Christian Entrepreneurship

2018 03 11 tree branches b&wA&Q 1 and Christian Entrepreneurship

While I love Advice & Queries 1, “Take heed, dear Friends, to the promptings of love and truth in your hearts. Trust them as the leadings of God whose Light shows us our darkness and brings us to new life.” I had not previously considered it as business advice.

During last week’s Churches & Commerce conference, Richard Frazer, Minister Greyfriars Kirk Edinburgh, gave us some thoughts on approaches to a theology for entrepreneurs.

As a Quaker I try hard to remember that all things are equally sacred – work, play, rest, worship… So I was intrigued by Richard’s comments that he thought the first Apostle Andrew was also an entrepreneur in the way he handled his big opportunity (meeting Jesus) by recognising that:

  • it was an opportunity
  • he wasn’t the right person to handle this alone
  • he knew others who needed to be part of this opportunity

Andrew was humble enough to leave Jesus, and go fetch Simon Peter, but also continued to network and bring people he felt would be useful. Andrew found the boy with the loaves and fishes, for example. Of course he was also a fisherman, so would have been used to networking as part of running a small business. Dealing with clients who wanted to buy his fish as well as the others who worked in the family business, other fishermen, etc.

Money Making as Mission

Yesterday, during Meeting for Worship, ministry was shared about how a childhood prayer asking for ‘G*D’s guidance, love and protection‘, took on a new deeper meaning when the speaker twisted from ‘asking’ to ‘being ready to receive by standing in a place of gratitude for the blessings already received’.

This connected with my musings, over the last few days, about the difference between networks and business plans compared to G*D’s community & plans. A concept mirrored by the interconnectedness of the tree branches lining my view from the room.

I’m often asked how I can see running a business, making money, and working with clients to help them do likewise, as a mission. For me, it depends on where you start.

If you are rooted into a firm foundation of G*D’s love and truth, and are looking at these opportunities as ones where you can make a difference by creating or facilitating a profit, network, etc., that then allows you to work from a place of gratitude and thankfulness, with a quiet certainty that you are following the leadings of G*D for you.

This is very different viewpoint and attitude to one that is only in it for the profit, or personal gain, and leads to different choices. But it does require continual awareness and consideration of which state I’ve slipped into, and a regular drawing back to the centre where I can hear those quiet promptings.

HeartsEdge Conference: Churches & Commerce

HE Churches commerce flyer - finalI’m delighted to be speaking on Outsourcing, at the HeartsEdge Churches & Commerce conference.

It looks like an interesting day, Jonathan Evens explained, ‘The reason for organising this event is that many churches struggle to cover the costs of their buildings and the ministry needed in their area. Finding other sources of income in addition to congregational giving can help significantly and can also extend the church’s engagement in God’s mission. This event enables participants to hear from people for whom commercial activities, including social enterprises, are making a real difference, not only to their church finances but also to their wider mission. We hope that ‘Churches & Commerce’ will be a day for anyone interested in making churches sustainable in their mission.’

If you’re interested – contact Jonathan at the information above. Hope to see some of you there!



Generating Passwords

Hacking Password

Image used under Creative Commons license from

Your password is a vital piece of defence in the digital age. Or, more likely, passwords, since you probably have several. And choosing a strong password for every login you have is therefore very important.

The Problem

But often password generators give you a long and hard-to-type (not to mention impossible to remember!) string of characters. And the conventional advice of picking a word and then swapping out random characters for similar-looking numbers or symbols isn’t much better.

And then you’re told you’re meant to change your passwords regularly, so just as you’ve gotten one string of gobbledegook down it’s no longer valid!

To make it worse, these passwords aren’t actually that strong against a dedicated attempt to crack your password. Thankfully, there is an easier and simpler system you can use to have fairly easy to remember and easy to type, yet strong passwords.

The System:

Pick four random words which are 5-7 letters long. From a book, from this blog post, from your favourite quote of QF&P, it really doesn’t matter!

Make any two of them ALL CAPS.

Choose a random symbol from the following: -, +, :, or /, and put one between each word.

Pick four random numbers, and put two on each end.

Pick a random symbol from the following: !, ?, @, & and put it on each end.

You’re done! That’s your password. To demonstrate, I’ll make one right now.

An Example

My favourite Advices and Queries is 17. So, if I pick four random words, I might end up with “discern”, “listen”, “untrue”, and “hurtful”.

I’ll make the first and third caps. So, now I have “DISCERN listen UNTRUE hurtful”.

From the separators listed above, I’ll go with +. Now I have “DISCERN+listen+UNTRUE+hurtful”.

