Tag: implementation

Nonprofit professionals are used to wearing many hats and having a wide variety of responsibilities. With so much going it can sometimes be hard to keep track of big projects that have multiple milestones along the way.

This is where project management comes in. With the right approach, nonprofit teams and external vendors can partner to achieve greatness. From redesigning a website to migrating content to launching a new fundraising tool or campaign, it’s all about incremental progress, realistic expectations, and organization. Here are a few project management tips to keep things running smoothly.

Define goals


If you can’t define a project’s goals, you’re basically saying it’s getting done just because. Whether it’s a short-term goal, like raising a certain amount of money or launching a microsite, or a longer-term goal like reaching a whole new audience to expand your donor base, trackable goals help you and your stakeholders know why you’re doing all the work. Having a clear end-point to the project helps make the case to funders and supporters because defining the end result will help justify the spend.

A goal also serves as the end of the road and gives you a result: Otherwise you could keep building and adding without knowing what you’re working toward. A clearly defined goal keeps everyone on the same page and limits distraction.

Pro-tip: As you work toward a solution, new ideas and issues will pop up along the way. Create a parking lot list where you can store these off-topic issues until there’s time to devote to them.

Establish a RACI chart

RACI stands for Responsible, Accountable, Consulted, and Informed. This chart helps define roles and ensures that nothing falls through the cracks. Project managers can use this method to assign tasks and review milestones.

A RACI chart is especially useful for nonprofits that have multiple layers of stakeholders. There might be a team in-house, third party vendors, an executive board, and a board of directors: RACI charts organize everything, so the multi-layer approval process doesn’t set you back. You can assign different tasks to different parties, all while keeping the big picture in mind. Project managers need to keep everyone in the appropriate lane from the beginning of the project—a RACI chart can help sustain this order.

Pro-tip: If this method isn’t something your team is used to, don’t give up right away. People need to feel comfortable and as a project manager you can set the example by regularly referring to your RACI chart (and reminding others to do so as well) until it becomes second nature.

Set regular check-ins

Regular meetings with your team about your project help eliminate surprises. You’ll know what each individual has accomplished, if you need to adjust budgets or schedules, and what questions are popping up.

It’s also critical to get your internal team in order prior to meeting with external vendors. A call with your consultants should not be a meet-and-greet: It should be productive and efficient. You should come to these check-ins knowing where everyone is and what you’re aiming to get out of the meeting. Make sure someone is taking and saving meeting notes and that you leave each call with a clear idea of what’s next.

Pro-tip: As much as possible, keep your check-ins regularly scheduled on the same day of the week at the same time. A predictable pattern is easier to plan around than one that’s constantly in flux.

Track your budget weekly

Most budgets change over time: You might decide you don’t need one item originally planned for because you want to dedicate the time and money to something else. Whether you’re using project management software or spreadsheets, make sure these changes are accounted for often.

Staying on top of a project budget also eliminates surprises. You don’t want to run out of money, or discover a surplus, at the end of a project. We suggest tracking spending on a weekly basis and doing full budget reports monthly. Especially if you have a retainer-type agreement where you’re meeting several small goals, it’s helpful to know how long certain tasks take and how much they cost so you can properly allot for future steps.

Pro-tip: Budgets should never be a secret and should be talked about openly with everyone on the team. They’re a large part of the project and an important measure of success.

Set incremental goals

No large project is going to happen in one step, so project managers need to equip their teams with timelines that have multiple deliverables along the way. This way team members can block space on their calendars and contribute their parts of bigger tasks.

For example, if you’re developing new content for a website, you don’t want to set just the final due date. Instead you should assign each page or section, and set an editorial process, so it’s clear when first, second, and final drafts are due, and who needs to review and approve each one. Because different groups will be involved in different stages, setting a timeline will also help give you the clearest possible picture about when you can realistically expect your project to be completed.

Pro-tip: Setting goals along the way also gives you an opportunity to celebrate progress. Your team is working hard. Take the time to acknowledge a completed task, even if it’s only one small part of the big picture.

Whether you decide to use all of these tips, or a just one or two, it’s important to strike the right balance of preparedness and flexibility. Come to the first meeting ready to put your tools into action, but also listen to and learn from your team as the project unfolds. No project will go from start to finish without a few hiccups along the way, but these suggestions should push things in the right direction.

 

Deepen your project management skills with NTEN’s online course, Project Management Fundamentals.

