IT for Charities – Top Tips learnt during the COVID-19 lockdown
In 2020, charities experienced a seismic shift in how they work. Digital Transformation programmes to implement Agile Working happened in just 2 weeks for most organisations, instead of years.
Specialising in charity IT, Smartdesc worked with many organisations to get staff, volunteers and beneficiaries set up to access resources at home, often on personal devices, quickly. It was high pressure, but also a good opportunity to adopt new technology for a lot of people.
For the first couple of weeks of lockdown, the charity IT Support Helpdesk at Smartdesc was the busiest it had ever been. This was mostly helping to set up staff who had never logged on to their work system from home before, or hadn’t worked remotely for a while.
There were some charities who had cloud migrations planned, but not in place yet, however, we were able to rapidly provision Office 365, Teams, Microsoft Azure and similar systems rather than relying on a physical server in the office that could have been inaccessible.
Here we share some of the lessons learnt and best practice for remote working going forward:
1. Remote Working Tools
There’s been an explosion of tools and different technologies aimed at home working, and the ease with which they can be set up is both a good thing and a challenge.
Organisations that come together as a team, review the options on the table with their provider, then issue clear policy and guidance on what to use for what process, have succeeded the most.
It is very easy to end up with corporate data sprawling over DropBox, Google Sheets, Slack, SharePoint, Teams – who actually has control of this?
Uptake of these tools are of course driven out of necessity to collaborate and work remotely urgently. However, it’s well worth conducting an internal review and centralising & consolidating onto as fewer platforms as possible – we typically implement Microsoft 365 with Teams being the centre of all communication, shared files, and collaboration, and retire all the other tools that may have sprung up across pockets of the organisation.
Publishing the guidance and backing this up with training is essential so that people know where to save their files and how to use the tools consistently.
2. Information Governance
Over many years of helping charities and non-profit organisations of all sizes with their Information Governance standards and GDPR compliance, we often find the ‘type of data’ – the data classification – is missing.
This is even more applicable with mass remote working where staff have an unsupervised choice on where to store files. For example, if you are working with supporter, staff or beneficiary data, it is likely to be classified as Personal Data so putting it in an open Google Sheets is a big risk; it should be on your main shared drive.
If the Shared Drive isn’t accessible, then SharePoint or Teams can be configured securely to handle sensitive personal data in the cloud, but as a minimum ask your IT Department to ensure;
- Two Factor Authentication is enabled
- UK Data Centres are specified as the Microsoft 365 data geo-location
- Data cannot be saved locally on personal devices
- It is encrypted on corporate devices
Using a mixture of tools and technologies is fine as long as there are policies in place for each, backed up with basic security controls. People will follow guidance if it’s clear; put it together in a diagram and reinforce it on regular meetings.
3. Personal Devices
A lot of charities have had no choice but to allow the use of personal devices; it can be very difficult to control security on personal devices, but at the vey least, organisations should insist on these 3 controls;
- Ask staff to update their devices! – On Windows just click Start > Windows Update. And this advice most definitely includes mobile phones. Go to settings and search update. This is so often overlooked, but is so important!
- Create a work login – Create a separate login for work if you do have to use your personal computer for work. Do not share it with the kids! Also, make sure it locks when you go to lunch to stop the kids or the cat accidentally emailing your Chief Executive. Search for Lock Screen Settings (Start > Lock Screen settings > Screen Timeout settings on Windows)
- Don’t save files locally on your personal computer – Issue Policy which must be followed as a first base. Then ask your IT Department if they can temporarily install antivirus or monitoring tools they may use for the work computers, on personal ones to provide some degree of support.
- Office Software on Personal Computers – if your staff use Office 365 at work then chances are they are actually licensed to install Office on their personal computer too –most 365 plans include Office being installed on up to 5 devices per user. Microsoft 365 is also completely free for up to 10 users, and only £2.30 per user for the rest, for eligible charities. So don’t let your staff struggle with Office 1998 at home!
Other Security Tips
- Mobiles – enforce a PIN on personal devices in case the device is lost; this can be done centrally on your corporate email system.
- Two Factor Authentication is especially important on cloud systems like Office 365 – it’s the most widely attacked platform. We have rolled it out during lockdown by recording an instruction video and running drop in sessions on Zoom before enforcing it; ask us if you need help.
4. Home Internet
Suddenly everyone’s home Internet connection is business critical to them! Slow internet speeds still blight us in the UK, but did you know your WiFi channel is the no.1 biggest blocker we see to a good connection performance especially in built up areas?
Changing your WiFi Internet channel usually involves logging onto your home router using the instructions on the back of it, or by googling the make of your router + ‘change wireless channel’. Guides for BT here, Talk Talk here, Virgin here, Sky here or speak to your Internet provider.
Weak wireless signal? Either plug a cable into your router, or if the router is in an unsuitable place for that, use a Powerline Adapter Kit to run data over your plug sockets to any room in your house – you can purchase these for about £30, for example here.
5. Charity IT Security Training
It is important during lockdown to not let security slip out of the mind, which it can do when staff are not in their normal work setting.
Smartdesc run IT Security Awareness Training, plus there are many good IT Security training courses free online, for example at Cyber Griffin the City of London Police cyber-crime unit that has a great series on YouTube on basic security tips during COVID-19.
Discuss any IT Security matters on your weekly team calls – if you think you saw a suspicious email for instance, did anyone else get it? Keep the topic on the table and open.
Data Breaches are still reportable! There is a good self-assessment tool on the ICO website.
NCSC is also a good source of clear information that can feed into your IT Security policies, as do Action Fraud.
Reporting fraud is very important – this includes attempted fraud like spam or phishing emails; the more that is shared, the better the chance authorities have of finding the criminals. Spam/Phishing emails can be reported by forwarding them to Action Fraud on email@example.com And to Microsoft Office 365 by forwarding to firstname.lastname@example.org
Don’t forget to share it with your IT Department too.
All these should be included in your IT Security Policy. If you don’t have an IT Security Policy? Contact us and we will share Charity IT Security Templates with you.
Get free help from Smartdesc
Smartdesc offer any charities or non-profit organisations time with one of our highly experienced, charity focussed, Virtual IT Directors and Remote Working Health-Checks – free of charge during this time. We will be happy to answer any questions you may have or help guide organisations on the right path.
Email; email@example.com to get in touch.
Further remote working advice
Our ‘Everyone is Agile’ Webinar in April discussed some of the challenges and successes charities have encountered with their IT and Telecoms implementing remote working for everyone.
We heard from the Head of Technology at Mind on what went well, and what technology has been the most useful in helping staff communicate. Plus we suggest some practical IT Security Tips, and share how communication tools have helped teamwork during the pandemic.
Click Here to listen to the Webinar.
About the Author
James Field is Customer Strategy Director at Smartdesc, an independent IT Services Provider to the charity and non-profit sector, an ACEVO Premium Partner and NCVO Trusted Supplier.