This is a quote from A&Q 17, which in my copy of QF&P is on page 19, so I’ll use 17 and 19 (these aren’t quite random numbers, but it’s weird enough that some mindless bot trying to guess your password are never going to think of them. Just don’t use something like your birthday or address). Now we have “17DISCERN+listen+UNTRUE+hurtful19”.

Finally, from the padding symbols listed above, I’ll go with !. That means my finished password is


Sure, that’s a weird sentence, but it’s much easier to remember than something like “wK5Jj3$6”, and far, far stronger.

Have A Personal System

Here’s another tip – you can use the same caps pattern, separator and padding symbol for all your passwords. Just make sure you use different words and numbers for each one. Since everyone will (hopefully) pick a different combination, anyone who’s trying to crack your password won’t know what you went with.

So, having generated that password, it would then be even easier to make my next one. Let’s say I ended up with something like


See how, since I now have a system, I only have to remember which numbers and words are in my password? I know that the first and third words are the ones in caps, that the words are separated by +, and that the password is padded with !.

So, the only thing I have to remember is “involve resist desire seeming, from Advices and Queries 38, on page 22.” To make it even better, if I then wrote the above down and someone else found it – it wouldn’t tell them my password! They don’t know my system for padding out the password, only the unique parts of this one.

And because my system is consistent across my passwords, and is simple (“first and third, +, !.”) it’s very unlikely that I’ll forget it.

But the examples I gave above won’t show up in any list of the most common passwords (like “123456”, or “password”) and if you check the strength, you’ll find they are extremely strong against brute force attacks.

Online Resources

If you don’t want to generate your passwords manually, you can use this online tool:

And if you want to check how strong a password is against brute force attacks, as well as read a more in-depth explanation of why this type of password is stronger than the ones that are normally recommended, check here:

Using this calculator, I can see that to be sure of guessing “wK5Jj3$6” someone would have to check 6,704,780,954,517,120 potential passwords, while to be sure of guessing “!17DISCERN+listen+UNTRUE+hurtful19!” they would have to check a whopping 1,678,502,284,981,138,890,416,014,999,354,759,820,605,904,877,122,660,028,807,660,366,626,495 potential passwords!

Which, even with a ridiculously fast system, would take 5.34 billion trillion trillion trillion centuries! Somehow, I don’t see anyone spending that long trying to get into my email account. (If you’re curious, cracking “wK5Jj3$6” with the same system would take only 1.12 minutes – that’s how much difference having a longer password makes!)

Q&B Conference 2017 ‘Seek unity; uphold difference; find wholeness: Exploring decision-making through Quaker Business Method and other models’

The annual conference was held at Friends House, always a pleasure to spend time there.

The day was very full – with more workshops I wanted to attend than I could, which is always a good sign.

You can read the full minute and report on Q&B’s website:

Priming the Brain

My highlights were a workshop with Claire James from Pivotal Moment on Priming the Brain. Claire talked about the new discoveries in neural science are showing how people can consciously shape their thinking environment, and help them make better decisions.

Charity Governance and the Quaker Business Method

Shivaji Shiva from Anthony Collins Solicitors gave a good overview of Charity Governance and the Quaker Business Method. I’ve done several workshop/seminars exploring and explaining Governance, but it was good to have a specific workshop aimed at Quaker Charity Governance.

Including a quote: ‘Recognition of the fact that good charity governance is difficult to achieve is a useful first step.’ Something to keep in mind, as we struggle to be good trustees and committee members.

Lots of notes to work through – and hopefully a couple of blog posts to come.

General Data Protection Regulations or GDPR

Europe GDPR PD

Image from Flickr, used under Creative Commons license

GDPR – what is it?

The General Data Protection Regulations or GDPR, as it is commonly known, is an EU wide directive that came into law in 2016. You have until May 25th 2018 to be compliant.

It is a complete overhaul of the data protection regulations – and applies to charities as well a businesses.


The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site.

For Quakers, Friends House staff have just produced some Data Safety guidance:

The ICO has also produced a helpful introductory overview, and self assessment documentation.

I’m certain this is the beginning of a learning curve! I’ve booked several training sessions and webinars. Including one run by ACAT who are planning to run several across the UK, find out more at:

  • Did you know about GDPR?
  • Have you done any preparations?

Setting Up Your Organisation’s Email Part II

Knowledge Sharing by Ewa Rozkosz

Okay, in Part I we covered the concepts behind email, now it’s time for the…


Create an account for the organisation

This ensures that all the data that belongs to your organisation is under your control.

With the majority of communication taking place via email, the temptation will be to use the email addresses that the individuals involved already have.