Contrary to what most database vendors will tell you, picking a CRM is the least important part of being successful at tracking how your participants engage with your organization. The three key aspects of CRM success have more to do with organizational planning and staffing than they do with technology. All of them take investment of time and energy at all levels of your organization.

1. Culture of database use

What this looks like:

  • Staff across the organization understand the role of data in their work and to the organization overall.
  • Staff across the organization know how to use the database appropriately for their role.
  • Agreed-upon information is collected consistently and entered promptly, including changes to contact information and resolution of duplicate records.
  • When someone needs contact information or a report on the latest event attendance numbers, they go to the CRM—not to their Outlook or to their team member’s spreadsheet.
  • Problems are reported as they arise and resolved on a reasonable timeline.

2. Strong data strategy

What this looks like:

  • Our desired outcomes are driving data collection and analysis and not the other way around.
  • Clear communication on what is being collected and why.
  • There is a reason behind every piece of data collection.

3. Solid implementation

What this looks like:

  • Fields and other data structures exist to capture everything called for by the strategy.
  • The searches and reports called for by the strategy are available.
  • Processes for data entry, reporting, and updating are not experienced as frustrating or overly onerous by staff.

How to cultivate all three

Here are the most important practices that I have seen lead to success with CRMs; together, they address all three key facets in an interlocking way.

Assess your needs early and often

  • As a first step in change of data tools or features, ask the right questions:
  • What do we need to know about the people and organizations who participate in our programs in order to do this work?
  • What are the activities that our CRM needs to support?
  • What information is currently missing that would transform our work if we had it?
  • What information do we need to support daily tasks or to provide to our partners, members, donors, funders, and other stakeholders?

Make the time

  • Make sure that all data management duties (tracking problems and new feature requests, training staff and maintaining documentation, designing clear processes) are assigned to someone in the organization. This work can be shared among more than one person, though if the work is spread out, it is helpful to have a single point person who is in charge of coordination. Make it official: put it in job descriptions and workplans, and ensure that the time is truly available.
  • Include data entry and other related responsibilities appropriately in all job descriptions and workplans of all those who are expected to use the CRM.
  • Set clear and consistent expectations for data entry (backed up by workplanning).
  • Promote accountability with regular attention to database practices and outcomes in supervisory check-ins.
  • Make time at staff or team meetings to discuss database challenges, wish list items, and ideas. This is a great venue to discuss how any changes to program work should be reflected in the database/result in changes to it.

Support the database

  • Have a clear feedback loop for staff to report bugs and problems, and a plan in place for how they will be fixed; this can be as simple as a spreadsheet or as complex as a help desk staffed by a vendor or consultant.
  • Have a clear feedback loop to ensure that the database stays up to date as organizational work changes. Make sure that all staff know to talk to the database manager about changes to work that is tracked in the database.
  • Have a budget for support for and changes to the database, and a decision-making structure for how the money gets allocated if there are competing priorities.

Support your people

  • Train on both strategy and implementation—in the right order for your organization. Consider current organizational needs and challenges, along with what skills and expertise already exist on your staff. Some organizations need strategy first, and some need implementation first. There is no one-size-fits-all training plan.
  • Establish clear protocols for what needs to be entered, and document them, so that everyone knows what to collect and where to put it.
  • Include role-specific task training in all new staff orientations and make this training available to existing staff as a refresher.
  • Identify coworkers who are power users or both interested in and enthusiastic about the database as peer champions: enlist them to cheerlead for the importance of the database and to offer their support to others by answering questions and providing quick task-based demos on the fly as needed. (And be sure to recognize and plan for the impact this will have on their time by including it in their workplan!)
  • Provide training on any new features and practices.

Document wisely

  • Rely on standard user manual resources produced by the software vendor or community for documentation of basic operations; don’t spend time documenting simple things that are already in a user guide that someone else has made.
  • Document the workflows, processes, custom fields, and other elements of database use that are specific to your organization.
  • End-user documentation should be brief, task-based, and visually driven.

Watch out for these common pitfalls

When people revert to using spreadsheets or other tools to store information that belongs in the CRM, or put off database tasks in favor of things that may be more urgent but are less important, it undermines the viability of your CRM as a complete picture of organizational activity. Be proactive about troubleshooting and intervening as necessary. The solution will depend on the problem, but questions to ask include: Is training adequate? Does the CRM process need to be redesigned for greater efficiency? Does more time for database activities need to be built into workplans?

