The Challenge
One of the SF Bay Area’s leading philanthropies distributes more than $40 million in grants each year to organizations that support education, the arts, civic institutions, and the Jewish community. To better support this intense level of activity, Xantrion worked in partnership with the foundation’s three-member senior leadership team and six staff members to move from paper-based processes and on-site servers to digital workflows on cloud-based services.
Prior to the migration, the foundation’s cybersecurity was insufficient, leaving key systems vulnerable. Staffers were able to choose weak passwords and were not required to test them for strength, change them frequently, or use a second form of authentication for additional protection. The staff also wasn’t trained to identify phishing emails and had no process for handling suspicious emails, which increased the risk of a compromised password.
The foundation also needed more reliable, powerful network functionality and technology tools. It stored files on an on-site server that could only be accessed remotely by VPN; the server required continual onsite maintenance and the VPN broke frequently. In addition, the office was equipped with desktop computers. The foundation owned only one laptop, which the entire team shared for business travel.
Foundation leadership knew that change was necessary. In conversation with Xantrion, it worked out a proactive plan for protecting both its funds and its grantees from experiencing a potentially disastrous data breach.
The Solution
“The Foundation has worked with Xantrion for many years, and had been talking with them about moving to cloud-based systems, but the transition couldn’t happen overnight,” says the foundation’s CFO. “Xantrion helped lay out the steps we would need to take to prepare for the shift and was a partner through the implementation.”
The top priority was to make the foundation’s infrastructure more secure. First, it migrated all systems to the cloud, from email to accounting and grants management systems and electronic funds transfers. Xantrion further protects key systems by auditing them regularly to ensure they work together securely and seamlessly.
Next, it strengthened the security of employee logins by implementing Microsoft Azure Password Protection, which requires staffers to change their passwords frequently and doesn’t let them choose passwords that are associated with the foundation’s work. To help employees generate and manage their passwords easily and securely, it also deployed LastPass, a Xantrion-recommended application that generates and stores random passwords. Multifactor authentication using the Authenticator App adds another layer of protection by verifying staffers’ identities before allowing them to log in.
To further facilitate secure remote work and deliver a critical boost to productivity and flexibility, the foundation also upgraded its hardware. Xantrion retired the foundation’s desktop computers, replacing them with laptops encrypted with Bitlocker to protect against data loss and theft. The foundation also budgeted to upgrade its laptops every three to four years to ensure that the operating system can always run the most current security software. Foundation-owned laptops also help maintain the line between professional and personal device use.
Cybersecurity works best when employees are knowledgeable about their part in protecting sensitive information and funds. As a result, Xantrion provides quarterly cybersecurity training to teach employees how to identify and report phishing attempts and conducts random test phishing to determine who needs further training.
Finally, Xantrion provides consultative advice to the foundation on cyber liability insurance coverage, risk exposure, and insurer’s requirements. “We assess annually to ensure we are taking every preventive security measure available, and Xantrion is able to offer thoughtful advice and solutions,” the CFO says.
The Outcome
After almost three years of preparation and implementation, almost all of the foundation’s work is now paperless and far more secure. Employees work in the cloud, where access to the foundation’s systems is password-protected and all documents are stored using Microsoft SharePoint. The finance team is able to transfer grant payments directly to grantees’ accounts instead of cutting paper checks, which is more efficient and secure. As a result, grantees can receive funding in days instead of weeks and the foundation can almost immediately identify and mitigate potential problems, from incomplete paperwork to transaction errors, which protects sensitive financial and grantee information.
Outsourcing its entire technology infrastructure, including security, to Xantrion also enabled the foundation to transition seamlessly to remote work during the COVID-19 pandemic without worrying about cybersecurity and network access.
“We are fortunate to have the relationship with Xantrion as our office transitioned to a fully remote workforce during the pandemic. The cloud-based infrastructure and security monitoring available enabled our employees to focus on what mattered: making grants and taking care of our grantees,” the CFO concludes. “Even as we transition back to the office, I expect us to continue to be more efficient and more secure with Xantrion handling our IT remotely.”