Don’t do it!

It may be easier now, but when the role is handed over to someone else the data will almost certainly be lost. In addition, if the data is attached to an individual’s private account it legally belongs to them, not the organisation.

And if the relationship between the organisation and individual in question breaks down, you may as well kiss your data goodbye. Getting it back will almost certainly be very painful, and take more time, money, and lawyers than you have access to.

Services such as Google allow small organisations and charities to do this for free, (Google for Non-Profits) so make use of them. We do not advocate for Google, and other services exist. The choice of which suits you best will be dependent on your organisation & circumstances, but theirs is a good offering.

One reason for this is because they have a suite of integrated services included with the email, notably Google Drive, which lets you store all your data in an easier to use format than just having it in emails. This is something you should consider, and that I will be detailing in a later post.

Whether you use Google or not, sticking to a big-name provider reduces the risk of your service being lost without notice.

  • The administrator user name and password for the account should be available only to recognised office holders. An admin account lets you make whatever changes you want, so if someone who doesn’t know what they’re doing uses it they could do a lot of damage.
  • User names and passwords should be stored in such a way that they can be accessed by other office holders should the nominated person suddenly become unavailable. Shared cloud based password systems are useful for this and other reasons. A personal emergency should never leave your organisation unable to access its own account!
  • Name the account unambiguously. At this point you should seriously consider registering a domain name for your organisation, for the following reasons:
  1. It only costs a few pounds per year.
  2. Your email addresses are those of your organisation and not your service provider ( rather than for example).
  3. If you choose to move your service provider you won’t have to change all your email addresses, avoiding the disruption that would entail.
  4. If you don’t do it people will assume that you’re too cheap, technically inept, or simply couldn’t be bothered, and that’s not a good look.
  • You can do this within Google as part of the sign-up process or with a separate domain registrar. Your preferred domain may already be taken so be prepared to try a few variations until you get one that’s available. Your will probably want a domain as this signifies that you are a non-commercial organisation in the United Kingdom.

Create mailboxes for roles not individuals

  • For each role, create a mailbox and give the user name and password to the individual performing that role. For example, ‘Treasurer@domainname’ rather than ‘Bob_Example@domainname’. This means that when Bob moves on, you don’t have to create a whole new account or have their replacement constantly explain that they aren’t Bob.
  • Ensure that all electronic communication for a role is performed with that mailbox. Do not use personal accounts, and do not cross-contaminate roles (e.g., dealing with Clerk matters in the Treasurer account). This is especially important if you have someone with access to multiple accounts.
  • The first action performed by anyone taking over a mailbox should be to change the password, to ensure that only they can access it.
  • When setting up a mailbox for the first time, if individuals already have correspondence in their personal mailboxes (and you’re still on good terms) get them to forward the relevant email to the new mailbox.
  • If it becomes necessary to have an individual’s access removed from a mailbox, the account administrator can force a password reset. This should be done as soon as an individual ceases performing a role, as a routine matter of security.
  • On a regular basis (semi-annually or annually) who has access to each mailbox should be reviewed to ensure that it’s correct and up to date.


Setting Up Your Organisation’s Email Part I

Knowledge Sharing by Ewa Rozkosz


So, you need to hand off some of the jobs within your organisation to others, potentially to volunteers within it or people who are paid to perform those tasks. It looks rather complicated, but is realistically a couple of hours work to set up for any small to medium sized organisation.

If your organisation lacks the skills to set these systems up then you should engage the services of a third party to do it for you. A fairly small outlay here can save you a lot of time, stress, and expense later.

Here are some concepts to get comfortable with before you begin, and definitions for the Actions suggestions I’ll be making in Part II.

Roles vs Individuals

The role is the task to be performed on behalf of the organisation (treasurer, clerk, etc), while the individual is the actual human being(s) performing that task.

Account vs Mailbox

The account is the container in which all the mailboxes are created. One account will have multiple mailboxes in it. Both the account and its contents belong to the organisation rather than to any individual.

The account also has technical roles associated with it. At a basic level those are mailbox administrators and mailbox users; the administrator (or ‘admin’) role creates and manages the mailboxes on behalf of the organisation, whereas mailbox users only have access to their own mailbox. Due to the security implications, only the most trusted individuals should be granted the administrator role.

It should be made clear to the role holders when they are appointed that the organisation owns the mailbox and all its contents, can and must be able to access it at any time, and that they cannot (and indeed should not) expect privacy. That’s what personal email accounts are for.

