Thursday, January 24, 2008

Database... Protecting your data and managing risk

Got data backup?

Several high-profile stories have hit the news media in the past few months about losses of data, sometimes because of the inadvertent theft of equipment holding sensitive information.

In addition to those well-publicized cases, there are other facts: a hard drive crashes every 15 seconds; 2,000 laptops are lost or stolen daily; one in five computers suffers a fatal hard-drive crash during its lifetime. This would be bad enough, but 40 percent of small- to medium-sized businesses don't back up their data at all.

Experts in the field of data protection and security recommend the following:

  • Risk management is number one. No matter how much insurance you have, you will never totally cover your loss. Educate employees about phishing and have a reasonable backup plan.
  • Evaluate your current backup plan. Consider the newer backup technologies such as virtualization, which allows you to run multiple servers on one computer, for example.
  • Develop and implement a system. Don't just leave it; designate somebody with the absolute responsibility of implementing the risk-management system.
  • Anticipate your likely loss. Recognize that trouble can come from different places. Also, realize that security breaches can occur no matter the level of your firewalls.
  • Have the appropriate insurance that deals with what's likely to happen. Also consider your cyber exposure as a separate and unique exposure.
  • Try to get your host to indemnify you. It doesn't hurt to ask your software provider if it will provide coverage.

Wednesday, January 23, 2008

8 Steps to raising money on eBay

Use of the eBay online selling system, which is very popular with individuals, is proving to be a real help for nonprofit organizations. Utilizing a name and vehicle with a huge recognition factor can be a great help in fundraising.

In their book Fundraising on eBay, Greg Holden and Jill Finlayson offer suggestions on what must be done up-front by organizations that might have experience with online dealing but are new to eBay.

Their suggestions:

  • Register with eBay and MissionFish. This includes both setting up accounts and setting selling preferences, as well as signing up for PayPal or other online payment solutions.
  • Obtain inventory/donations. This involves both soliciting and collecting donations from individuals and companies.
  • Create event branding. This can be as simple as naming your event and creating your personal page on eBay or as advanced as having graphic artists and web designers create a logo and selling templates.
  • Photograph items. Most items sold on eBay will need at least one photograph.
  • List items for sale. It means filling out the Sell Your Item form for one or two items are possibly using software to expedite the listing process.
  • Market auctions. Publicize the event and be willing to leverage online marketing opportunities.
  • Manage auctions. If your descriptions are complete and clear, there will be less need to answer questions, but you must answer emailed questions.
  • Complete sales. Collecting the money is not enough. Pack and ship items.

Monday, January 21, 2008

Finance ... Acting quickly when fraud is suspected

The consequences of employee fraud at a nonprofit are so many and so potentially devastating that organizations must be prepared to act quickly and decisively when employee fraud is suspected.

Wrongdoing by a nonprofit employee will very often have implications for the entire organization, from casting a taint on the nonprofit or its mission to legal and financial responsibility in the case of monetary loss. The consequences can be huge.

At a recent national conference, attendees learned from Gerard Zack, founder of the Nonprofit Resource Center and president of Zack Accounting and Consulting, that there are certain initial steps that must be taken when someone in an organization suspects fraud.

The critical first step is risk assessment. The organization must determine what access the suspect has, what other types of fraud schemes the suspect could have perpetrated, given his/her level of responsibility and access, what the likelihood is of multiple perpetrators (collusion), how long it could have been going on and what technical complexities could have been involved.

After that, the organization must:

  • Document all allegations,
  • Obtain and document all pertinent information, documents and records,
  • Identify all bank accounts involved and consider closing or freezing them,
  • Determine who needs to be interviewed,
  • Perform background checks if considered necessary,
  • Develop details of an investigation plan.