Could Your Data Be at Risk?

By | Abila, Accounting, Audit, CPA, Data, Grant Management, HR, MIP Fund Accounting, Nonprofit | No Comments

Could your nonprofit associations’ data be at risk? Even with good security, you may still find yourself in the unpleasant position of ransoming your data from an unscrupulous hacker.

New viruses such as the notorious “FBI” virus do not hijack your computer for their own nefarious purposes. Some viruses lock your computer down so that you cannot access any of its information. Instead, once you pay a fee – like a random in a kidnapping – the hijackers ‘release’ your computer.

If you think this can’t happen to you, think again. What used to be a threat to major targets such as large corporations or government organization is now a threat to anyone at any time. In fact, smaller nonprofits may be targeted more frequently than larger ones because small organizations do not have the means to fight back when they’re the victim of crime. Criminals such as data hijackers look for easy targets or organizations that do not have the financial resources to fight back. Any organization is at risk.

What Is Data Hijacking?

The best prevention against data hijacking is awareness. It’s important to understand what data hijacking looks like and how to prevent it from occurring.

Data hijacking occurs when a computer program called ‘malware’ enters your system. Malware means malicious software. A specific type of malware called “ransomware” enters your system through an infected email or computer virus. Most often, users inadvertently click an email link or download software containing the malicious program.

Ransomware installs on the end users’ computer and encrypts the data on the target computer so that it can no longer be read. The encryption is so sophisticated that only the operator of the program has the key that unlocks it. Hijackers demand payment for the data ‘key’ that un-encrypts or unlocks the data.

How Ransomware Gets Past Security

There are many ways in which data hijackers bypass your organization’s secure to target your computers. One common way is to clone an executive or CEO’s email address or LinkedIn profile. They then use the fake profile to send an email with a link to people in your company. They often target top executives but anyone can be targeted.

Once the link is clicked, it downloads the ransomware and locks the target computer. A message appears on the computer screen demanding payment to release the computer. Hijackers often request payment in bitcoin, an untraceable digital currency that’s easy to convert into cash.

Even after paying the ransom fee, there’s no guarantee your computer will be released. In some cases, the hijackers themselves are unable to decrypt the computers after payment is made to them. In other cases, the hijackers simply disappear with your money – and your data is lost forever.

Preventing Data Hijacking

The best way to combat data hijacking is through prevention. The following steps should be undertaken to protect against lost data from data hijacking:

1. Be vigilant when screening your emails. Do not click on links within emails unless your are absolutely certain it’s from a known sender. The same goes for attachments which can also harbor viruses and malware.

2. Keep your computer programs updated at all times. Patches and updates protect against various forms of malware, including ransomware.

3. Backup your data frequently. Store it on the cloud as well as in storage devices NOT connected to computers or the internet.

4. Use firewalls to segment company data. This way if part of your network is affected by ransomware, you may not lose all of it if some is protected behind a firewall.

5. Block pop ups and disable macros in key programs, which are often used to distribute malware.

If you suspect that your company’s cybersecurity has been breached and ransomware or malware has been launched, disconnect your computer from the internet as soon as possible. That may prevent the malware from downloading entirely or from infecting others.

Next, contact Welter Consulting. We can help you with both the immediate problem and creating a long-term strategy to protect against viruses, malware, and ransomware.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services to help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Blog #4

Switching from On-Premise to Cloud Solutions: The Experts Weigh In

By | Abila, Accounting, Data, HR, MIP Fund Accounting, Nonprofit | No Comments

By now you’ve probably read quite a bit about the benefits of switching from on-premises to cloud-based solutions. Forrester research reports that 50% of companies plan to increase their cloud spending in the next 12 months. About 92% have prioritized cloud computing as a new initiative in the next 18 months. Cloud computing isn’t the concept of the future; the future is here, and most companies will run at least one or more cloud-based software programs within the next year

As you consider switching all your software to the cloud, you may have questions. What do you need to know to make the transition? What benefits will your organization obtain from the switch? Is the cloud a better solution?

Five Big Benefits of Cloud-Based Systems

Consider the following  five benefits of cloud-based systems and how they may impact your organization.

