for the benefit of our staff and also to the deaf community who we serve. We hold quarterly face to face meetings with an IT consultant and they provide regular top-up training for staff. Any day to day IT support issues are dealt with promptly and the majority of these are handled remotely.
As for recommendations to other charities I would simply say, due to economic circumstances, charities should consider outsourcing IT management simply because they provide advice and on-spot support. Most charities may think of employing staff to focus on the IT system internally, but this is not always ideal in terms of having time off (holidays), backups and so on. For ease of mind and for charities to provide effective services to their clients – outsource.
"The new technology gives us the ability to directly connect both incoming callers and internal staff, whether they are in the same office or at a different location."
"With limited resources, the new system means we can literally call on those resources regardless of where they are."