  • Be realistic about your organizational capacity. If a data collection or reporting process sounds like it would be too time consuming for staff, it probably is.
  • Don’t expect immediate results. CRMs can make your organization’s work easier, more efficient, and more effective—but making changes to the way you work is hard, and can make everyday tasks take longer until everyone is adjusted.
  • Software marketing materials often carry the message  “[name of software] will do [work you want done].” Remember that this is not exactly true: Software is a tool for humans to use while they do the work.

Always remember these basic truths

  • Database use is not about technology; it is about work practices and human habits.
  • No software is perfect. Any choice of tool requires tradeoffs. Even the best database is frustrating sometimes. Understanding this will make the inevitable struggles less painful.
  • Databases take time, energy, and money to use and manage well; the more complex the system, the more time, energy, and money it takes. Be realistic about what your organization can take on.
  • Not every organization needs or can handle a CRM. If you don’t have the capacity to maintain a CRM, a few well-chosen, carefully designed, and consistently updated spreadsheets can be a better choice.

In 2016-2017, a Washington, DC–based nonprofit with a staff of about 40 and a 3.5 million-dollar budget undertook a redesign process to convert a ColdFusion website into a content management system with a custom mobile-responsive theme.

To make sure the finished results worked, the website team made strong efforts in:

  1. understanding the overall needs of the website,
  2. involving staff in specifying their own needs,
  3. determining content types,
  4. thinking in terms of lists,
  5. testing against assumptions,
  6. creating reporting mechanisms, and
  7. wireframing/building/testing/refining,

Feedback loops were built in to the ongoing process in order to course correct and gain early constructive criticism from internal stakeholders.

Tip #1: Understand overall needs

The team tasked with pre-planning the redesign process undertook a review of existing web pages and reached consensus that content belonged under different lenses, programs, campaigns, and actions.

The team identified the organization’s theory of change, current audience, new website objectives, comparables, desired functions, specified revenue models, and desired budget and timeline, and circulated this information via an RFP.

Example A. Website RFP Top 10 List

Better storytelling -> Optimized content -> Engages more people -> More social change -> Greater financial support -> Fulfills our mission.

Top 10 must-have list (goals for the site):

  1. Increased email sign ups, social engagement, and activists
  2. New donors: the website needs to encourage people to sign up as donors with attractive donation pages
  3. Stay on budget. We are open to creative work share solutions
  4. Clarity and Simplicity: needs to give visitors a clear sense of Green America’s work
  5. Attractiveness: A clean look, beautiful storytelling, and responsive design
  6. Flexibility: we do lots of stuff. Our ability to adapt has always been our secret weapon. Our website needs to be flexible to handle our diverse content and programs
  7. Ease of Use on the backend: we will have many editors with various technical expertise (the ability to update the website frequently is essential)
  8. Integration of all our channels and platforms: Daughter Sites, Blogs, Social, Digital Publications, Apps, SALSA (action CRM), Raiser’s Edge (fundraising CRM), Charity Engine (donation pages)
  9. Authentic product/sponsorship placement
  10. Visual Story: Telling our stories in a visually compelling manner to better engage audiences and increase shares of our materials

Takeaway #1: What to do

During pre-planning, convene individuals across different teams to construct a shared model for content. Aim for transparency around budget, timeline, and requirements for the website.

Tip #2: Involve staff in identifying their own needs

By mapping out content across major areas, staff better clarified their understanding of how content fit into lenses, programs, and/or campaigns. A pilot content management system allowed staff to test their assumptions against real data.

Example B. Early model of content hierarchy and structure

Team members continuously articulated how content fit into the proposed data architecture. For example:

Lens Program Campaign Focus Area Action Issue Topic
Food GMO Inside

Good Food for people and planet

Starbucks

No GE Wheat

Organic

Say no to GMOs

Climate

Factory Farms

Pesticides

Tell congress to stop trading our food stystems.

Tell congress to reject TPP

Tell Kraft to Remove GMOs from Miracle Whip

Tell Starbucks to go organic

Let Mars know you say no to GMOs

Tell American What Growers Association no GE Wheat

Soil not Oil

GMOs a case for Precaution
Don’t have a Cow

21 foods to always buy organic

An external design firm worked with staff to sketch out user personas, delve into content relationships, formalize roles and permissions, and determine the initial menu.

