Tighten up your Breaches! – What you can do to protect yourself from Cyber fraud
By: Caitlin Hyatt, Account Executive
Turn on the television or tune into the news and you’ll likely hear about the latest security breach. With massive retail giants such as Target and the Home Depot falling victim, it’s apparent that the size of your operation does not make you any less secure. Unfortunately, many associations are starting to learn that nefarious people are looking to target them too. Here are some ways to keep your association safe:
Phishing scams – No we’re not talking about the jam band here. This is one of the easiest ways to get fooled, and it can happen in a myriad of ways. One of the more common methods that associations get targeted here is by someone creating an email that looks like the email from the Association’s Treasurer. However, when you hover over the email, it reveals a different email address. This is called spoofing, and the spoofed email address is usually the one that is sent to another member of the Board asking them to pay an invoice. Often, that invoice has bank information so that a wire transfer can be made. The key here is, if it looks off or if this isn’t the way your association typically operates, then the best course of action is to pick up the phone. Give your Treasurer (or whomever the email came from) a call and confirm that the email is legitimate. Doing so can save you a lot of time and headache.
Credit card fraud – This is more geared towards protecting your members. Each day, associations process numerous credit card transactions for membership dues, conference registrations, etc. More than likely, these were done through the association’s website, so the credit card details should be safe. However, if a member called the office to pay for their dues or if they provided you with credit card information on paper at the registration desk, it is imperative that the information be shredded immediately. Ideally, there will never be a paper trail and association staff should do their best to input the payment details directly into the payment processor. We all know how harry it can get at the registration desk. Thankfully, there are handy tools such as the Square that allow you to process credit cards fairly quickly. And this also integrates with common accounting software such as Quickbooks!
Ransomware: This is a form of malicious software (or malware) that targets a weak area of security in organizations in an effort to access and block users from retrieving their data. Often, this comes from a phishing email where an individual inadvertently opens the email and allows the criminal to encrypt files on a corporate network or drive. Once the victim realizes they are unable to access their files, they are met with a message from the perpetrator stating that their files will be returned for a fee. Sadly, even after the fee has been paid, many victims never do end up receiving their information back. For this reason, it is important for all association staff and volunteers to be vigilant about the emails they open from third parties, or from someone that they usually receive correspondence from, but the email looks slightly “off.”
Data Breaches: While many associations don’t collect too much sensitive information on their members and attendees, this is still an area of concern. Association members trust that the individuals who are on the receiving end of that membership application or conference registration are being good stewards of their information. If their details are leaked, this breaks that trust, and could ultimately harm your association’s reputation. Inform all users of any software, including volunteers and staff, that their passwords must be complex and updated every thirty days. Additionally, users should be encouraged to have a different password for each website or software system, and to keep all of their passwords in a safe, password protected file. And no, a post-it note on your desk does not count as a safe location!
This list is by no means comprehensive, but it’s a good overview of the threats that are real in our day-to-day lives. It is easy to feel as though we are immune, but if we are to learn anything from the Equifax breach, even the most secure organizations could use an overhaul!
ASG has developed policies for record retention of both electronic and hard copy documents as a part of our AMCI Accreditation. These policies outline procedures for physical records, financial records, electronic records, personnel files, record back-up, access and record destruction. These policies ensure that records are kept for the appropriate amount of time, prevent unauthorized access and safeguards records from damage or deterioration.
With the ever-changing and evolving digital world, social media outlets and security breaches, ASG embraced a more strict policy in record keeping.
- Tighter guidelines have been implemented on how to store electronic files while maintaining consistency across years and clients.
- Stringent security measures are in place to secure the ASG network and the files stored.
- Network access is locked to specific users and client files.
- Practical procedures are in place to preserve computer hardware & portable media from misuse, abuse and theft.
- Client permanent files are internally audited for compliance to operating procedures designed to ensure client business continuity.
- Conformity to the PCI – compliance standards to prevent theft of credit card holder data.
- Backup procedures & schedules are explicitly followed to prevent loss of data.
- Computer use, internet access & permissions are closely monitored by IT.
To read more about why accreditation matters, click here.