Protecting Your Members’ Information

Solidarity Sunday: Protecting Your Members' Information

"If you always do what you've always done, you'll always get what you've always got". One of my father's favorite aphorisms when I was growing up. And this one is true when it comes to most things in life, with one recent exception… if Pop were in our business of building websites and information management, he might say, "If you always do what you've always done, you're going to get spammed to death at the least, and at the worst someone is going to hijack your website and information systems and cripple your entire organization."

With the current situation in Ukraine, there has been much written about the possibility of Russian hackers trying to cause more and more havoc against organizations in countries who are participating in sanctions. Some Locals take this seriously and some don't, but all need to consider the state of internet security in 2022 and think through this process as a matter of course. Securing your information to the best of your ability is paramount. This point is exacerbated by unsecured devices by remote workers increases exposure for your network.

Information Technology expert Conrad Sanders puts it this way, "With ransomware and phishing scams running as rampant as they are, I would hate to be the individual standing in a court of law having to explain why I didn't have the proper security measures in place to protect my members data from being exploited."

Trend Micro says it like this. "There are roughly 1.8 billion websites. More than 56% of Content Management System (CMS) installations are out of date and hence susceptible to compromise. Vulnerable CMS components play into attackers' hands. These loopholes are lucrative soil for unauthorized access, data theft, and malicious scripts."

Here are a couple of areas you should think about as it relates to your Local and responsible information management:

WEBSITE: Make sure your website is built on a triple redundant, super-secure platform with an up-to-date SSL certificate. If your site has "not secure" in the top left corner by your URL, you need to address this immediately.

Not only are you vulnerable from a security standpoint, Google and other search engines will penalize you from a search engine results perspective, making it more difficult for people to find you in search results. Furthermore, from an organizing and recruiting perspective, people are far less likely to fill out forms on an unsecure website. The search engines have customers too, namely me and you, and they are going to serve up sites that are secure over sites that are not. Just a quick diagnostic on several Locals near our area reveals issues that may need to be addressed.

EMAIL: Are you or any of your staff using Gmail, Yahoo, or another third-party web-based email service to communicate with your members, vendors, or other business associates? And when is the last time you checked your system for vulnerabilities? Not just anti-virus software. Firewalls, cloud backup, endpoint security and emailing from within your own domain is paramount in protecting against security breaches.

In closing, to modify another aphorism... When it comes to security, "an ounce of prevention is worth ten thousand pounds of cure."