Building Peace Together

Building Peace Together a Practical Resource

Quaker Council for European Affairs (QCEA) has produced a useful report with practical resources:

The visibility of violent conflict from all over the world in our daily digest of news and media creates a sense that violence – or the threat of violence – is ever-present, when in fact, it is peace that is the norm. Building Peace Together makes the case for peacebuilding and provides a myriad of tools that can be used by actors across the board.

Download a copy to read, which includes 40 tools and 80 examples of nonviolent peacebuilding, and then try out the resources suggested.

Who are QCEA?

The Quaker Council for European Affairs was founded in 1979 to bring a vision of peace, justice and equality to Europe and its institutions. QCEA advocates for nonviolent approaches to conflict resolution, the intrinsic equality of all people everywhere, and a sustainable way of life for everyone so that the one Earth we share can support us all.

You can find out more at their website: http://www.qcea.org/ They’ve just issued this year’s epistle where they say:

QCEA is working from a vision with specific goals to create change politically and culturally, focusing on the two main programmes of Human Rights and Peace. The reports on child immigration detention, and hate speech in online news comment sections bring ethical substance to debate within the EU. Work in quiet diplomacy, networking, coordinating with other organisations, and cultural activities make QCEA an important player in Brussels. The results of these activities are sometimes difficult to anticipate, but will resonate in the long-term.

I was sorry to see that they are working on a budget deficit at the moment, and hope their appeal for more funds to support this work will raise enough money for their work to continue.

Fire Alarm – Do Not Touch!

2018 03 fire alarm - do not touch

Photo taken by Dana Rancette, used with permission

Fire!

Fire is a serious risk. However, even if the equipment can be tempting to small people, I don’t recommend telling them taping the control panel shut, or posting signs telling people not to touch the fire alarm.

I suspect those intent on fiddling will ignore the sign. While you definitely don’t want to confuse someone in an emergency situation where they *should* sound the alarm.

Instead have regular fire alarm drills. Give training to your volunteers or employees. Suggest training for anyone else who use your building. You might be able to combine groups and provide training to everyone.

These combined with clear signage, plus the use of appropriate equipment coverings to prevent accidental usage or damage will mean fewer false alarms and give everyone involved more confidence that they know what they are doing if an emergency occurs.

You might also want to read:

http://mindfulbusinessservices.com/fire-alarm-during-meeting-for-worship/

http://mindfulbusinessservices.com/quaker-a-z-k-is-for-knowledge-know-how/

Quaker Leadership Course

2016-06-28 Woodbrooke labyrinthQuaker Leadership

How does leadership work in our non-hierarchical Society of Friends, and what does it mean to take a lead when working in relationship with others?

http://www.woodbrooke.org.uk/item/leadership-amongst-friends/

Details

Start Date: 23rd April 2018 12:00 am
End Date:13th May 2018 11:59 pm
Cost: £38.00
Delighted to see this – it will fit into my current exploration of leadership in a Quaker context, good to see more on line courses being offered which fit into so many people’s busy lives.

Christian Entrepreneurship

2018 03 11 tree branches b&wA&Q 1 and Christian Entrepreneurship

While I love Advice & Queries 1, “Take heed, dear Friends, to the promptings of love and truth in your hearts. Trust them as the leadings of God whose Light shows us our darkness and brings us to new life.” I had not previously considered it as business advice.

During last week’s Churches & Commerce conference, Richard Frazer, Minister Greyfriars Kirk Edinburgh, gave us some thoughts on approaches to a theology for entrepreneurs.

As a Quaker I try hard to remember that all things are equally sacred – work, play, rest, worship… So I was intrigued by Richard’s comments that he thought the first Apostle Andrew was also an entrepreneur in the way he handled his big opportunity (meeting Jesus) by recognising that:

  • it was an opportunity
  • he wasn’t the right person to handle this alone
  • he knew others who needed to be part of this opportunity

Andrew was humble enough to leave Jesus, and go fetch Simon Peter, but also continued to network and bring people he felt would be useful. Andrew found the boy with the loaves and fishes, for example. Of course he was also a fisherman, so would have been used to networking as part of running a small business. Dealing with clients who wanted to buy his fish as well as the others who worked in the family business, other fishermen, etc.

Money Making as Mission

Yesterday, during Meeting for Worship, ministry was shared about how a childhood prayer asking for ‘G*D’s guidance, love and protection‘, took on a new deeper meaning when the speaker twisted from ‘asking’ to ‘being ready to receive by standing in a place of gratitude for the blessings already received’.