  1. Obtain a clear picture of financial information: Quickly view the entire financial picture for your nonprofit organization. Cash flow, membership dues, sales from products, event/conference income, and much more can be reviewed easily and quickly. Information from multiple departments feeds into one system to provide a comprehensive big-picture view of the financials for your organization.
  2. Decreased reliance on spreadsheets: Many nonprofits still use spreadsheet-based accounting. Spreadsheets offer a simple method for running basic accounting information but lack the sophistication of combining information into one easily accessible location. Spreadsheets tend to be finicky, with formulas and formatting that can be tricky to use. And one small data entry error on a spreadsheet can lead to multiple problems later. Cloud computing reduces these chances. Reports can be run directly from cloud-based systems without fussing about formatting.
  3. Enhanced visibility: Cloud-based systems enhance and increase visibility of data across all parts of the organization. Everyone shares their information in a cloud-based system, with access available to all departments and team members.
  4. One data source: On-premises software can lead to multiple versions of the same document. Chasing after the latest version and reconciling changes can take a great deal of time. Cloud systems always provide the latest reports and information.
  5. Integrate office processes: Cloud systems integrate front and back-office operations into one system. You’ll no longer need to maintain separate systems for both.

On-premises solutions have many drawbacks. Not only do they lack integration and visibility, but they need updates. Updates must be performed individually on each piece of equipment. Cloud solutions update automatically so that the latest version is always running.

The Main Difference Between On-Premise and Cloud Solutions: ROI

Lastly, the biggest difference between cloud-based and on-premise solutions is the ROI.  With cloud solutions, efficiency increases immediately after adopting the cloud. The system gains in value with a positive ROI as it saves time and money elsewhere in the organization.

Not so with on-premise systems. Such systems begin losing ROI from the moment they’re installed. With constant updates and upgrades, purchases of special hardware and equipment to run them, and salaries for people to maintain them, these systems increase in cost and decrease in ROI.

Clearly, the winner is the cloud. With so many organizations adopting cloud-based solutions and more nonprofit software offered via the cloud, it’s time to make the leap to the cloud.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you improve and grow your accounting practice. Please contact Welter Consulting at 206-605-3113 for more information.

Employee Policies Your Nonprofit Can’t Live Without

By | Accounting, CPA, HR, Nonprofit | No Comments

Every nonprofit should have an employee handbook. An employee handbook provides objective guidelines for many areas governing the conduct of employees and the smooth operations of the organization. Even if the organization has just a handful of employees, an employee handbook is necessary.

But it’s not enough to draft a handbook and leave it at that. Employee policies must be shared with your team. Reminders are often necessary. And, like it or not, reinforcement is critical. Without reinforcement, employee policies are meaningless.

10 Items to Include in Your Employee Handbook

The SBA recommends including the following topics in an employee handbook:

  1. Disclaimers: Disclaimers generally appear at the beginning of the handbook and define the basic terms of the employee- employer relationship. It includes a statement that the handbook may be updated and changed at any time. It also defines what is called an ‘at will’ employee relationship, meaning that the organization may, at its discretion, terminate employment at will.
  2. Non-disclosure and conflict of interest statements: These protect the organization against employees sharing confidential information with external parties or competitors.
  3. Anti-discrimination policies: Anti-discrimination policies make it clear that you intend to comply with the Americans with Disabilities Act. These policies set forth the organization’s commitment to equality for all regardless of disability.
  4. Compensation: Salary, salary reviews, overtime hours, and other compensation should be clearly outlined in the compensation portion of the handbook.
  5. Gift policies: If your organization does not allow employees to receive gifts from members or donors, include this information as well.
  6. Work schedules: Office hours, days that the office is closed for holidays, and other information pertinent to work schedules can be included too.
  7. Vacation and sick time: List the amount of vacation and sick time available to employees. Include information on how additional time accrues, if any, and how employees should call in sick or request paid leave.
  8. Health and safety: Employees should know how to report health and safety violations and problems. The Occupational Safety and Health Administration provides more information on compliance with relevant health and safety laws.

