Securing your association's website

Securing your association’s website
Securing your association’s website
  • Cody Hobbs
  • 0 Comment
  • Association . cyber security . security .

After the Equafax security breech, website security has become a hot topic.  Members who sign up with your association want to have the peace of mind in knowing that their private information is kept safe.  What can you do to make sure this is so?

1: Make sure your platform is kept up to date.  If your associations website uses a CMS, then chances are its foundation is using either Drupal or WordPress.  Both companies frequently update their software packages, and those updates include more than new features to publishing, but also security enhancements.  Make sure that your website is using the latest version.  If you’re thinking about updating your site with a redesign, that’s a perfect opportunity to update!

2: Check that URL.  Have you noticed that there’s a little bit of text before the www-dot in your domain?  It’s either http:// or https://  While they may look nearly identical, that one letter, the ‘s’, can mean all of the difference.  So what does that ‘s’ stand for, anyway?  It stands for ‘security’.  When you see a domain with a URL that starts with https:// it means that it is using a secure connection.  If it just reads http:// then be weary of handing over any sensitive information, such as credit card numbers.  Check your associations URL.  Especially if you offer online registration and payment, make sure that it has the ‘s’.

3: Build that wall.  Make sure your website is using a WAF, or a ‘Web Application Firewall’.

4: Better passwords.  You probably know by know not to use password for your password, but how secure is your password, really?  First, according to security experts, your best bet is to use a whole phrase instead of a random string of letters and numbers, such as, IamtheQueenofEngland#1901.  Also, keep track of everyone who has admin access to your website and make sure they use a good, secure password.

5: Just ask!  Saving the best for last, the number one thing you can do is to ask your tech partner what kind of security measures they utilize, and if there’s anything more that can be done.  If you feel like they don’t offer the best security options, or ones that don’t meet your needs, then it might be time to look for another tech partner.