DDoS "“ distributed denial of service. Even a few years ago that phrase was relatively obscure, known mostly to computer security experts, programmers, and those who were technically-minded. To the rest of us, it was just another acronym.
Now, you may regularly hear about DDoS attacks and other cybersecurity threats over your morning cup of coffee. Even alarming stories about stolen logins, passwords, addresses, and credit card information have become commonplace.
These days, rarely does a week go by without news of another major cybersecurity threat or cyberattack. These attacks can be devastating, knocking your site offline or pilfering information. And, like everyone else online, your organization is vulnerable.
Fortunately, there is some good news. While you can't build an impenetrable wall around your website, you can reduce your organization's risk by taking the right steps to protect yourself.
This article is going to talk about some of the security tools you can use to protect your business or association. It's by no means an exhaustive list of the security measures you may want to consider, but it will get you off to a good start on improving your organization's cybersecurity position.
Software updates for your enterprise systems, desktop software, and web-based vendors are critical. Not only do they often bring new functionality to your system, they also incorporate the latest information on cyber threats and security measures to keep your organization protected. You should keep all your business and association software systems updated.
Some organizations can be reluctant to update their mission-critical applications for fear of the unknown (what if this breaks something that we need?) but it's important to perform updates regardless. What starts as justifiable concern can lead to paralysis. Then you can end up with a mission-critical program that has not received updates in years. That in turn leaves you more vulnerable to cyberattacks and hackers know it.
Every organization needs to have a regularly scheduled process in place to update all their computers so they have the latest security measures. This includes servers and the many software applications (especially the mission-critical applications) that are used daily.
What to Look for in Your Software
Updates shouldn't be something you have to think about regularly. Instead, your software providers, including your association management software vendor, CRM provider, and other business software vendors, should automatically incorporate regular updates. These updates should come at no extra cost to you and encompass both the servers and applications underpinning your software.
If you purchase out-of-the-box software, you'll also get the benefit of crowdsourcing. If one of your software vendor's customers notices a potential flaw or security issue, they'll fix the problem for all their customers.
Pro Tip: Don't stop at regular updates. Your association or business software should also have the flexibility and speed to deal with crisis situations when necessary. For example, if critical software exploits are found, your provider should be able to issue an update within hours.
The Transport Layer Security is a cryptographic protocol that is used to protect privacy and data over web connections like those made in your internet browser. With TLS, two connecting computers agree on a code that scrambles messages. Only the two computers in the connection know the code, meaning that any hackers who try to break in to the connection cannot get any useful information. You can easily recognize a TLS website as one starting with https instead of http.
In many cases, TLS replaces the Secure Sockets Layer (SSL), an earlier system that encrypts the information passing between a web server and a browser. SSL is often referred to as TLS's predecessor. It was pushed to the front of everyone's mind after a series of announcements about its vulnerabilities earlier this year. Those vulnerabilities contributed to calls for minimum security standards.
By using TLS, you're providing an added layer of security to make sure that no one (aside from you and your customers or members) is watching what you do. It also gives your end users an additional level of comfort because they know that you take securing their data seriously. And, as yet another benefit, Google provides a ranking boost to TLS sites, so your organization's SEO will improve.
What to Look for in Your Software
The software you choose to run your website and your member or customer portal should have the ability to turn your site into a "secure" site with the same domain name. What this means is that all your pages and content would be accessible through TLS via a URL such as this: https://my.domain.org. Some people might refer to this as providing an SSL certificate.
You already know you should use a different, complex password on each site you need to log in to. For those sites which have information critical to your organization, you may want to consider adding two-factor authentication.
Two-factor authentication requires not only a password, but a password combined with additional proof of your right to access the site or information.
Two-factor authentication can be implemented in many ways and is most commonly used for access to sensitive information. Typically, when someone who has been designated to require 2FA logs in for the first time, the user will receive an email with a code which they need to enter into your site. Until they enter the code, the user will not be allowed to proceed past login. However, after your user has entered the code a token can be set that lets your site remember the device used for access. The second authentication will not be required on that device again for another 14 days.
What to Look for in Your Software
Ask your current software provider if they support 2FA. If not, ask about 2FA before you renew your contract or purchase a new software system. The best business and association management software providers will give you the option to implement 2FA and won't have a problem with answering your questions. Many of these providers even make 2FA optional, so you disregard it or turn it on only for certain groups of people. For instance, many organizations require 2FA for administrators, but not end users.
New cybersecurity components are being developed daily to help minimize the constantly-evolving security issues facing organizations. Software updates, TLS, and 2FA represent just a small fraction of those.
The best way to protect your organization is to stay up to date on the latest threats and developments. Constantly monitor the security landscape so you can proactively address security issues and insist on a software vendor that does the same. The best vendors will be committed to regularly releasing product improvements that add cybersecurity elements, addressing new issues as they arise.