In this episode, Nathan Sirois of Balsam Technologies talks about the IT issues nonprofits face when they lack dedicated in-house support. He discusses technology planning, cybersecurity basics like two-factor authentication, data backup, cloud migration, phishing training, and how reliable managed IT services help nonprofits protect data and serve their communities.
John Maher: Hi, I’m John Maher and I’m here today with Nathan Sirois, Support Engineer at Balsam Technologies, a managed IT services company based in Gloucester, Massachusetts, offering cybersecurity, IT infrastructure, network support, cloud migrations, data backup and more. Today we’re talking about managed IT for nonprofits. Welcome, Nathan.
Nathan Sirois: Hey, John. Thanks for having me.
Common IT Challenges for Nonprofits Without In-House Support
John: Absolutely. Nathan, for nonprofits that may not have a full in-house IT team, as I’m sure probably most at least smaller nonprofits don’t, what tend to be the biggest technology headaches?
Nathan: I would say that one of the larger technology headaches that we face regularly is especially working with non-technical staff. So if you have limited actual resources of technically trained staff, it can be hard to bridge that gap between a project that you’re working on and actually getting it done and adapted to your infrastructure and environment for the way that your users are hoping to use it.
So I would recommend whenever there is a larger project, coordination is really key with your team regardless of your technical staff, but especially if you don’t have in-house techs, it’s important that all of your staff knows what projects are going on and how they need to be using technology going forward.
Planning Technology Projects and Staff Training
John: So when you’re talking about projects in this sense, what are some of the kind of things that we’re talking about there?
Nathan: So for instance, if you have a new application, let’s say, you have some sort of compliance software that you need, maybe you’re doing social work and you need to make sure that your employees are using this properly, it’s important that you have training or at least a set of instructions for showing them how to use the product. Oftentimes you can get so focused on your new technology and projects that you’re working on that you kind of tend to miss the little details. It could be an intern coming in for a summer. There could be a special case that maybe you need to handle the product differently.
So it’s just important to factor in all aspects of both how you’re going to be using the new technology that you’re setting up going forward as well as who’s going to be using it and deciding on the best practice for your organization because the reality is you might be using a product for something completely different than another nonprofit.
Maybe you have someone move over from another company and now they’re working for you guys and you need to make sure that they’re using it for your specific needs. So I would just make sure that whatever situation you have and whatever new projects you’re doing that you make sure to clarify with your staff and set up good plans for going forward.
Prioritizing Essential Nonprofit Technology on a Tight Budget
John: And when budgets are tight, as again, they often are with nonprofits, how can nonprofit leaders tell the difference between what might just be nice to have technology and what things they really need to run their nonprofit business?
Nathan: Yeah. So one of the key things that any company needs to have is good infrastructure management. So specifically with nonprofits, it can be hard because you’ve got all these big projects going on to manage all the stuff that is installed at your company, you’ve got stuff in the cloud, all sorts of systems that you’re using. And it’s important to realize what of those systems are essential and what are not as essential.
So what I mean by that is maybe you have a server on site that your entire company is using daily. And if that went down, that would mean that your whole organization would be down for a day versus one of your employees has a laptop that’s old and outdated and that crashes one day and so they’re out for a day but all your other employees can work because it’s not affecting them.
So really keeping tabs on what you have for technology in use in your organization and then figuring out a good plan for maintaining and replacing equipment as well as just knowing if something were to go down, how would we recover from it and what steps can we put in place to prevent systems from going down?
Cybersecurity Basics Every Nonprofit Should Have
John: One of the things that we hear about a lot these days is cybersecurity and I’m sure for nonprofits that can feel a little bit overwhelming, but what are a few simple things that every nonprofit should be doing to better protect itself?
Nathan: So as a basis, one standard that we’ve implemented with most nonprofits that we work for is just setting up single sign-on on your Microsoft. So what that means is essentially it’s good to have a standard of not just having a password to log in, but also you’ll have an application on your phone that gives you a code to log in. Now you’ve got two things preventing any malicious threat actors from logging into your organization, stealing data, or doing anything else that they would try to do to negatively impact your company.
There are also standards for complex passwords for employees. Some of the stuff can be pretty simple to implement to just have a cybersecurity baseline. There’s always more tools coming out, more technology you can put in place practically to help your organization, but it definitely depends on your exact end goals and the amount of risk that you’re able to take as an organization, how much you want to focus on your cybersecurity baseline and projects for improving your organization going forward as you grow.
Two-Factor Authentication for Nonprofit Systems
John: So you think that at an absolute minimum, making sure that employees have two-factor authentication is what you’re talking about setting up, so that when they’re logging into company systems and things like that, they have to check on their phone and get a code or something like that in order to log in. Having that two factor is probably the most important thing?
Nathan: Yeah, that’s definitely one of the most important baselines. If you’re using Google Suite, if you’re using Microsoft Suite, whatever main work platform you’re using, it’s really essential that that remains protected. And sometimes for organizations that we work with, they start out and people are using the same accounts like multiple users.
You might have started out and that was okay for four or five people to be using the same login to use a platform. But realistically in the cybersecurity space that we live in today, that’s a big liability. So we definitely think that those workforce platforms are probably the places that you want to start when looking at your cybersecurity baseline.
How Reliable IT Helps Nonprofits Serve More People
John: In your experience, how can better IT actually help a nonprofit serve more people and operate more efficiently? Why should nonprofits be thinking more about IT and what it can do for them?
