During this roundtable, we shared best practices on data security, and customers shared lessons learned and steps they take at their organizations to keep their data secure.

Tips:

Novi Security (What can you do?)

Have a layered approach!

Access Control - limit access as much as possible

  • Managing Association Admins - A Novi admin, short for administrator, is any individual that has some level of access and editing privileges to your Novi database and/or website.

See Also: Member Directory Privacy and Data Protection

Approval Queues

  • Keep an eye out for spam accounts by regularly checking the Recent Signups list to check that those signing up and/or creating accounts look legitimate

  • Requiring Approval for New Memberships so that new members can't get access to membership benefits (such as the directory or locked down content) until they have been approved

Internal (Association Staff) Security

  • Use strong passwords

  • Don't re-use passwords or share accounts!

    • Tip: Use a Password Manager

  • Use multi-factor authentication

  • Train and test your staff on how to spot phishing attempts

  • Voice verify anything that might look suspicious with the sender - call the person and ask if the message is legitimate.

    • Example: an email that looks like it's coming from a known contact, asking to update personal information or send money

  • Data Governance Policy

    • Don't keep data you don't need!

  • Have an Incident Response Plan

    • What to do if you (or someone at your organization) does click on a phishing attempt link, for example? Who is the person to contact on staff to notify first? Who at your IT provider do you need to reach out to?

  • Cyber insurance - consider adding this if you don't already have it

Volunteer/Member Security

Extend your internal best practices to anyone with access to your systems (volunteers, committees, board members)

  • Include volunteers in security training

  • Consider bringing a data security specialist to your conference or education classes

  • Educate your members on the look/feel of official correspondence

See Also:
Member Directory Privacy and Data Protection

Did this answer your question?