Does your Association have a website? A solid reputation? Consider the costly financial, legal, and emotional toll of a security breach.
Malicious attacks occur every day. Hackers don’t need any specific motive. They need an easy target.
The good news is that you can reduce your risk. By implementing multiple security strategies you can limit losses or discourage foul behavior altogether. As more Associations implement “digital first” strategies, it becomes more important to prioritize security.
The rewards are immediate. Associations with security seals increase online donations. More importantly, security practices can protect sensitive data.
Don’t push the responsibility to the tech team. Everyone in the Association should be aware of security implications. ASIS International provides suggestions for Associations in specific industries.
Want Greater Security? Change Your Staff's Behavior.
The largest security risk to any organization are employees. This isn’t intentional. Consider the following: if someone hacks an employee and that person has administrative access to your social media accounts, what happens next?
Social Media Examiner tells the story of a single breach that resulted in animal cruelty and pornographic imagery broadcast across multiple social media accounts. Lose credibility and everything else about operating your Association becomes more difficult.
Educating staff and setting security procedures is key.
Some association security fundamentals include:
1. Don’t share admin access and passwords across the company.
Create individual admin access and assign roles. Random code generators are another way to protect access. “These tools are often used on mainstream platforms like social networks and email providers, but they can prove effective for securing enterprise apps, too,” writes Ernie Smith at Association Now. Try Authy.
2. Educate employees on email security, and lack thereof.
Never share sensitive information by email. Employees should be instructed to share sensitive data -- however your Association defines it -- using encrypted methods. An easy and free option is to set up a WhatsApp channel. Use WhatsApp in the browser, as a standalone app, or on any smartphone.
3. Purchase VPN (virtual private network) software for employee phones.
Mobile phones are everyday tools used at every level of your Association. Add an additional security layer to smartphones with a VPN (virtual private network). This is particularly important if your employees travel or use public wifi. CyberGhost is one reliable option for email servers and individual phones alike. There are others, too.
4. Encourage employees to change access passwords regularly.
Invest in password management software across your organization. Software such as LastPass, 1Password, and Dashlane offer affordable enterprise-level solutions. Dashlane offers a free version for employees.
5. Promptly remove access privileges of former employees.
Put a process in place to remove all former employees from email, network, and social media account access. Implemented across the board. Any unnecessary access is a weak link in security. Social media accounts are particularly vulnerable. These should be removed promptly.
The FCC has additional security recommendations.
eBallot’s Focus on Security
Security is crucial to eBallot because we provide online voting software. We have security measures in place across operations.
Our security measures include:
- Client confidentiality agreements
- Personnel security measures
- Data center compliance
- Disaster data recovery
- External audits and system checks
It is literally our business to protect your online voting. We believe in the old adage, “an ounce of protection is worth a pound of cure.”
Trust us with the security of your next election.
eBallot helps Associations host elections. Contact us for further information.
Alex Hay: Nov 28, 2023
Katie McCaskey