This connected with my musings, over the last few days, about the difference between networks and business plans compared to G*D’s community & plans. A concept mirrored by the interconnectedness of the tree branches lining my view from the room.

I’m often asked how I can see running a business, making money, and working with clients to help them do likewise, as a mission. For me, it depends on where you start.

If you are rooted into a firm foundation of G*D’s love and truth, and are looking at these opportunities as ones where you can make a difference by creating or facilitating a profit, network, etc., that then allows you to work from a place of gratitude and thankfulness, with a quiet certainty that you are following the leadings of G*D for you.

This is very different viewpoint and attitude to one that is only in it for the profit, or personal gain, and leads to different choices. But it does require continual awareness and consideration of which state I’ve slipped into, and a regular drawing back to the centre where I can hear those quiet promptings.

HeartsEdge Conference: Churches & Commerce

HE Churches commerce flyer - finalI’m delighted to be speaking on Outsourcing, at the HeartsEdge Churches & Commerce conference.

It looks like an interesting day, Jonathan Evens explained, ‘The reason for organising this event is that many churches struggle to cover the costs of their buildings and the ministry needed in their area. Finding other sources of income in addition to congregational giving can help significantly and can also extend the church’s engagement in God’s mission. This event enables participants to hear from people for whom commercial activities, including social enterprises, are making a real difference, not only to their church finances but also to their wider mission. We hope that ‘Churches & Commerce’ will be a day for anyone interested in making churches sustainable in their mission.’

If you’re interested – contact Jonathan at the information above. Hope to see some of you there!

 

 

Generating Passwords

Hacking Password

Image used under Creative Commons license from https://www.cafecredit.com/

Your password is a vital piece of defence in the digital age. Or, more likely, passwords, since you probably have several. And choosing a strong password for every login you have is therefore very important.

The Problem

But often password generators give you a long and hard-to-type (not to mention impossible to remember!) string of characters. And the conventional advice of picking a word and then swapping out random characters for similar-looking numbers or symbols isn’t much better.

And then you’re told you’re meant to change your passwords regularly, so just as you’ve gotten one string of gobbledegook down it’s no longer valid!

To make it worse, these passwords aren’t actually that strong against a dedicated attempt to crack your password. Thankfully, there is an easier and simpler system you can use to have fairly easy to remember and easy to type, yet strong passwords.

The System:

Pick four random words which are 5-7 letters long. From a book, from this blog post, from your favourite quote of QF&P, it really doesn’t matter!

Make any two of them ALL CAPS.

Choose a random symbol from the following: -, +, :, or /, and put one between each word.

Pick four random numbers, and put two on each end.

Pick a random symbol from the following: !, ?, @, & and put it on each end.

You’re done! That’s your password. To demonstrate, I’ll make one right now.

An Example

My favourite Advices and Queries is 17. So, if I pick four random words, I might end up with “discern”, “listen”, “untrue”, and “hurtful”.

I’ll make the first and third caps. So, now I have “DISCERN listen UNTRUE hurtful”.

From the separators listed above, I’ll go with +. Now I have “DISCERN+listen+UNTRUE+hurtful”.

This is a quote from A&Q 17, which in my copy of QF&P is on page 19, so I’ll use 17 and 19 (these aren’t quite random numbers, but it’s weird enough that some mindless bot trying to guess your password are never going to think of them. Just don’t use something like your birthday or address). Now we have “17DISCERN+listen+UNTRUE+hurtful19”.

Finally, from the padding symbols listed above, I’ll go with !. That means my finished password is

!17DISCERN+listen+UNTRUE+hurtful19!

Sure, that’s a weird sentence, but it’s much easier to remember than something like “wK5Jj3$6”, and far, far stronger.

Have A Personal System

Here’s another tip – you can use the same caps pattern, separator and padding symbol for all your passwords. Just make sure you use different words and numbers for each one. Since everyone will (hopefully) pick a different combination, anyone who’s trying to crack your password won’t know what you went with.

So, having generated that password, it would then be even easier to make my next one. Let’s say I ended up with something like

!38INVOLVE+resist+DESIRE+seeming22!

See how, since I now have a system, I only have to remember which numbers and words are in my password? I know that the first and third words are the ones in caps, that the words are separated by +, and that the password is padded with !.

So, the only thing I have to remember is “involve resist desire seeming, from Advices and Queries 38, on page 22.” To make it even better, if I then wrote the above down and someone else found it – it wouldn’t tell them my password! They don’t know my system for padding out the password, only the unique parts of this one.

