Association Leadership - September/October 2015 - (Page 18)

FE AT u R E Is Your Website Safe? Safeguards to keep you and your members' data secure by nick weynand and stephen tidmore I n early July, we learned that the U.S. Office of Personnel Management suffered two major data hacks that led to the distribution of more than 21.4 million Americans' sensitive personal information. The depth and detail of the information stolen is unprecedented. But, while it is the largest single cyber theft in American history, the OPM breach isn't nearly the first - nor will it be the last. Cyber security failures have become so popular, in fact, that U.S. News and World Report tagged 2014 the "year the hack went viral." As technology extends further into our daily lives, and as more data is put into the cloud, the steps you take to secure your members' data is critical. And while most hackers will continue to exploit larger organizations in possession of sensitive and actionable data, associations are not immune to the nefarious intentions of these anonymous (and often foreign) digital thieves. In fact, a couple of TSAE member associations have been victims to cyber attacks in the last few years. ThE BENEfIT Of ONLINE SECUrITY Despite what Hollywood suggests, hacking encrypted data isn't a simple task. The OPM breach was actually two breaches conducted over the course of months by what is assumed to be a large team of hackers sponsored by the Chinese government. Think of it this way: You're a burglar. Not wanting to get nabbed by the cops, you prefer a quick in-and-out job with low risk. So you drive up and down a residential street looking for candidates, finally settling on two large homes sitting side by side. They both appear empty and their size and style imply a lucrative haul waits inside. The only difference between the two houses? One has a sign in the front yard that reads "This Home is Protected by XYZ Security" and the other doesn't. Which house will you decide to rob? Hackers tend to operate the same way. They'll cruise the Internet looking for "open windows" through which they can easily slip. If they see that your association site has an easily exploitable gap, they're much more likely to give it a go. However, if you adopt some basic cyber security tools and policies, the would-be thieves will stroll down the Internet superhighway to the next site. So what can your association do to discourage would-be hackers from stealing your members' data? We'll start with the simplest tactics before digging into the more complex options available. Even if you don't have a dedicated IT professional working on your website, you should be able to use many of these recommendations. USE hTTPS WITh AN SSL CErTIfICATE Let's start by wrapping our head around a couple of terms: * "HTTP" stands for "hypertext transfer protocol," which is a technical way of describing how data is transferred over the Internet - and how you see and interact with websites in your browser. 18 September/October 2015/Association LEADERSHIP * "SSL" stands for "secure socket layer" and is the tool by which Internet communications are encrypted and, thus, secured. * "HTTPS" (with the extra "s" for "secure") uses the SSL to securely transfer data from your Web server to your users' browsers. When security isn't a concern - such as when you share a blog post - HTTP is perfectly acceptable. But when the sensitivity of data must be protected, you want it to be on a secure site (i.e., HTTPS). At the very least, the sections of your association's website that contain personal member data need to be secured by an SSL certificate. If you don't currently have an SSL certificate for your site, getting one is a relatively simple process. The Secure Sockets Layer website offers an article titled, "How do I get SSL on my website?" ( aspx?id=10694) that gives you step-by-step instructions. Your quickest and easiest option, though, is to purchase and install the SSL through your current Web host (or a third-party). If you do nothing else to secure your website, make it the acquisition of an SSL certificate. Another reason to secure your site is Google. The world's dominant search engine is beginning to consider HTTPS status in its search ranking algorithm. In other words, secure websites will get more visibility than non-secure sites. UNIqUE PASSWOrDS This one seems to go without saying, but you'd be shocked how many organizations - some

Table of Contents for the Digital Edition of Association Leadership - September/October 2015

Message From the Magazine Chairman
60-Second Solutions
Quick Takes
From the Public and Private Sectors to Association Management: Meet the New Tsae Chairman, Bill Keese, Cae
TSAE’s Newest Board Members
Is Your Website Safe?
Advancing Association Meeting Through Place-Based Education
Red Flags at the Board Table
Don’t: Tips for Reviewing Your Association’s Products and Services.
Destination Planner
New Members
Index to Advertisers
Work Smarter

Association Leadership - September/October 2015