Security in the Cloud - Is your Association website in danger of being hacked?

A Product article written by
Dan Keller - Member Evolution

As an IT professional I always like to have a look at what the experts predict will be the top technology trends for the 2016 year ahead.

Being a vendor providing software solutions hosted in the Cloud it is of no surprise that the experts see Security as the number 1 issue as we see further rapid adoption of Cloud applications, mobility and all Internet driven things. There have been a number of highly publicised “hacks” in the last few month, the Ashley Madison incident comes to mind, and as more data is hosted in the Cloud you can be sure that internet threats will become more and more frequent.

As a NFP using or looking to use a Cloud based membership management system, what steps can you take to minimise the risk of being hacked?

  1. Look at the URL of your website. If it begins with “https” instead of “http” (HyperText Transfer Protocol) it means the site is secured using an Secure Sockets Layer (SSL) Certificate. HTTP over SSL is the standard security technology for establishing an encrypted link between a web server and a browser. 
  2. Check if your Security Certificate is properly installed and that the server doesn’t use any insecure crypto methods by performing an SSL security check at: https://www.ssllabs.com/ssltest/. If you don’t have an A+ rating you may have some level of exposure!
  3. Look for a software provider who has a proven track record of providing secure websites. Ask your preferred vendor if any of their hosted clients web servers have ever been hacked.
  4. Make sure your vendor has performed “Penetration Tests” where they use scripts to mimic an attack similar to known tricks a hacker would do and then correct any shortcomings.
  5. Secure your membership management website with strong passwords, utilise LastPass which remembers your passwords or something similar to ensure you don’t forget your hard-to-remember password! For more information on how to secure a safe password please view here.
     

For more information on why your assocaition needs a secure HTTPS website please view here.