Example C. Sample site map content

Food Climate Labor Finance
Fight GMOs Fight Dirty Energy Ending Child Labor Save for Yourself and a Better World (banking)
Beyond Organic Invest in Clean Energy Ending Smartphone Sweatshops Divest from Fossil Fuels, Invest in Clean Energy
Fair Labor Better Paper Ending Sweatshops in Supply Chains

Finding Fair Alternatives

Green your Money/ Finances (investing)
Take Action:____ Take Action:____ Take Action:____ Take Action:____

Takeaway #2: What to do

Allow multiple opportunities for individuals to voice concerns, update assumptions, and validate the model against live data.

Tip #3: Determine content types

Content types evolved whenever staff identified a long bulleted list of the same type of content. For example, blog posts, media mentions, events, staff listings, job descriptions, magazines, press releases, and business listings all converted to “content types.”

Required fields emerged from discussions about content types. For example:

  • Media Mention = Title, Website link, Image, Byline, Body text
  • Business listing = Organization Name, Categories, Website link, Image, Address, City, State, Zip, Body text

Example D. Sample content type for a blog post

This is an example of blog fields:

Field About the Field
Blog Post Type Multiple choice, multiple answer, choose from categories)
Body Long formatted text
Display Image Image upload allowing for pngs, jpgs, or gifs
Business Network Recommendations References a list of all available businesses in a related directory
Relevant Lens Multiple choice, multiple answer, choose from a list of available lenses
Relevant Program Multiple choice, multiple answer, choose from a list of available programs
Relevant Campaign Multiple choice, multiple answer, choose from a list of available campaigns
Tags Free tags in keyword style

Certain fields existed across content types. For example, the “Relevant Lens” field attached to campaigns, programs, actions, victories, and press releases.

Takeaway #3: What to do

Create fields for each type of content. Identify fields to repurpose across content types.

Tip #4: Think in terms of lists: referencing entities and normalizing data

Certain fields became standardized and used across multiple content types. For example, almost all content types require an image field, so content types used a “Display Image” field.

As another example, blog posts, media mentions, programs, campaigns, and actions all used the same “Relevant Lens” field to reference available lenses.

As a final example, blog posts, articles, and green living pieces used the same “Relevant Program” and “Relevant Campaign” fields as reference fields. The list of all available programs or campaigns continuously updates upon the addition of new programs or new campaigns.

The idea of “entity referencing” allows users to continually grow and easily make changes, because any list of referenced content is always “up-to-date.”

Normalizing means an edit to a specific piece of content perpetuates through all instances where that piece displays. By using normalization, categorization of items, and entity referencing, it became easier and easier for any privileged user to make changes sitewide.

Example E. Data normalization samples

5 Most Recent Blog Posts: On a blog post, a list of the 5 most recent blog posts displays on the bottom of every page, in descending chronological order (most recent first). Any new blog post auto-adds to the list. Any edit to the title updates in all instances.

Fruit List: A fruit list begins with apples, oranges, blueberries, and bananas. Additions like blackberries, peaches, plums, nectarines, mangoes, strawberries, and papayas automatically display on the “Fruit List.”

Fruit List Categories: Categorizations on fruit include “Citrus” or “Berries.” Additions such as “Stonefruit” automatically update, such that a categorized list might read:

  • Berries: blackberries, blueberries, strawberries
  • Citrus: lemons, limes, oranges
  • Stonefruit: nectarines, peaches, plums
  • Tropical: mangoes, papayas
  • Not Yet Categorized: apples, bananas, starfruit

Takeaway #4: What to Do

If an “edit” button makes sense next to every item in a list, convert that list to a content type: most useful for items such as blog posts, press releases, events, staff listings, directory listings, and similar content.

Tip #5: Test against assumptions

During the buildout, question if the articulated data structure matches staff needs. By taking time to find and correct incomplete/faulty assumptions about content relationships, all stakeholders better understand the final product.

As an example, a “Magazine Issue” offers the ability to choose from a list of available “magazine articles” in order to display “featured articles.” A “Lens” offers a display of “relevant pieces.” In one case, our team mistakenly focused on “parent” relationships for content, and based on feedback, turned that into focusing on “child” relationships.

Example F. Choosing relevant pieces on a lens

A “Climate” lens shows a green living piece “Cut Your Carbon at Home” and a blog post “Add Socially Responsible Investments to Your Workplace’s Retirement Plan.” On any lens, the “entity reference” field helps specify relevant pieces, in their desired display order.

