IconCMO Blog

Now you can customize the IconCMO login page!

By Leave a Comment

We’re excited to announce we’ve made some updates to the login page! First of all, you can now put a button on your church’s website that links directly to the IconCMO login page. No more searching Google or locating a bookmark every time you want to log into your account!

Example of button you can put on your church's website (you can customize the text.)
Example of button you can put on your church’s website (you can customize the text.)

Once you have the button on your church’s website, it’ll lead you to a customized login page featuring:

  1. Your church’s logo
  2. Your church’s name in the browser tab and below the logo
  3. Your church’s phone number pre-filled, saving you a step

IconCMO-LoginThe basic process will remain the same: church staff and volunteers will log in with their existing user ID and password to access the church’s IconCMO database. Church members with access to the parishioner’s module can use the login page to view their contact informant, giving history, and an online church directory. (Note: if your church isn’t using the parishioner’s module, don’t worry! This update doesn’t automatically grant members access; you’ll still need to do that manually.)

 

Scheduled Server Maintenance

By Leave a Comment

Please note that IconCMO will be unavailable at 11:30 pm Central Daylight Time Wednesday, May 11, 2016 (View in your time zone.) The downtime will last approximately two hours. IconCMO users will not be able to access their accounts during this time.

server-maintenance-iconcmoWe’re always striving to improve IconCMO for you – and that doesn’t just mean improving the user interface and adding to the features list! While not as visible, upgrading the technology and security in the back-end is just as important.

Thanks for understanding and planning accordingly!

Photo Credit: Richard Masoner / Cyclelicious via Compfight cc

National Password Day

By Leave a Comment

It’s national password day!

Did you even know that was a thing?

computer-typing

According to Computer World, the two most common passwords in 2015 were “123456” and “password”. If your password is frequently used and easy to guess, it’s easier for someone to hack into your account. So choosing a strong password is important.

 

3 resources that will teach you how to step up your password game

Updates to Icon Check-in

By Leave a Comment

In case you missed the announcement, we recently released our very own Child Check-in program! Our developers have been busy adding features and making improvements. Here’s a list of the most recent updates.

icon_child_check_in

  1. Check in/out buttons were combined. Now each person has one button that changes based on where that person is in the check in/out process. They can either be set to ‘check in’, ‘checked out’, or ‘check in again’.
  2. If guardians are assigned to a child, a drop down list under the check in/out button will display the guardian’s name and picture. There is also an “unknown” option you can use if there’s not a specific guardian assigned. This information is recorded for later use e.g. when we add reports down the road.
  3. You can now clear the in/out times for a person and re-start the check-in process.
  4. Each person’s information was condensed and uses a More/Less Information link which can be clicked on to either show or hide additional information such as a phone number or email address.
  5. The arrow indicator for this More/Less Information component will turn red if there is important allergy information listed.
  6. In the More/Less Information section you will see the guardian that checked them in and out.
  7. A list of staff members that were signed in at the time of check in/out is also displayed under the notes section for each person.
  8. Phone numbers changed to format correctly within the US.
  9. Resized the screen for optimal use on mobile devices.

It’s finally here! Our very own Child Check-In program

By 2 Comments

The simplest, fastest, easiest way to do check-in at your church.

Icon Systems is excited to announce Icon Check-In: a fast, secure, and safe child check-in software for churches that lets your whole team work together in real time! Checking in children as fast as possible is essential to a smooth-running event, like a Sunday morning worship service, everyday day care, or other ministries.

Icon Child Check-In kids and Logo

“After speaking with organizational leaders in the community, the goals of the new system were set high. Armed with their feedback, we developed a system that has a minimal hardware investment, real time collaboration, and unprecedented flexibility.” says Bill Gifford, President. “We sought to eliminate unnecessary buttons and navigation. The system is easy-to-use, secure, and the work flows are completely customizable. We built Icon Check-in from the ground up using the latest web-based technology to facilitate a quick, smooth process on any device – without extra hardware, ink, and paper.”