And because my system is consistent across my passwords, and is simple (“first and third, +, !.”) it’s very unlikely that I’ll forget it.

But the examples I gave above won’t show up in any list of the most common passwords (like “123456”, or “password”) and if you check the strength, you’ll find they are extremely strong against brute force attacks.

Online Resources

If you don’t want to generate your passwords manually, you can use this online tool:

https://xkpasswd.net/s/

And if you want to check how strong a password is against brute force attacks, as well as read a more in-depth explanation of why this type of password is stronger than the ones that are normally recommended, check here:

https://www.grc.com/haystack.htm

Using this calculator, I can see that to be sure of guessing “wK5Jj3$6” someone would have to check 6,704,780,954,517,120 potential passwords, while to be sure of guessing “!17DISCERN+listen+UNTRUE+hurtful19!” they would have to check a whopping 1,678,502,284,981,138,890,416,014,999,354,759,820,605,904,877,122,660,028,807,660,366,626,495 potential passwords!

Which, even with a ridiculously fast system, would take 5.34 billion trillion trillion trillion centuries! Somehow, I don’t see anyone spending that long trying to get into my email account. (If you’re curious, cracking “wK5Jj3$6” with the same system would take only 1.12 minutes – that’s how much difference having a longer password makes!)

Q&B Conference 2017 ‘Seek unity; uphold difference; find wholeness: Exploring decision-making through Quaker Business Method and other models’

The annual conference was held at Friends House, always a pleasure to spend time there.

The day was very full – with more workshops I wanted to attend than I could, which is always a good sign.

You can read the full minute and report on Q&B’s website: http://qandb.org/qbc17

Priming the Brain

My highlights were a workshop with Claire James from Pivotal Moment on Priming the Brain. Claire talked about the new discoveries in neural science are showing how people can consciously shape their thinking environment, and help them make better decisions.

Charity Governance and the Quaker Business Method

Shivaji Shiva from Anthony Collins Solicitors gave a good overview of Charity Governance and the Quaker Business Method. I’ve done several workshop/seminars exploring and explaining Governance, but it was good to have a specific workshop aimed at Quaker Charity Governance.

Including a quote: ‘Recognition of the fact that good charity governance is difficult to achieve is a useful first step.’ Something to keep in mind, as we struggle to be good trustees and committee members.

Lots of notes to work through – and hopefully a couple of blog posts to come.

General Data Protection Regulations or GDPR

Europe GDPR PD

Image from Flickr, used under Creative Commons license

GDPR – what is it?

The General Data Protection Regulations or GDPR, as it is commonly known, is an EU wide directive that came into law in 2016. You have until May 25th 2018 to be compliant.

It is a complete overhaul of the data protection regulations – and applies to charities as well as businesses.

From https://www.eugdpr.org/

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site.

For Quakers, Friends House staff have just produced some Data Safety guidance: http://quaker.org.uk/our-organisation/support-for-meetings/data-safety

The ICO has also produced a helpful introductory overview, and self assessment documentation.

I’m certain this is the beginning of a learning curve! I’ve booked several training sessions and webinars. Including one run by ACAT who are planning to run several across the UK, find out more at: https://www.acat.uk.com/gdpr.html

  • Did you know about GDPR?
  • Have you done any preparations?

Setting Up Your Organisation’s Email Part II

Knowledge Sharing by Ewa Rozkosz

Okay, in Part I we covered the concepts behind email, now it’s time for the…

Actions

Create an account for the organisation

This ensures that all the data that belongs to your organisation is under your control.

With the majority of communication taking place via email, the temptation will be to use the email addresses that the individuals involved already have.

Don’t do it!

It may be easier now, but when the role is handed over to someone else the data will almost certainly be lost. In addition, if the data is attached to an individual’s private account it legally belongs to them, not the organisation.

And if the relationship between the organisation and individual in question breaks down, you may as well kiss your data goodbye. Getting it back will almost certainly be very painful, and take more time, money, and lawyers than you have access to.

Services such as Google allow small organisations and charities to do this for free, (Google for Non-Profits) so make use of them. We do not advocate for Google, and other services exist. The choice of which suits you best will be dependent on your organisation & circumstances, but theirs is a good offering.

One reason for this is because they have a suite of integrated services included with the email, notably Google Drive, which lets you store all your data in an easier to use format than just having it in emails. This is something you should consider, and that I will be detailing in a later post.

