What would happen if your organization were to suffer a security breach?
As an administrator you have a responsibility to protect the data of your players and their parents. It’s time to get serious and vigilantly take matters into your own hands when it comes to preparing yourself for potential issues.
When crafting a policy you should always include:
- Description of Collected Information: Write out in full what information you will be collecting from your members.
- Data Storage: List the location of where the data will be stored.
- Data Usage: How is your organization planning on using the information that you’ve just collected?
- Contact Information: Provide your users with a way to ask your organization questions.
Never share your password. Each individual administrator with access to your organization’s data should have their own login. Organizations need to reserve the ability to remove users from the system in the event that they are no longer working for the company. Separate logins also act as a way to pinpoint which user’s account accessed breached information if a leak is detected.
Do not physically write down credit card numbers when taking payments. Type secure information directly into the system – even if taken over the phone. Once that information is written down on a piece of paper there is no definitive way to know where it will eventually end up.
If you are exporting information to shared desktop computers make sure you are deleting files appropriately. When taking information out of the system make sure it isn’t being saved to a temporary file. By taking that information out of the secure environment you are introducing it to risk of virus, remote access, or other users.
Background Checks work to limit the liability that you could potentially face as an organization. Sometimes just announcing that you will be performing background checks will deter individuals from volunteering to work within your organization.
A chargeback occurs when somebody attempts to get a refund back through their credit card company. These scenarios are rare, but your organization can prevent these occurrences altogether by being as descriptive as possible when describing your refund policies. Listing out policies ahead of time in great detail will only lessen the chance that a future chargebacks will be validated.
Review passwords every six months. In situations when data is constantly changing, like with registration systems, reviewing your password every few months can prevent people from hacking into your account. When new information is constantly being added to the system hackers might repeatedly try to return. By changing your password every few months you can block them out of the system.
Make sure you’re accessing information on the most secure channel possible. Access the site using a secure URL, do regular virus/spyware scans, and make sure you’re wiping the data from your hard drive whenever throwing away or donating an old computer.
For more suggestions about how to keep your organization safe, watch this special security edition of Maximize Demosphere.