In addition to what the SBA recommends, there are some additional policies that you may wish to add:

  1. Drug and alcohol policies: Drug and alcohol screening may be part of your workplace. You should also state clearly your organization’s no-tolerance policy for alcohol or drug use on the job and include information on how to report violations. Particularly considering I-502, which legalizes recreational use of marijuana in Washington State, it is crucial that you clearly define expectations with respect to drug/alcohol use on the job. To enforce any drug policy, you should also identify what types of testing will be conducted: 1) pre-employment; 2) reasonable suspicion; 3) post-accident; or 4) random.
  2. Anti-harassment policy: Define what constitutes unlawful harassment and discrimination, and identify all protected categories under federal, state and local law. Identify the person to whom such complaints should be brought and how they will be investigated. Make sure to specify that retaliation will not be tolerated.

Many organizations create an employee handbook that lacks some important policies. Be sure that your nonprofit includes drug and alcohol policies, anti-harassment policies, anti-discrimination information, and the all-important disclaimer. This information both complies with the law and is vital for safeguarding your nonprofit and employees.

An employee handbook may not seem all that important if you have just a few employees, but it’s just as important with two employees as it is with 200. Be sure to update your employee handbook as necessary, share it with your employees, and use it as a valuable resource to guide employment practices at your nonprofit.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you improve and grow your accounting practice. Please contact Welter Consulting at 206-605-3113 for more information.

Cross-Training: It’s Vital to Your Nonprofit’s Success

By | Accounting, Audit, HR, Nonprofit | No Comments

Most nonprofit organizations take great care to safeguard vital databases. An emergency plan guides your team through major emergencies. But what would happen today if one of your team had a sudden emergency and had to take a month off from work? Accidents, sickness, and death are a part of life. No matter how you plan for a contingency, it can be difficult to fill someone’s role if others aren’t fully aware of what they do.

That’s where a cross-training plan comes into the picture. For-profit organizations have long insisted upon cross-training employees. This means that every employee has another employee fully briefed and trained in their job duties and responsibilities. There are many reasons why cross-training is important, and many benefits to both your employees and your nonprofit organization.

Benefits of Cross-Training

There are many reasons why cross-training is important to your organization.

  • Long-term absences: Health emergencies, pregnancy and parental leave, family emergencies, and other unforeseen circumstances may necessitate a key employee’s absence for weeks or months at a time. During this time, you’ll need coverage for their position. While you could certainly hire a temp, this is an expensive and ineffective solution. A temp still needs to be trained on the person’s tasks and responsibilities. Cross-training ensures that someone on the team knows exactly what needs to get done and when. Even if you do decide to hire a temp to cover the position long-term, a cross-trained staff member can in turn train the temp and the work can move forward without delay.
  • Busy periods: Certain months may be busier than others, and during those months, it’s helpful to have someone cross-trained to step in and assist. Membership dues may all be due in December or January, for example, and it’s helpful for the accounting department to have someone trained to enter the information and update the membership directory. Other departments may also experience similar cycles of ebb and flow to their work and can trade off staff as needed.
  • Continuity: Donors, members, and others trust an organization which demonstrates consistency and continuity. With cross-training, the work continues unabated. The organization demonstrates a commitment to service and support for their members, which goes a long way towards building trust.

Benefits to Employees

Employees benefit from cross-training too. Learning new skills adds interest to their day as well as valuable knowledge they can use to further their careers. Training for a supervisor’s position helps employees acquire the skills needed to step up in the organization. Lateral skills training, or training in skills related to an employee’s current position in the organization, can still broaden and expand the skills someone uses in their daily job.

When Cross-Training Isn’t Appropriate

There are some occasions when cross-training isn’t appropriate. Sensitive data and information, such as human resources materials, should be kept within the HR department, so cross-train only HR personnel for positions within the department.

Some employees aren’t interested in cross-training opportunities. Try not to force people to be trained for another job if they’re not interested in it. Those who succeed in cross-training activities are people who are highly motivated to learn, grow, and expand their horizons. These are people who want to remain with your organization and grow their careers in the nonprofit sector.

Cross-training has been used for many years in the for-profit sector to ensure continuity of work and productivity. Borrowing this idea from the for-profit arena and applying it to the nonprofit world makes good business sense.

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you improve and grow your accounting practice. Please contact Welter Consulting at 206-605-3113 for more information.