Takeaway #5: What to Do

Course correction takes time. Identify, test, review, and go back to the drawing board based on feedback from editorial and program staff. Large projects require flexibility to address initial incorrect assumptions.

Tip #6: Create reporting mechanisms

Reports help staff understand the website content better. Report-building benefits when customized to the specific type of user requesting that report. Early beta versions help identify gaps and allow the user to continuously access, understand, and download available data in order to make suggestions.

In an iterative buildout, the technology team benefits from early feedback. Conversely, an administrator or executive reviewing a prototype report better understands what is available to them and makes more informed requests about new fields and filters.

Technology teams who engage with end users by requesting, correcting, and fine-tuning build more relevant and useful reports.

Example G. Sample administrative reports

  • Recently Updated: a list of all recently created or updated content
  • All Green Living Pieces: a list of tips on green living
  • All Press Releases: a list of all generated press releases
  • All Blog Posts: a list of all blog posts
  • All Lenses: a list of all major areas of work
  • All Programs: a list of all available programs, sorted by lens
  • All Campaigns: a list of all available campaigns, sorted by program and lens
  • All Victories: a list of success stories
  • All Staff: a list of all people who are staff members, consultants, and interns

Takeaway #6: What to Do

Reports help users understand the existing information. Create a new report for each content type and fine-tune as needed.

Tip #7: Wireframe, build, test, and refine

Prepare to be exhilarated, challenged, rewarded, and exhausted by the minimum viable product process. Technologists build digital tools twice: once in the mind, and second in reality. Prototypes help with the process of getting feedback across internal stakeholders. Drawings, mockups, and paper versions all assist teammates in understanding the proposed redesign architecture.

Build in a refinement period into the website redesign schedule so there is time to clarify and details that weren’t addressed the first time around.

Example H. Mindmap about Homepage

Mindmap about Homepage includes a Box called Enter, with arrows coming out that display Lenses: Food Lens, Finance Lens, Climate Lens, and Labor Lens. Other arrows go to five other sections. 1: Current Program Highlights, which leads to Relevant Programs and Relevant Campaigns. 2: Current Campaign Highlights, which leads to Relevant Campaigns and Relevant Actions. Relevant actions continues to Salsa Action (third party). 3: Current Action Highlights, which leads to Relevant Actions and All Pieces. 4: Piece Highlights, which leads to All Pieces and Focus Areas. 5: Sign up for E-news. 6: Donate (third party embed)

Image: Member Landing Mockup

This is a Balsamiq-generated mockup image to help the team understand different pieces for the member landing. It includes a main block with three tabs called My Biz Listing, My Coupons, and My Ads. There is a second block underneath called Members-Only Documents. On the left sidebar is a list of Announcements. Inside the My Biz Listing tab is four bolded field labels and text as follows: 1st line - Title: My Green Business Listing. 2nd line - Date Updated: 2017 January 7, Description. 3rd line - Description: lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do ejusmod tempor incididunt ut labore et dolore magna aliqua. 4th line - Categories: Children, Pets, Clothing. 5th line: (edit this listing).

Takeaway #7: What to Do

Tools such as Balsamiq, LucidChart, and Invision assist stakeholders in gaining clarity around mental models: use them liberally. Your platform never really reaches completion, so build in time post-launch to continuously improve.

Conclusion

Technology professionals create effective tools to champion positive social, environmental, economic, and political change. By integrating feedback loops early and often, these tools spread the message, educate the populace, gain support for the cause, and make a positive difference.

Back in 2012, we implemented an organization-wide password manager here at NTEN, finally replacing our comically insecure “Shared Passwords” document, and the all-too-common practice of reusing the same password across a variety of different sites.

The idea of using a password manager had been on our radar for several months, but we had any number of excuses for why “now” wasn’t the right time:

  • We’ve never had issues with our “Shared Password” document to this point.
  • No hacker wants access to our accounts as a small nonprofit, so “admin” is a fine password to keep using everywhere.
  • There are a lot of reports saying password managers themselves can be insecure.
  • We already have too many systems, so I don’t want to force staff to learn yet another one.
  • We’re too busy right now, so maybe we can implement this next year.

While some of these ideas may have contained grains of truth (e.g. password managers aren’t a perfect defense), they all quickly fell flat once we’d experienced the time-saving and security benefits of using a password manager.

Five years later, it’s not exaggerating to say this change may be the most significant stress-reducing and time-saving policy I’ve ever put in place at NTEN since I started working here more than 10 years ago.

