By Sherry Reisman
Information security is a hot topic these days, and one that professionals working in any industry have to take seriously. With more and more headlines about data breaches, complex scams, and financial compromises, professionals are buckling down on both office and data security, doing everything they can to avoid being the next cautionary tale – and association professionals are no exception! This is especially true when it comes to protecting sensitive payment information.
Establishing payment and data security measures can seem overwhelming and intimidating, especially for small associations that don’t have a ton of resources or staff. The good news is, however, you don’t have to become a cybersecurity expert overnight to protect your association’s, and your members’, sensitive information. Arming your association with top-notch data security is a lot easier and more attainable than you might think!
The following steps offer simple and effective moves associations of any size can make to ensure their data and processes are secure.
Payment Data and PCI Compliance
Payment data is easily some of the most sensitive information your association has access to, and also some of the most enticing for would-be hackers and fraudsters. Because of that, there are formal regulations put in place by the major card brands dictating how any credit card-related data should
While calling these “formal regulations” may set off alarm bells indicating that very serious and intensive work must be done, the reality is complying with PCI, or Payment Card Industry, standards is actually easy for any association to do. Additionally, the practices outlined by the PCI Data Security Standards (PCI DSS) are great best practices for any professional to follow to protect sensitive data of any kind.
Specifically, here are six goals outlined by the Payment Card Industry Security Standards Council, along with tips for implementing these best practices in your association:
- Maintain a secure network: Most computer operating systems (OS) have basic firewalls built in, but it’s your responsibility to ensure your OS is up to date with the latest security updates and patches. This means you can’t just keep clicking “Remind Me Later” when you receive an alert about a new firewall update that requires your attention. You’ll also want to make sure all systems are protected by strong, unique passwords.
- Protect cardholder data no matter what: Get sensitive payment data out of your office and into the hands of a trusted payment partner with expert-level data protection. If you do have to store any payment data in your office and you don’t have an in-house IT expert, consult a reliable third-party company who can make sure your computers and equipment have the proper levels of encryption.
- Maintain a vulnerability management program: Make sure auto-updates are enabled for all software installed on your office’s computers. You’ll also want to ensure you have strong antivirus and anti-malware programs running on all your association’s machines.
- Implement strong access-control measures: Confirm all members of your association have their own log-in credentials for computers and software, and also that no one has access to any systems beyond what they need to do their job.
- Regularly monitor and test networks: Cybersecurity isn’t a “set it and forget it” endeavor. Again, if an in-house IT team isn’t an option, work with a third party that can regularly test your networks and systems to ensure your security measures are up-to-date and effective.
- Maintain an information security policy: Create a security policy that details how your association handles sensitive information. Make sure all members of your team are aware of this document and what it contains (sample doc available at https://bit.ly/2CHi4ck).
Get Sensitive Data Out of Your Office!
While all of the above are payment data protection best practices, the reality is, you’re not data security experts, and you shouldn’t have to be. As such, one of the best and easiest ways you can protect member payment data is to never have it in your office in the first place!
Jason Anders, CEO of Amazon Web Services (AWS), said it best: “What’s happened over the last three to four years is that most companies have figured out that they can have a much stronger security posture in AWS and the cloud than they can on-premises, because we’re able to employ a lot more people to focus on security.”
What does this mean for your association? Find a qualified, reliable third-party partner you trust with your members’ most valuable information, and let them use their expertise to protect it. Think of it this way: if member payment data is safely stored in an encrypted payment vault guarded by a qualified third-party vendor, there’s nothing in your office for a would-be fraudster to steal even if you are the victim of some kind of hack or breach. Not only is sensitive information kept that much safer, but your association is also off the hook in terms of liability for protecting that information. It’s a win-win for your organization.
Sherry Reisman is Associations Manager at Affinipay for Associations (associations.affinipay.com), where she helps associations provide a simple, secure, and streamlined way to accept payments for membership dues, event registrations, donations, and more. As a seasoned association professional herself, she understands associations’ needs and can be reached at [email protected] or (512) 872-6169.
Photo credit ©iStock.com/urupong