The Strauss Blog

“We Have Met the Enemy, and S/He is Us”: Reducing Damage from Accidental Data Losses and Preventable Theft

Associations are tempting targets for hackers.

The two most valuable assets that make associations tempting targets for hackers are lists of members that often include date of birth and credit card numbers.

Your association, if it collects more detailed personal information, may be an especially tempting target for hackers who steal identities.

No-Cost/Low-Cost Data Protection Best Practices

The following are familiar no-cost/low-cost data protection best practices that every association should adopt:

  • Install software updates—especially patches for your computer’s operating system (like Windows, Mac OS X, and Linux);
  • Reduce the likelihood of sensitive data being stolen by installing, using, and updating a software security suite; Norton Security Deluxe is the most highly rated 2018 security suite according to PC Magazine at $39.99US (assuming you do not need their Premium Edition that includes its parental controls and back-up).

“It steers users away from phishing sites and offers specific protection for user-defined sensitive data, credit cards, bank accounts; any attempt to transmit sensitive data from your computer sets off an alarm;”

  • Password protect all computers—especially laptops—and change their passwords regularly
    • Be creative when creating passwords—avoid using (and re-using) easy to remember configurations;
    • Time magazine’s ”The Worst 25 Passwords of 2017” reported that the three most frequently used passwords were 123456, password, and 12345678; and,
    • Changing passwords, and using less frequently used passwords, is made easier if you install and use password management software.
  • Dashlane is the most highly-rated 2018 password manager according to PC Magazine at $39.95US and allows you to use it and sync it on all of your devices; it is free if you want to use it on only one computer

“Dashlane makes smart password management a breeze. And its new standalone browser extension means you can use the service on just about any platform”

Some software, like Microsoft 365, offers additional security features such as:

  • A predetermined password expiry policy option that includes preventing the use of previously used passwords;
  • Two-step verification that makes it more difficult for someone else to sign in to an account or to change passwords; it uses two different forms of identity: your password, and a contact method;
  • With two-step verification, even if someone else finds your password, they will be stopped if they don’t have access to your security information when signing-in on a different computer. If your office has Wi-Fi, change both your router’s user name and password regularly—including whenever a person is no longer an employee; and,
  • Set-up a different router user name and password for use by visitors to your office and temporary/casual staff; change the password often.

Make it harder to access your wireless data by reducing your router’s range/signal strength;

  • Install, use, and update virus protection software; Norton AntiVirus Basic is the most highly rated 2018 antivirus software according to PC Magazine at $19.95US

It earned “Perfect scores in our malware and exploit protection tests; best score in our malicious URL blocking test—plus, it includes spam filter, password manager, and other bonus features” 

  • Change passwords for protected information regularly;
  • Do not request credit card information on forms designed to be sent as attachments in email; if you cannot use a secure shopping cart to receive payment, then make it easy to receive credit card numbers by fax or telephone.
  • Destroy credit card numbers after a payment has been processed;
  • Limit access to passwords for files that may contain Personal Identifiable Information (PII) or Health Identifiable Information, which is beyond the scope of this article
  • PII is personal information “recorded information about an identifiable individual other than contact information (name, residential and email address, and telephone/cell number)” an example of PII is a person’s date of birth;
  • Review all request current forms/requests for information to determine if there is a need to collect PII.

Data Security Best Practices

Installing software and writing procedures are not substitutes for creating a culture of data security.

You can begin to create a culture of computer security by:

  • Raising awareness of data security as an agenda item during every staff meeting;
  • Sending frequent reminders by email;
  • Putting up posters near the coffee machine; and
  • Running a test by sending an email with an attachment that should not be opened or with a link that should not be clicked on.

A no-cost source of help in creating a culture of data security in your association may be form an ad hoc data security committee made-up of your members.

The above article is provided for informational purposes only. It constitutes general information; it does not constitute professional advice related to data security, and you may not rely on it as such.