Here’s a brief rundown of how it works:

  • Individuals – Enter in the folks to be checked in and their families. Pictures can (and should!) be uploaded for each person, as well as contact information, relationship data, and more. Individuals are sorted into households with a common address, though you’ll spend most of your time working with individuals.
  • Groups – Organize individuals into groups, such as “2nd Graders” or “Wednesday Evening Adult Study”. When doing check-in, you’ll be able to choose a particular group per event.
  • Events – Each time you are ready to do check-in, you’ll create an event, such as “Sunday Morning 9 a.m.” Once created, the person checking in can choose the group to check-in, and will see names and pictures of everyone in the group to check-in and -out.
  • Users – Create as many user IDs as you need to give employees and volunteers access Icon Check-in, Each use ID has its own customized level of security access.

View the full press release on Yahoo Finance.

Icon Check-In is entirely cloud based; that means you don’t have to deal with app stores, downloads, upgrades, hardware, or installing updates. It’s also mobile friendly and can easily be accessed on smartphones, tablets, laptops, or any other device that’s handy. Icon Check-In is available for only $25 per month. You can find more information and sign up for a free 10-day trial at https://www.IconCheckin.com.

Online Giving

By Leave a Comment

Having multiple ways people can donate online to the church is an absolute, not a nice to have church process — even for the smallest of churches.

According to Blackbaud 2014 Charitable Giving Report, many people are surprised to learn that fundraising activities is still less than 10% — currently at 8.8% for faith-based organizations in regards to online donations.

However, we need to have some context to this number. Blackbaud states — “As a point of comparison, it is helpful to look at online purchases as a percent of total retail sales. According to the U.S. Department of Commerce, e-commerce sales in the third quarter of 2014 accounted for 6.6% of total sales*.” So let’s break that down – online sales for products purchased online is 6.6% and online giving, specifically faith based charities, is at 8.8%. With online sales at 6.6% and faith based online donations are at 8.8% –> do you still believe online donations don’t play a part in your strategic organizational plans? This data alone shows the need for churches to have this as an added channel to the traditional methods of giving. It should not be an obstruction for your donors. 🙂

Let’s look at the size of the organization broken down into three sectors based on size – Small (less than 1M), Medium (1M – 10M) and Large (10M+). Keep in mind that this is any non-profit organization, not just churches, using a sample set of 4,798 organizations. Most churches will say they are too small to have an online donation system and probably would fall into the small category. However, the percentage of donation by each organizational size, is 7.4%, 5.6%, and 7.2%, respectively. So according to the data, the smallest organizations have the highest percentage of fundraising versus the other two, in regards to online donations. In other words it’s the smaller organizations that are gaining the most ground in regards to online donations year over year. Do you still believe your church is ‘too’ small for online donations?

Let’s look at another statistic. Online giving grew 8.9% from 2013 to 2014. Most would say 8.9% sounds small. It’s actually a 1.3 billion dollar increase across the sample set of organizations. Additionally, this increase came on the toes of an increase of 13.5% in 2013 from 2012. So in a span between 2012 to 2014, online giving went up 22.4%. People are shifting to online as they shop and donate.

Should your church be part of the online giving trend that only appears to get stronger each year?

Summary

The data clearly shows the need for churches to get online donations in their channel of giving solutions. It used to be an option in the late 90’s and early 2000’s. That’s not the case anymore. Most people can’t remember the last time they carried cash in their wallet, but I bet they know where their debit card is. 🙂 Increasing a church’s donations should happen where the donors are at, so to speak. They are in the electronic age and if the church doesn’t meet them there, I’m sure they will donate elsewhere.

*Credit goes to Blackbaud for the data and the quoted material above which this blog entry relied on.

Common Church Accounting Mistakes with Checkbooks

By Leave a Comment

image of a check using it for a church blog about checking accountsThere are some common accounting mistakes churches make for a variety of reasons. Maybe it is because the software they are using couldn’t handle the various situations that are needed. It could be a church process that was made a long time ago and when questioned — you get the typical answer, “that’s how we have always done it”. Current church processes are not changed as technology and other societal trends improve or empower the church to do more with less work.

In this blog we are going to tackle the checking account issues we see when clients come onto the IconCMO accounting system. Below are three common mistakes with checkbooks that churches deploy to keep their money separated.