Domain vs Account

The domain is the label that is used for the account. Essentially it is the name that the internet uses to get your email to you – it’s the bit after the @ symbol for email and the www. for a website. So, our domain is It can’t contain spaces or underscores. It’s common for the account and domain to have the same name, as this keeps things simpler, but they can be named differently.

You can choose to not have a domain but all your email addresses will end with the domain of your service provide ( for instance). If you’re okay with that then you can skip setting up a domain. However it’s generally worth doing as it’s not a lot of hassle, makes your organisation look more professional, and if you choose to move to another service provider later your email addresses won’t change.

That’s the concepts covered, the nitty gritty is in Part II.

Providing Guest WiFi At Your Premises

Knowledge Sharing by Ewa Rozkosz

So you need to provide guest WiFi at your premises and don’t where to start? Then you’re in the right place! I can’t give you chapter and verse, but there are the things that you’ll need to consider:

The Legalise

Your organisation is legally liable for the traffic that originates from your WiFi network – the good and the bad. To protect yourself from the bad you’ll need to have your users sign an Acceptable Use Policy (AUP). The AUP is your organisation’s way of absolving itself from any blame for bad traffic that users of your premises may generate and the easiest way to get them to sign it is to include it in the terms of the contract you have with them.

There are many use policy templates around the internet for you to copy (like here) but I’m no lawyer so I can’t tell you how watertight they are. If you’ve got one in place you’ve at least shown willing and in any legal proceeding that will probably go a long way to protecting your organisation.

If you charge for WiFi access you’re obliged to provide it, while if it’s complimentary a best endeavours approach will be acceptable (in other words, if it’s down you can get away with it for longer).

The Money

This will cost you to provide, it doesn’t come free. There will an initial set-up cost for the provision of your line and the purchase of any necessary network equipment (and additional installation) and then a monthly running cost. Research the packages available to you, and decide how much you’re willing to pay and which extras you want enough to pay extra for (we give some suggestions of what to keep in mind further down the post).

The concept to keep in mind is Total Cost of Ownership (TCO). This is a standard business idea along the lines of ‘buying cheap three times costs more than buying expensive once, so lower cost is rarely better value’.

The Internet

The first step is to provide the connection from your premises to the internet. A large part of the pricing is how much data you can consume at a time – a lot of users simultaneously downloading videos will use more bandwidth than a few users browsing text, so the number of users and what they use your network for will dictate how much data you need.

The numbers to look for here are Kilobits per second (Kb/s), or Megabits per second (Mb/s), depending on how fast the available services are.

Then there is the amount of data you can download over a given time frame, usually expressed as Gigabytes per month. If you hit this limit within that time frame you either have to pay a top up charge or wait until the next charging period – neither of these are good. If you can afford to go for an unlimited plan from the get go then you avoid this hassle, so it’s generally worth a few pounds a month extra.

Next is the Service Level Agreement (SLA). This details (amongst other things) how quickly you’ll have your service back when it fails on the provider’s end, domestic connections generally having a longer time to repair than a business connection.

If your users view having internet access as being critical, you may want to go for a business rated connection. While these cost more, they also tend to have better service agreements and will get back online faster.

The WiFi

The last step is to provision the wireless network within your premises. If it’s a small area then the router that supplies your internet bandwidth may already do this and you’re all set – lucky you!

For a larger building or one with thick brick, concrete or stone walls it’s a bit more complicated. You’ll need Access Points (APs) for the users’ devices to connect to, perhaps one per room, and these will need to connect back to the internet router, usually via cables which you’ll need to have installed.

In this instance your best bet is to go to a professional outfit. It’ll likely be the most expensive part of the installation, but is a one off cost and is worth doing properly to give as long and trouble free a service life as possible. Badly installed equipment costs more to keep working over its service life than properly installed equipment, so once again, cheaper isn’t always better.

For your users to access the WiFi you’ll need to give them two details, namely the SSID and password. The SSID is the network name which will show up on the device menu when your users go to connect. You’ll want something clear, like ‘(Meeting Name) WiFi’, so they know they’re connecting to you and not someone else by mistake.

The WiFi password should be:

  • Secure. You want a phrase of at least four words, preferably random – see this post for more in-depth advice on choosing a password.
  • Changed regularly – at least monthly. Once your password leaks beyond your user base (and it will) your neighbours WILL steal your bandwidth – I’ve watched it happen. The only way to stop this is to change it often enough that they can’t keep up.
  • Distributed to your users. Ensure that you have a consistent means of informing your users what the current password is. You can do this on site, such as on a notice board (try to make sure it’s somewhere only users will see, such as the kitchen), or distribute it via a mailing list or newletter, either paper or digital.
  • Encrypted with WPA2 encryption to prevent it from being cracked; WEP and WPA are very weak and won’t offer you much protection.

