During this roundtable, we shared best practices on data security, and customers shared lessons learned and steps they take at their organizations to keep their data secure.
Novi Security (What can you do?)
Have a layered approach!
Access Control - limit access as much as possible
Managing Association Admins - A Novi admin, short for administrator, is any individual that has some level of access and editing privileges to your Novi database and/or website.
Keep an eye out for spam accounts by regularly checking the Recent Signups list to check that those signing up and/or creating accounts look legitimate
Requiring Approval for New Memberships so that new members can't get access to membership benefits (such as the directory or locked down content) until they have been approved
Internal (Association Staff) Security
Use strong passwords
Don't re-use passwords or share accounts!
Tip: Use a Password Manager
Use multi-factor authentication
Train and test your staff on how to spot phishing attempts
Voice verify anything that might look suspicious with the sender - call the person and ask if the message is legitimate.
Example: an email that looks like it's coming from a known contact, asking to update personal information or send money
Data Governance Policy
Don't keep data you don't need!
Have an Incident Response Plan
What to do if you (or someone at your organization) does click on a phishing attempt link, for example? Who is the person to contact on staff to notify first? Who at your IT provider do you need to reach out to?
Cyber insurance - consider adding this if you don't already have it
Extend your internal best practices to anyone with access to your systems (volunteers, committees, board members)
Include volunteers in security training
Consider bringing a data security specialist to your conference or education classes
Educate your members on the look/feel of official correspondence