Multiple checking accounts at the bank –

Does your church have multiple checking accounts? We see this one a lot. An example is the General and Youth Fund will have their own checking account. This gives the church the ability to see the balance in the checkbook for that fund. Unfortunately, they equate a fund to a checkbook which is incorrect. Checkbooks control one thing – the money inside them and aren’t funds. In other words, they are only an account among many in the chart of accounts (COA). Checkbooks do not control the other assets like fixed assets, liabilities, revenues or expenditure accounts.

Church funds control more than just checkbooks. Funds oversee everything like fixed assets, long term liabilities, all expenses and revenue, etc., in addition to just the checkbooks. See below for a visual representation which shows the funds (ie: Building, General, Youth) over the rest of the COA. For more information on how funds interact with the COA line items you may want to read our series on Easy Church Fund Accounting.

representation of how accounting funds interact with the chart of accounts in reference to churchesWith solutions like IconCMO, you can have one checkbook with multiple funds (either restricted, unrestricted, or temporarily restricted) and still know the balances and activity of each fund, keep the money separate as per FASB guidelines, and budget by fund. This is called fund accounting and is required for churches. In addition, current software solutions can also roll the dollar figures up into one organizational report (all fund(s) report) to show how the they are doing as a whole.

Multiple checking accounts when there is only one physically at the bank –

This is another one that will actually cause big issues down the road when it comes to reconciling a checkbook. The typical scenario – the church puts into the COA multiple checking accounts like this – Wells Fargo – Designated, Wells Fargo – General, Wells Fargo – Unrestricted, and Wells Fargo – Building. Here is the issue – banks don’t break up your transactions into the categories that you have (ie. Wells Fargo – Unrestricted vs Wells Fargo – Restricted) because they see it as ‘one’ checking account. All they care about is if you have money in that ‘one’ checking account. This leaves the user to break out the bank statement by each transaction into one of the categories they are using and then adjust the amounts for the deposits and checks/debits. This creates a lot of manual work for the user, when a fund accounting system does this easily.

The solution is to have one checking account (which is what is physically at the bank) and use funds to break up the amounts within the checkbook. By using funds, you can see balances for each fund and still reconcile under one checkbook using the bank’s statement numbers – without breaking out each transaction.

Sub accounts of checking accounts –

Checking accounts are not suppose to have sub accounts. Churches did this in the past to keep their money separate like the above examples , but then roll up the amounts into the primary checking account. Again this has issues with the reconciling the checking accounts – which are all now sub accounts and forces the user to break out their statement by each transaction to match the sub accounts in the accounting system.

Recommendations –

A user should only put checking accounts into the COA, if you actually have that physical account at the bank. In addition if you are coming from another system and going to a true fund accounting system, seriously consider closing down all checking accounts except one, then move the money from the closed accounts to the primary checking account, and apply the money to the appropriate fund. Sound hard? – not on IconCMO, since we have a transfer window that can transfer the money from funds and also checkbooks.

Try our Church Management Software free for 14 days.

Staying Safe Online and Our 2013 Security Improvements

By Leave a Comment

Before we announce the new 2013 changes, we wanted to share some insight on online security. This information can help keep you safe in any application you may use – email, websites you visit, and so on.

Church Software Security for the Data
Photo Credit: kjetikor

Many users don’t give online security much thought. However, without knowing the basics, a person can be vulnerable when they are online. When we don’t make informed decisions about online security, many areas of our everyday lives (e.g. social networks, online financial records, email) are at risk from attackers.

Below are some common security attacks.

  • Social engineering. This is when someone tricks you into giving them information they shouldn’t have, such as someone pretending they are from Icon Systems and asking you for your password. Another example is phone scams where people call you and tell you that you won something and they need your social security number to claim the prize.
  • Password cracking. This can happen in a couple ways: either (1) you choose an easy password to guess, and someone programmatically runs code to break the password or just guesses it (this is easier than you think) or (2) an attacker compromises the computers where the passwords are stored, and then decrypts them. We encourage all users to use strong passwords.
  • Cross site request forgery (CSRF) – a.k.a. “tricky links”. Be careful what you click on! CSRF is when you click a button/link on one web site, and it actually does an action on another website pretending to be you. For instance, say you are logged into IconCMO, and click in an email or website that says, “Look at my cat!” A successful attack could do anything that the user can do in IconCMO – including adding users so that the attacker can get into your account.
  • Injection style attacks. This is when attackers of a system gain direct access to the back-end database by entering in database commands (malicious code) instead of the usual data through a text box on a website. This is one of the most common attacks on websites that are database driven and the chances of the person being caught is low compared to the high value of the information that can be taken.
  • Secondary attacks. It’s easy to think, “I don’t worry about people getting into account ‘x’ of mine online because I don’t have anything important there.” The trick is that a chain is only as strong as its weakest link. If an attacker found out your password to an insecure site, and you used that same password for your email account, chances are they now have access to your email, too. And, if they have your email, perhaps they could use a password reset to gain access to your online banking account. This is how they work their way up from the weakest link in the chain to the strongest link and most important – your online financial accounts.

