Novi AMS

During this roundtable, we shared best practices on data security, and customers shared lessons learned and steps they take at their organizations to keep their data secure. 

Access Control - limit access as much as possible 

<a href="http://help.noviams.com/en/articles/5011383-creating-online-directories-in-novi#h_e30f1ca254" target="_blank">Directory visibility settings</a> and the <a href="http://help.noviams.com/en/articles/1637761-member-directory-contact-form" target="_blank">Member Directory Contact form</a> can help deter spammers from trying to harvest your members emails

- <a href="http://help.noviams.com/en/articles/5011383-creating-online-directories-in-novi#h_e30f1ca254" target="_blank">Directory visibility settings</a> and the <a href="http://help.noviams.com/en/articles/1637761-member-directory-contact-form" target="_blank">Member Directory Contact form</a> can help deter spammers from trying to harvest your members emails

<a href="http://help.noviams.com/en/articles/4711315-managing-association-admins" target="_blank">Managing Association Admins</a> - A Novi admin, short for administrator, is any individual that has some level of access and editing privileges to your Novi database and/or website.

- <a href="http://help.noviams.com/en/articles/4711315-managing-association-admins" target="_blank">Managing Association Admins</a> - A Novi admin, short for administrator, is any individual that has some level of access and editing privileges to your Novi database and/or website.

See Also: <a href="http://help.noviams.com/en/articles/2423770-cheat-sheet-member-directory-privacy-and-data-protection" target="_blank">Member Directory Privacy and Data Protection</a>

Keep an eye out for spam accounts by regularly checking the <a href="http://help.noviams.com/en/articles/511269-recent-signups-list" target="_blank">Recent Signups</a> list to check that those signing up and/or creating accounts look legitimate

<a href="http://help.noviams.com/en/articles/1987897-require-approval-for-new-memberships" target="_blank">Requiring Approval for New Memberships</a> so that new members can't get access to membership benefits (such as the directory or locked down content) until they have been approved

- Keep an eye out for spam accounts by regularly checking the <a href="http://help.noviams.com/en/articles/511269-recent-signups-list" target="_blank">Recent Signups</a> list to check that those signing up and/or creating accounts look legitimate 
- <a href="http://help.noviams.com/en/articles/1987897-require-approval-for-new-memberships" target="_blank">Requiring Approval for New Memberships</a> so that new members can't get access to membership benefits (such as the directory or locked down content) until they have been approved

Don't re-use passwords or share accounts! 

Train and test your staff on how to spot phishing attempts

Voice verify anything that might look suspicious with the sender - call the person and ask if the message is legitimate.

- Example: an email that looks like it's coming from a known contact, asking to update personal information or send money

- Don't keep data you don't need!

- Use strong passwords
 
- Don't re-use passwords or share accounts! 
 - Tip: Use a Password Manager
 
- Use multi-factor authentication 
 
- Train and test your staff on how to spot phishing attempts
 
- Voice verify anything that might look suspicious with the sender - call the person and ask if the message is legitimate. 
 - Example: an email that looks like it's coming from a known contact, asking to update personal information or send money
 
- Data Governance Policy
 - Don't keep data you don't need!

- What to do if you (or someone at your organization) does click on a phishing attempt link, for example? Who is the person to contact on staff to notify first? Who at your IT provider do you need to reach out to?

- Have an Incident Response Plan 
 - What to do if you (or someone at your organization) does click on a phishing attempt link, for example? Who is the person to contact on staff to notify first? Who at your IT provider do you need to reach out to?

Cyber insurance - consider adding this if you don't already have it

- Cyber insurance - consider adding this if you don't already have it

Extend your internal best practices to anyone with access to your systems (volunteers, committees, board members)

- Include volunteers in security training

Consider bringing a data security specialist to your conference or education classes 

- Consider bringing a data security specialist to your conference or education classes 

Educate your members on the look/feel of official correspondence

- Educate your members on the look/feel of official correspondence

See Also: <a href="http://help.noviams.com/en/articles/2423770-cheat-sheet-member-directory-privacy-and-data-protection" target="_blank">Member Directory Privacy and Data Protection</a>

Tips:

Novi Security (What can you do?)

Internal (Association Staff) Security

Volunteer/Member Security