As the tactics of malicious actors continue to evolve, Novi builds stronger security measures to fight back. At this roundtable, we discussed how association leadership can best leverage Novi's features to protect member data.

Quick Links


Key takeaways from the roundtable:

The Future of Multi-factor Authentication (MFA)

  • In the coming months, Novi will make multi-factor authentication required for all admin accounts. Keep an eye out for communication regarding this transition!

  • Multi-factor authentication is critical to keeping bad actors out of your database. It essentially forces you to confirm your identity on at least two devices or platforms.

  • You may experience pushback from your team about requiring MFA. When addressing their concerns, emphasize what's at stake if your association data isn't appropriately protected.

  • The Novi team will NOT be able to reset your MFA settings if you lose a device. This policy was voted on by your peers during the roundtable.

    • Another admin from your team will need to reset your MFA settings instead.

    • There may be exceptions for associations with a very small staff, but this will be determined on a case-by-case basis.

Novi's Key Security Features

Defending Your Members from Spam

  • Membership directories are a major target for spammers. For this reason, you should consider putting virtual "walls" up around your directories. For example, you can require visitors to log in before seeing a directory.

  • If you'd like to keep your directories public, consider using contact forms instead. This will hide members' email addresses and force web scrapers through a bit of a maze before sending a message.

  • Whatever method you choose, make sure to weigh all the business considerations involved.


This roundtable may be over, but you can continue sharing security tips in Novi Exchange!

Did this answer your question?