While we have always taken data security very seriously since IconCMO was publicly released in 2003, technology is always changing. Icon Systems must ensure necessary precautions are taken each year to protect our clients’ most valuable asset – their data. We have been especially busy behind the scenes improving the security in IconCMO over the past several months.

We are happy to announce the 2013 data security changes.

For user experience we improved the following:

  • IconCMO will accept the login phone number formatted any way the user types it in, including special characters like dashes or parentheses. As long as the numbers, user ID and password are right, you can access your data. We ignore all special characters now.
  • We improved some inconsistencies with exporting data in various modules across the system when a user has Read Only Access.
  • We improved some of the messaging on the system’s screens that the users see if they have Read Only Access.
  • To ensure system continuity, the system will notify you when your system is 3 days from expiration. This helps to ensure the system does not expire on you over a typical weekend.

For overall system security we improved the following:

  • We improved the tracking of logging users that access the church’s database.
  • IconCMO has added a time delay if a set number of log-in attempts have failed, which deters attackers who can guess thousands of possible passwords every second.
  • We improved the storage of passwords by using a sophisticated algorithm. In the unlikely event someone gains unauthorized access to the database the hacker would not be able to decode the algorithm.
  • With the improvements of password storage even Icon Systems employees cannot determine a user’s password. If the user loses their password, the only way for them to recover it is to use the forgot my password link that is will automatically generate an email.
  • Important: Please keep your email address up to date on IconCMO in the Organization → Preference → Personal screen.
  • We improved the method in which your digital footprint is cleared from the server when you log out.
  • We improved the protection against CSRF-style attacks. (CSRF: Cross Site Request Forgery)
  • We improved IconCMO security protocols to prevent SQL injection type attacks.
  • All of these changes and many more are incorporated into the main IconCMO church software system, the support forum, the API’s for 3rd party add-ons, the parishioner’s module, and the multi-site church management systems. All of these improvements are in addition to our security protocols that are in place already which can be read here.

Below you will find some resources if you want to find out more about specific types of security attacks.

 

Trust and Terabytes

By Leave a Comment

At Icon Systems we value our clients’ trust. Churches trust us to ensure their data is secure, reliable, and always accessible.

We wanted to inform our clients that in 2013, we have replaced every server that the IconCMO application runs on for our clients. We have also replaced the servers for the blog and website.

All the servers that are in the current setup have a terabyte (TB) or more of data storage.

church management software server update
Note: this photo was taken by Ronnie Garcia. It is not a photo of actual Icon Systems servers.

Some fun facts to give everyone an idea of how much 1 TB is:

  1. 50,000 trees made into paper and printed is equal to 1 TB.

  2. Having 1,000 copies of the full edition of the Encyclopedia Britannica is equal to 1 TB.

  3. 1 TB can hold a million minutes of MP3 music.

  4. 1 TB can remember 8,000 times more data than the average human.

  5. Wikipedia’s raw data dump of the entire site on Jan 2010 was 5.87 TB’s.

  6. The first 20 years worth of observation by the Hubble Space Telescope amassed a little more than 45 TB’s of data.

  7. As of April 2011, the Library of Congress has collected about 235 TB’s of data total and adds about 5 TB’s per month.

Now that we have established that a TB is a lot of data, rest assured Icon Systems has numerous servers that make up the entire server architecture to house each clients’ data. This means our clients have at their disposal many TB’s of space to use on IconCMO.

