Data Security. It's all the rage. More accurately, rage is what happens when it happens to organizations. You can't go more than a week or two without a news headline popping up about how some large entity has been hacked and 3 million people had their personal information stolen.
Unfortunately, the threat will continue to grow, both in sophistication and number of occurrences. As associations and non-profits, we need to ensure that security is at the forefront of our minds. It's often said, "It's not if, but when..." With that in mind, I thought I would share just a handful of tips that can help you and your organization deter would-be security breaches. This list is by no means complete, so feel free to add other tips in the comments section.
1.) Follow the guidance of website hosts, software developers, and IT service providers. Sometimes, organizations may not have the financing or internal knowledge needed to construct a sturdy defense, or whatever...But in today's connected environment, it is all too easy for would-be hackers to find gaps in security. Security needs to have an appropriate budget and commitment from the entire organization, not just IT.
2.) Be sure that your staff members (and sometimes, volunteers) are aware of the security policies you have in place. If you don't have a security policy in place, put one in place. Don't forget to enforce simple things like having team members lock their computer screens at the end of the day or while on long breaks, ensuring staff has passcodes on their personal devices (if they use them for work), limiting or controlling access to servers, and the like.
3.) When visiting a website, look for a padlock or other indication that the site is secure. Another way to tell is if the URL in the address bar starts with HTTPS. Google Chrome has recently rolled out its "Secure" or "Not Secure" labeling. Bottom line, If a site is not secure, use caution when filling out forms or logging into a members only area. Never submit personal data or credit card information into non-secure sites.
4.) At conferences, be sure to log in to the official Wi-Fi network. It is fairly easy to spoof a network name. For example, if your conference's network is "ACMEConference" it is possible for someone to set up another network called "ACMEConference-Guests" that can then link to false versions of websites where hackers can collect your information.
5.) Be on the lookout for "Social Engineering Hacking." This type of hack is when a would-be intruder uses a variety of public sources to build a story about why they need information. For example, they may look up details on a staff member's social media profile, or the company website, or by calling and pretending to be a colleague. All this is in the hopes of getting to information that is private. Phishing falls into this category. For more info, Google "Social Engineering Hacking" or "Social Hacking"
6.) Get an annual security audit from a qualified expert. This audit can help you identify weak points in your infrastructure or processes. If the price is not considered affordable, see tip number one!
Bonus Tip: Save the Date of Thursday, September 13th as we will be hosting a noon-time webinar entitled "
Your Cyber-Security Playbook: An Easy to Follow Guide on What You Need to Do..."