The Maintenance

Provision of internet is seen more and more as an essential rather than optional feature, so it’s worth having systems in place to deal with any issues as quickly as possible. You don’t want your users to frequently struggle with the network being down – if coffee houses lose custom over it, so can you.

All the components listed above are complicated beasts and when they go wrong (note that’s when, not if) you’ll need access to someone who knows what they’re doing to get it working again.

If you engaged a company to install the network in the first place they may well offer this service, and would have the advantage of knowing your network already so they won’t have to figure it out in the middle of a fault. Otherwise, you may have to engage a seperate professional.

Either way, have things arranged ahead of time to minimise the delay between the issue being reported and resolved. You don’t want to have to be scrabbling around comparing quotes and reviews while you have an actual issue on your hands.

Consider the service level agreements here as well; shorter repair times may be worth paying extra for if you know that your users will be relying heavily on your network and it not being available for a week would cause problems.

Don’t sign up for terms longer than a year unless you’re very comfortable with the company or they offer a large discount. If they know you’ve got four years left before you can exit a contract you may not get as good a quality of service as you would with only six months left, for example.

Like all other technologies, wireless networking is continuously improving, so you can expect the access points to have a maximum service life of 3-5 years. Domestic grade access points will be cheaper to buy but not last anywhere near as long, and require more labour to manage, so will have a higher total cost.

Properly installed cabling, on the other hand, will have a life of at least 15-20 years and need very little maintenance.

Digital Organization: Let the calendar do the remembering…

2013 10 11 Fri calendar

Calendars are useful – except when the synchronization fails,
although I like the idea of the day above.

Meeting Houses are often run by volunteers. But even if you are a paid member of staff – usually you are fitting managing the maintenance of the building around other more immediate aspects of the work, and it can be hard to ensure nothing slips through the organisational net.

Using a calendar as a planning tool

One way to avoid this happening, is to use a calendar for your reminders.

Create a list of regular to-dos, enter them onto your calendar and (if digital) have a reminder emailed to you. Not only for the task ‘clear gutters’, but for the preparation – ‘get quote’, ‘tell Premises clearing gutters is due’, ‘book window cleaner for gutters’.

If you use a paper calendar you can do a similar thing. But will need to remember to look at the calendar to be reminded, and store the ‘next xxx date’ on a piece of paper added into the back.

You can add in one off tasks as well of course, but the repeating function means you don’t have to wonder when the next PA Testing or roof inspection is due. A quick search and the calendar will tell you, even if that is a couple of years in the future.

Other Benefits

If you use the calendar attached to the generic email, (and hopefully shared booking calendar), that forward planning isn’t lost when the role passes to the next holder.

Share your calendars, so other people can see those reminders as well. This sharing enables you to spread out tasks and responsibilities. Or at least the awareness that these tasks are being dealt with by you.

Creating a Record

When work is done, add a note on the date to create a record.

Search within the calendar for ‘inspection’ or ‘building tour’ and print off the results. This gives an easy report for records – especially useful for Annual or Quinquennial reports.

Once a year’s worth of reminders/work has been completed, why not print off a copy to go in the front of the Minutes book as a visual reminder of the work that will be coming up?

  • What methods do you use to spread out the work, and ensure regular maintenance jobs aren’t forgotten?

You might find these posts useful:

Digital Diaries & Documents

Generic Email Addresses or How to Prevent Memory Loss

K is for Knowledge & Know How

Flowers in Meeting for Worship

2014 09 28 new meeting

  • Do you have flowers or books on a table in the middle of Meeting for Worship?
  • If you do – what books and who chooses them?
  • Have you worshipped outside?

All of these questions and more are being asked by Peter Duckworth who is coming to the end of a two year Equipping For Ministry (EFM) Course at Woodbrooke Quaker Study Centre. During the course he has developed an interest in the motivations for use of flowers and books in Meeting for Worship. Many Friends are deeply attached to the practice though it is a relatively recent innovation, one not generally used by American Friends and alien to the practice of early Quakers.

As part of his EFM Project, Peter was prompted to find out more about how widespread the practice is and what the experience and understanding of Friends might be. He has developed a short ‘flowers in meeting survey‘ which he asks for Friends to complete – it won’t take long and each answer helps to give a fuller picture.

My current meeting meets in rented accommodation and doesn’t tend to have flowers; many people don’t have a garden to plunder or come by bike. I haven’t noticed any difference in how I settle or worship without flowers – but do enjoy them when they appear.