Nathan: Yeah, I would say one of the reasons why we’ve been able to do really well with IT for nonprofits is that we really understand that reliability really matters for your organization. A lot of times people are coming to you in desperate need of help depending on what space your nonprofit works in and even if it isn’t as time sensitive the things that your company is helping people out with, they’re still coming to you with a big need and you have a responsibility to provide that service to them and help them in whatever way you can.
And if technology is holding you back from being able to do that well, it’s a really big problem for a lot of organizations. So knowing that you have someone in your corner that can help you with whatever problems you face and being prepared for the future is really essential for nonprofits and there’s not a lot of room to just not have your technology together. So that’s why we try to really focus on helping people in the nonprofit space.
Common Technology Mistakes Nonprofits Should Avoid
John: What do you think are some common technology mistakes that nonprofits make and how can they avoid those?
Nathan: I think the biggest mistakes that we tend to see are both with tight budgeting, sometimes nonprofits just tend to put off all of their IT needs regardless of really the specific cost or prioritization of critical infrastructure. For one example, there’s a company we work with locally in Gloucester and some of the larger technology equipment and expenses often come in the backend. So what I mean by that is the kind of stuff that you’ve got sitting in your closet that you don’t necessarily see every day, but if that goes down, your whole organization’s down.
And so in this instance, this company, they have what is called a UPS, which is a battery backup system for their equipment and it basically just makes sure that the energy that’s coming into these devices and into your building is properly distributed to the other technology in your closet so that nothing gets damaged.
And this company had held off on replacing that battery. They had just put it off because it was working all right and again, it’s on the backend. They don’t see it every day. So they kept pushing it off and then they come to find one day the battery was actually smoking in the closet and needed to be replaced as an emergency. And in that case, luckily we were able to replace the system quickly without large damage to their organization.
But oftentimes if you’re not paying attention to your technology, there can be real implications to not planning effectively for the future. So just keeping in mind that your technology is consistently going to be with your organization and it’s only going to grow and become more complex as the years go on. So having a handle on that and knowing where you want to go in the future or having somebody who can advise you on where to take your organization as far as technology goes is really essential and something that we definitely pride ourselves in.
Data Backup and Cloud Protection for Nonprofits
John: Do you think that data backup is really important as well, for nonprofit organizations? I know you mentioned the example with the UPS battery, and that will prevent the server from going down in the case of a power outage, and of course you don’t want it so old that it’s smoking and getting on fire or something like that. But what happens if the server does catch on fire and all that data is gone? How do you get that back? Do you think that data backup in the cloud is an important thing to think about as well for these types of companies?
Nathan: Yeah, I definitely would agree with you there, John, that data protection, it’s super essential, not only just in case of something catastrophically failing, but having good protection is also one of the best steps you can take in the cybersecurity space as well, because you got to make sure that where the majority of your data is, that it’s protected and no one has access to it that they shouldn’t.
For this company specifically that I mentioned, we actually assisted them with a full cloud migration for their on-premise servers. So they were concerned, even though they did have backup systems in place for their on-premise equipment, they wanted to go a step further and really protect their systems and make sure that they were maintained and going on consistently without having to worry about anything on site.
So in that case, there was a much larger project where they moved all of their infrastructure to the cloud. Unfortunately in today’s day and age, we do see outages sometimes with even large companies like Amazon or other organizations, sometimes data centers go down, but definitely the redundancy of having cloud backups is super essential, and regardless of if your entire infrastructure is on-premise or in the cloud, you do need to have some kind of backup system in place. And because it is so important to keeping all of your organization’s data safe and making sure your systems stay up, it’s really important that that’s done correctly and that you really take the time to plan it out thoroughly so that nothing gets left behind.
Phishing Training and Email Security for Nonprofits
John: And then finally, just going back to the cybersecurity question, does Balsam Technologies do anything with companies, including nonprofit organizations, in terms of teaching the employees about phishing scams and things like that? Because I know that that’s another way that these bad actors, if you will, can get into a system, is just through an email or something like that, that tricks somebody into clicking on something and maybe entering in their password or something like that. And I know that the two factor authentication that we talked about can help prevent some of those issues, but are phishing scams a problem and do you help companies avoid those?
Nathan: Yeah. To speak to that, phishing is definitely, it’s one of the easiest ways to get into your organization because ultimately you can have all your technology in place and your security systems, but your people are going to be more susceptible to falling prey to scams than your actual software and hardware is going to be if I try to talk to my computer and convince it to let me in, it’s not going to do that.
But if I talk to the user and they’re convinced that I’m somebody that should have access, they might let me use their device. And so for all our large nonprofit organizations that we support, having email security training is pretty essential. And along with that, there are a large number of different angles that cybersecurity can be protected and improved for your organization.
And at Balsam Technologies, we resell from all the major vendors for cybersecurity services. And depending on your organization, it might not just be email protection that you need. You might need some sort of advanced protection for the data that we mentioned previously. You could be worried about somebody having physical access to devices, or maybe you have a bunch of users that work remotely and you’re worried about their connectivity back to your organization.
So regardless of what your organization uses for its technology infrastructure, we have the capability to both survey what you have in place and what you need in the future as far as cybersecurity protection goes. But to speak back to that email protection question, it is definitely an essential standard that we put in place for a large amount of our clients and it’s something that we would recommend for all organizations regardless of industry.
John: All right, well, that’s really great information, Nathan. Thanks again for speaking with me today.
Nathan: Yeah, thank you so much, John. It was great talking to you.
John: And for more information, you can visit the Balsam Technologies website at balsamtechnologies.com or call 978-281-3339.