Whether you use Google or not, sticking to a big-name provider reduces the risk of your service being lost without notice.

  • The administrator user name and password for the account should be available only to recognised office holders. An admin account lets you make whatever changes you want, so if someone who doesn’t know what they’re doing uses it they could do a lot of damage.
  • User names and passwords should be stored in such a way that they can be accessed by other office holders should the nominated person suddenly become unavailable. Shared cloud based password systems are useful for this and other reasons. A personal emergency should never leave your organisation unable to access its own account!
  • Name the account unambiguously. At this point you should seriously consider registering a domain name for your organisation, for the following reasons:
  1. It only costs a few pounds per year.
  2. Your email addresses are those of your organisation and not your service provider (yourorganisation.org.uk rather than yourorganisation.google.co.uk for example).
  3. If you choose to move your service provider you won’t have to change all your email addresses, avoiding the disruption that would entail.
  4. If you don’t do it people will assume that you’re too cheap, technically inept, or simply couldn’t be bothered, and that’s not a good look.
  • You can do this within Google as part of the sign-up process or with a separate domain registrar. Your preferred domain may already be taken so be prepared to try a few variations until you get one that’s available. Your will probably want a .org.uk domain as this signifies that you are a non-commercial organisation in the United Kingdom.

Create mailboxes for roles not individuals

  • For each role, create a mailbox and give the user name and password to the individual performing that role. For example, ‘Treasurer@domainname’ rather than ‘Bob_Example@domainname’. This means that when Bob moves on, you don’t have to create a whole new account or have their replacement constantly explain that they aren’t Bob.
  • Ensure that all electronic communication for a role is performed with that mailbox. Do not use personal accounts, and do not cross-contaminate roles (e.g., dealing with Clerk matters in the Treasurer account). This is especially important if you have someone with access to multiple accounts.
  • The first action performed by anyone taking over a mailbox should be to change the password, to ensure that only they can access it.
  • When setting up a mailbox for the first time, if individuals already have correspondence in their personal mailboxes (and you’re still on good terms) get them to forward the relevant email to the new mailbox.
  • If it becomes necessary to have an individual’s access removed from a mailbox, the account administrator can force a password reset. This should be done as soon as an individual ceases performing a role, as a routine matter of security.
  • On a regular basis (semi-annually or annually) who has access to each mailbox should be reviewed to ensure that it’s correct and up to date.

 

Setting Up Your Organisation’s Email Part I

Knowledge Sharing by Ewa Rozkosz

Introduction

So, you need to hand off some of the jobs within your organisation to others, potentially to volunteers within it or people who are paid to perform those tasks. It looks rather complicated, but is realistically a couple of hours work to set up for any small to medium sized organisation.

If your organisation lacks the skills to set these systems up then you should engage the services of a third party to do it for you. A fairly small outlay here can save you a lot of time, stress, and expense later.

Here are some concepts to get comfortable with before you begin, and definitions for the Actions suggestions I’ll be making in Part II.

Roles vs Individuals

The role is the task to be performed on behalf of the organisation (treasurer, clerk, etc), while the individual is the actual human being(s) performing that task.

Account vs Mailbox

The account is the container in which all the mailboxes are created. One account will have multiple mailboxes in it. Both the account and its contents belong to the organisation rather than to any individual.

The account also has technical roles associated with it. At a basic level those are mailbox administrators and mailbox users; the administrator (or ‘admin’) role creates and manages the mailboxes on behalf of the organisation, whereas mailbox users only have access to their own mailbox. Due to the security implications, only the most trusted individuals should be granted the administrator role.

It should be made clear to the role holders when they are appointed that the organisation owns the mailbox and all its contents, can and must be able to access it at any time, and that they cannot (and indeed should not) expect privacy. That’s what personal email accounts are for.

Domain vs Account

The domain is the label that is used for the account. Essentially it is the name that the internet uses to get your email to you – it’s the bit after the @ symbol for email and the www. for a website. So, our domain is mindfulbusinessservices.com. It can’t contain spaces or underscores. It’s common for the account and domain to have the same name, as this keeps things simpler, but they can be named differently.

You can choose to not have a domain but all your email addresses will end with the domain of your service provide (@gmail.com for instance). If you’re okay with that then you can skip setting up a domain. However it’s generally worth doing as it’s not a lot of hassle, makes your organisation look more professional, and if you choose to move to another service provider later your email addresses won’t change.

That’s the concepts covered, the nitty gritty is in Part II.