Technology

CEO to CEO: Data Breach Considerations

By / Apr 1, 2015 (rkankaro/ThinkStock)

How are you protecting your organization against a potential data breach?

Ralph Albert Thomas

Ralph Albert Thomas

CEO and Executive Director, New Jersey Society of CPAs, Roseland, New Jersey

An organization’s greatest data vulnerability is its staff. NJCPA put effort into training staff to recognize potential fraudulent e-communications that could compromise member data. Our hope was that they would recognize and not open these bogus attachments. Staff who did were given additional instruction. The effort paid off: At the end of the program, 99 percent of the fraudulent emails were left unclicked.
Alan Sparkman

Alan Sparkman, CAE

Executive Director, Tennessee Concrete Association, Nashville, Tennessee

TCA is a small-staff organization. My approach to data security has been to move most of our critical data to third-party vendors. Our AMS system is hosted with a much higher level of security than we could reasonably afford, and we recently replaced our aging network server with a cloud-based server. The changes make our data more secure, yet easily accessible for staff.
Catherine M. Rydell

Catherine M. Rydell, CAE

Executive Director and CEO, American Academy of Neurology, Minneapolis

AAN has taken multiple steps to protect against a data breach. First, security of user passwords was increased. Second, we implemented internal controls to review security groups quarterly. This ensures that only users who are supposed to have access to our data have access. Finally, we recently became PCI compliant. This resulted in implementing controls within our AMS to prevent credit card data and other sensitive information from being stored within our database.

Randy Swing

Randy L. Swing

Executive Director, Association for Institutional Research, Tallahassee, Florida

Keeping software updated and patched, and building and testing secure systems, are always the foundation for protection from a potential data breach, but we focus a lot of attention on not storing sensitive data. We don’t store credit card numbers or Social Security numbers, and staff are prohibited from emailing these—even between internal staff accounts—to avoid widening any possible exposure.

Associations Now Staff

The Associations Now team of editors covers all aspects of association management in print, blogs, and daily news. More »

Comments

Leave a Comment