March 9, 2015
As associations and companies move more and more of their assets online, hackers have become more adept at breaking in. With some of the nation’s most secure websites being compromised, it is more important than ever that security be tightened and processes put in place to ensure that sensitive information doesn’t fall into the wrong hands. And if it does, it’s critical to have a response plan in place.
To keep your site secure, Kellen has the following recommendations:
Migration of sites to content management systems (CMS) off the shelf
These systems use a common core code base that can be patched quickly and easily when a threat arises. To use these correctly, it is important to keep the servers patched and updated. Additionally, Kellen is on-call for detecting and fixing OpenSSL vulnerabilities that let people get around security certificates. We also use Secure File Transfer Protocol (SFTP), which is a network protocol for secure file transfer over a reliable data stream.
Avoid storing financial data unless your systems are PMI compliant
Don’t store bank data or credit card info unless they are Privilege Management Infrastructure (PMI) compliant. PMIs allow privileges and authorizations to be managed separately from keys and authentication. This keeps members financially protected when making transactions through association websites. If you cannot accomplish this, use third-party systems for financial transactions.
Upgraded password protection
One of the other threats for website security actually lies with the users themselves, because of the simple passwords they choose. To avoid intuitive passwords, we use generators to create passwords that are 16 characters long and use random characters. For example, jcVl*e#Ki1D0. For servers, we use 36 characters long, such as d6H!Z^8DrH*8GQtu&5ILqU7kXi6oqPqqZQ1e.
If we could leave you with one thought, it would be this: don’t put things online without putting the right precautions in place. Hackers are always looking for a way in and your goal is to always be several steps ahead of them.