Step 1: Make the decision

If you’re not part of the leadership team, you’ll need to convince someone who is to help you champion this project. Figure out who that person will be, and make sure they’re on board.

Step 2: Pick the right password manager

Security experts can’t agree on which password manager is the “best,” so as a non-security expert I’m in no position to help you with that decision. That said, as long as you pick a tool that’s well established, well reviewed, and has a history of being transparent and quickly fixing any security holes, you can’t really make a bad choice.

The other thing that will help is figuring out any must-have features that may be unique to certain tools. Your budget may be another factor depending on your needs. Many of the most popular tools do offer free versions, but proper implementation for your nonprofit may require a paid Pro or Enterprise license.

Here are a few features I wouldn’t have known to look for initially, but have proved quite valuable over the years:

  • Ability for the administrator to:
    • set specific security policies to meet your org’s needs (e.g. password length, multi-factor authentication, remember me settings)
    • take over a user’s account and remove access to shared passwords when an employee leaves
    • reset a user’s master password if needed
  • Shared folders or security groups to easily manage who can access specific shared accounts
  • Ability for staff to link a personal account to the organization’s account to improve workflow, but without mixing personal data with the organization’s data (since once staff see the benefits at work, they’ll likely want to start managing their personal accounts the same way).

Step 3: Create an implementation plan

Once you’ve decided on a tool, the next step is to create a plan for launching this tool across your organization. This is where having the champion you found in Step 1 will be helpful.

You’ll need a detailed implementation plan that documents the on-boarding process for users, organization-specific policies for how to use the tool, a migration plan to bring all your existing accounts into the tool, and finally, a plan to purge all your old, insecure passwords and replace them with secure, unique passwords.

Testing out the tool yourself is a great help in creating this plan. While you should make it as detailed and complete as possible, keep in mind that it’s a first draft and will almost certainly require substantial revisions after the next step.

Step 4: Do a trial implementation with a small team

There’s no quicker way to sour your co-workers on a new system than a poorly delivered implementation. If a new tool adds to their stress or workload, as soon as you turn your back, they’re going to stop using it and go back to what they know.

To avoid this potential landmine during NTEN’s implementation, I chose a small group of trusted staff members to help test out my plan prior to the big launch. This exercise helped me identify and fix several incomplete or rocky patches in my plan. Perhaps more importantly, it also created a committed group of converted staff that were able to help answer questions and train other staff later.

Step 5: Launch it to the whole organization

Now that you have your revised and improved plan in place, along with a small team of staff eager to see this new tool implemented, you’re ready for the official launch. There are sure to still be unanticipated bumps in the road, but as long as you have the right people on board and have carved out the time to make sure everyone is trained effectively, your coworkers should quickly start seeing the benefits of the new tool.

This is where all the work you’ve done is rewarded, often with glowing smiles and relieved sighs emanating across the office as users realize the burden of remembering countless passwords has been lifted, and that their accounts are actually going to be significantly more secure.

Step 6: Provide continued training and improvement

Bask in the joy of accomplishment for a few minutes, but then get back to work. While it may seem like everything is safe, easy, and wonderful after implementation, it’s critical you don’t become indifferent to the risks that still exist. In reality your users are all going to have different levels of adoption, and your organization is only as safe as your least secure user.

To combat this, most password management services have tools you can use to monitor how secure each user’s account is (e.g. master password strength, reused passwords, multi-factor authentication usage), so you can use those to identify and follow up with any users who seem to be falling behind the curve.

You’ll also need to keep your policies up to date to match new needs or discovered security risks, and offer routine refresher trainings to staff. For example, I’m pondering removing the mandatory password change requirement from our policy and replacing it with mandatory multi-factor authentication. And don’t forget to keep staff trained about related risks like phishing and baiting.

Conclusion

If you’ve read this far, but still haven’t made the decision to implement a password management system for your organization, please make that decision now.

Seriously though, whenever I read a “password best practices” type of article and their first piece of advice isn’t to use a password manager (which surprisingly is the majority of them), I cringe a little for anyone who’s still attempting to follow all those oft-repeated rules on their own (such as using a passphrase, changing your passwords every 30/60/90 days, or using a combination of letters, numbers, and symbols).

Those rules all still make sense of course, but in 2017—when we all have hundreds of different accounts across the internet—it’s impossible for any mere mortal to actually follow all those rules to the letter without a password manager.