Must-Have Tools for Association and Nonprofit IT Departments
- Dan Lautman
- October 3, 2017
Part of my job at DelCor is to perform IT assessments for associations and nonprofit organizations. No matter what size they are, many of them, even the large organizations, are missing some key IT tools.
Whether you’re building an IT department from scratch or looking for ways to improve your team’s performance, these tools are must-haves for any association or nonprofit IT department.
Why this is important: I’m surprised how many systems administrators and even helpdesk staff scoff at the idea of a ticket management system. I hear objections like: “It would take more time to enter the ticket than it would to do the work,” or, “Our users would never use it so why bother?”
Yes, entering tickets takes time. All documentation does. But if that documentation provides value, then it’s time well spent.
The second premise is problematic because it reveals a misunderstanding of the system’s purpose. A ticketing system doesn’t only help users request support. Its main purpose is to help you, the IT staff, by:
- Showing management how you spend your time.
- Making the case for additional end-user training requirements: “Dan keeps asking how to do VLOOKUPs, let’s send him to Excel training!”
- Making the case for financial investment in IT: “Look how many tickets are entered for slow wi-fi. Wouldn’t it be great if we invested in new wireless access points?”
- Creating accountability not only for you but for users too. For example, a ticket proves that you requested additional info from the user but they haven’t responded.
- Analyzing trends: “Ever since we provided Excel training to the accounting department, helpdesk requests have gone down 50%!”
- Helping prioritize tasks. Email-based ticket ‘management’ tends to send you into a LIFO-based system (last-in-first-out) rather than prioritizing tickets properly.
What to look for: Email integration is a must. Your users must be able to use email to create tickets and you must be able to send emails out of the system to users.
You also must be able to apply time to tickets. For example, if you spent 4 hours on a workstation rebuild, you should be able to document the time spent. Or, if you want to show that Crazy Joe in Accounting is taking up 50% of your week, you can prove it with the ticketing system.
Depending on the size of your organization, you may want to integrate the ticketing system with inventory (if you’re looking for a stand-alone inventory system, check out ITGlue!). This integration allows you to track which hardware has recurring issues: “Oh look, laptop model X frequently has issues with power supply, let’s not buy that one again.” It also allows you to track the work done on specific hardware so you can answer questions like “When did we install RAM in that server?”
You may want to give other departments the opportunity to use the ticketing system for things such as marketing support requests, facilities requests, and meeting room setups.
Products to check out: All else being equal, ZenDesk is the one to beat in my opinion.
Monitoring and Alerting
Why this is important: Practically speaking, there’s no way any human being can manually monitor your assets 24x7x365. But, that level of monitoring is needed for many of your systems—like your firewall, core switch, and physical servers. And those examples only cover the technology needed for your users to log in to their computers in the morning! What about email, virtual servers, SaaS products, and wireless access points?
The only thing worse than a server going down is finding out about it from a user. Ugh! Be proactive, be the hero, and get yourself a monitoring system.
What to look for: At the bare minimum, you want something that can check for network availability (via ping, for example). The bare minimum-plus-one is Simple Network Management Protocol (SNMP) and Windows Management Instrumentation (WMI). These tools are used to collect information from network devices and systems managed through WMI. They let you track things such as device status (on/off), memory usage, CPU usage, hard disk usage, and fans.
Your system must be able to alert you via email (even if your mail service is down) and ideally via SMS (text messaging). Even better, look for a system that can generate dashboards so you can show off your 99.99% uptime—a handy persuasion tool when you need to justify buying that new switch.
Products to check out: If you’re doing it yourself, PRTG and Nagios are good options. Combine this with an environmental monitoring tool like ITWatchDog. Managed Services Providers (MSPs) should include all these tools as part of their service package, but some MSPs only monitor servers. Make sure all systems, including firewalls and switches, are also monitored by your MSP.
Why this is important: We IT pros all know it’s important to patch software, but I come across organizations that rely on Microsoft Update and the assumption that users will do the right thing. If you’re not managing security patches, then you’re leaving it up to the user. And, if you’re leaving it up to the user, well, you’re going to end up with a bigger, uglier problem later.
You also have the problem of third-party product updates, which users might not even know about or, if they do, may not apply. Just like monitoring, you have to get in front of this issue: whitelist and deploy patches yourself. You’ll have the peace of mind that users are running current software. They don’t have to think about it or come to you with “help me update Flash” requests.
What to look for: At an absolute minimum, you need a way to whitelist and push out Windows updates and third-party product updates. These tasks can be done by two separate systems. You must be able to see which machines have or have not been updated. Ideally, your system will catch servers and workstations that are out of compliance and push updates to them next time they ‘phone home.’
Products to check out: If you’re doing this yourself, WSUS + Ninite is an affordable, bare-bones combo. SolarWinds has some products that fit the bill as well. Again, this type of service is typically included in an MSP agreement, but you need to make sure it’s getting done.
Why this is important: I’ve written before about the importance of password management, but this is extra important for IT professionals who hold the ‘keys to the kingdom.’ Too often, I see a ‘security through obscurity’ solution—an Excel sheet with passwords stored in clear text buried in a directory. Sometimes, passwords are not documented at all. The IT management passwords are possibly the most important thing you possess—treat that knowledge properly by securely documenting it.
What to look for: Most importantly, an encrypted file or database. This could be as low-tech as a PGP-encrypted text file that is synced across your devices. Some nice bells and whistles include being able to share information on a per-account basis (for instance, if you need to share specific credentials with a vendor) and browser auto-fill capability (so you don’t need to type a password). For extra security, pick a solution that audits access, so you can see who on your team accessed specific records.
Products to check out: Dashlane, 1password, keepass, Passwordstate are all good options, and there are many more out there.
Directing an IT department—even a department of one—can be made much easier with these basic tools in your toolbox. If you lead an association or lead an IT team, take this list to the next IT departmental meeting and go through it with your team. All these tools translate into more intimate knowledge of your network and your users. Trust me, it pays off!
Concerned about cybersecurity? Download our free ebook to learn the 17 cybersecurity threats your association or nonprofit needs to be on the lookout for.