In addition to the hardware updates, we also updated all the software that is used to create the reports, the servers’ operating system, and other programming tools to the latest version available. With these software updates for the report generation and other tools, our programmers will be able to deploy faster solutions on the system.

After all the software was updated, we migrated all of our clients’ databases to the new servers including the backups. Once we migrated the data and planned the roll over in the wee hours of the morning, it only took 10 minutes to physically switch out all the servers in the data warehouse!

Our commitment to our clients is paramount and with these improvements to IconCMO, we hope our clients know we are on their side.

Skeptics vs. Cynics: Web-Based Church Software Security

By 4 Comments

I subscribe to a newsletter called Great Work Provocations. Every weekday morning, I get an email with a short yet inspirational, thought-provoking message. This morning’s email brought me this little gem:

Invite the skeptics in. They’re desperate to be proven wrong. But avoid the cynics. They’ve already made their minds up.

Great Work Provocations

Reflecting on how I could apply this message to my work, I realized that I encounter this particular situation when talking to potential and existing customers about our software.

Skeptics

When a church evaluates church management software, typically at least one person in the church is skeptical of moving the church’s data to the cloud. And this isn’t necessarily a bad thing. When making a big decision such as this, it can be helpful to have someone who disagrees, or at least plays the part of devil’s advocate. If their objections can be rebutted, it reinforces the sense that the church is making a sound decision. On the other hand, if their doubts cannot be overcome, it can assist in identifying potential problems.

Cynics

I think the term “cynics” seems a bit harsh but I get the point; there are some people who say they will never use web-based church management software. We actually have a number of customers who are perfectly happy using Revelations, our desktop software. They have absolutely no plans to move to the cloud, and as we’ve said before, there is absolutely nothing wrong with that. If they are more comfortable using a Windows-based program, we won’t argue with them!

For those of you who are skeptical, yet open to the cloud

Here is an outline of the security precautions Icon Systems has implemented for its web-based church management software – IconCMO.

Encryption

Whenever you are working with IconCMO – from the point you log in to the time you exit – all information transferred from your computer to our servers is submitted via 256 bit SSL encryption. Icon Systems registers the certificates with GeoTrust for verification of a valid certificate with your browser. This means all information is sent from your computer to the servers over an encrypted connection.

Physical Server Security

The servers are placed in locked cabinets in a key card accessed building designed to house servers.

Application Servers

This may seem strange, but customers do not have the ability to save information to the database. They must submit the data to the Application servers. The Application servers review the data to verify it is acceptable and execute the necessary save. Only the Application servers can write to the Database servers. The firewall for the Application servers only allows connections on ports 80 and 443. 80 is the HTTP non-secure web port and 443 is the HTTPS secure SSL web port.

Database Security

All Database Servers are placed on a local network. The database servers do not have a defined route back to the outside world. The only servers that can view the database servers are the application servers. The database servers limit the application servers as to which ports they are allowed to access. Icon Systems does not disclose this communication process between the servers or the ports it uses.

Employees

All Icon Systems employees are required to sign a document specifying they will not access any customer databases unless the customer approves of them opening the database. Information viewed during this process is not discussed, except when resolving customer issues.

Information Security

Icon Systems is in the church software business; company policy states no information provided to us by a customer will be shared with or sold to another company or agency unless required by law or court order.

Power

All servers are connected to a UPS device and the servers always use battery power. If the power goes out, the changeover is seamless so there is no temporary power flicker. The UPS devices are capable of running up to twelve hours by themselves. A diesel generator will start running within five minutes of the initial power outage and has enough fuel to keep all systems running for seven full days.

Site Catastrophe

Nightly backups are created and sent over an encrypted SSL connection to a second fully operational hosting facility located in a different part of the country. This second site is currently set as a Read-Only server, but could be changed quickly to a Read-Write system in the unlikely event that a catastrophe destroys the current hosting site.

Note: this photo was taken by Ronnie Garcia, it is not a photo of actual Icon Systems servers.
Note: this photo was taken by Ronnie Garcia, these are not a the actual Icon Systems servers.

Hopefully this list gives you confidence in our company and peace of mind about the welfare of your data. Yes, moving your church to an online management system can be scary, but if done correctly, it can open up a whole new realm of possibilities.