Best practices: information security is threatened every day.With the recent outbreaks of security breaches in the news, it's more important than ever to ensure that your data is safe. While no system is ever 100 percent secure, there are many steps and industry best practices you can follow to significantly reduce your risk of becoming the next victim of a security breach, data corruption Data corruption refers to errors in computer data that occur during transmission or retrieval, introducing unintended changes to the original data. Computer storage and transmission systems use a number of measures to provide data integrity, the lack of errors. , or loss of mission-critical data. Whether your donor database is stored on your own computers or uses a hosted solution provider, here are some important practices to use or look for: Backup, Backup, Backup. The greatest risk to your data is not really hackers; it's data loss due to computer failure, fire or other accidents. Not having a comprehensive backup plan can spell disaster for your organization. Complete backups should be performed every day, and copies of the backup itself should be stored securely off-site. There are countless examples of data loss due to fires, floods, etc., where the organization dutifully du·ti·ful adj. 1. Careful to fulfill obligations. 2. Expressing or filled with a sense of obligation. du backed up their data, but unfortunately stored the backup tapes next to their computer. Hosted software providers handle daily off-site backup storage for you, but if you're not good about making backups yourself, consider an online backup service such as mozy.com or carbonite.com. User ID & Password Security. Some of the most stringent data security requirements are used by the healthcare industry under the guidelines of the Health Information and Patient Privacy Act (HIPPA Hip´pa n. 1. (Zool.) A genus of marine decapod crustaceans, which burrow rapidly in the sand by pushing themselves backward; - called also bait bug ltname>. See Illust. under Anomura. ). HIPPA spells out many requirements for password security, including: * Passwords should be at least seven characters in length, contain at least one non-alphabetical character, and not be words found in a dictionary. * Passwords should never be displayed onscreen on·screen or on-screen adj. & adv. 1. As shown on a movie, television, or display screen. 2. Within public view; in public. and always stored with a high level of encryption. You should never be able to download the password file- it must be individually reset for each user. * Passwords should expire and be changed every 60 days and User IDs should automatically expire after a predetermined pre·de·ter·mine v. pre·de·ter·mined, pre·de·ter·min·ing, pre·de·ter·mines v.tr. 1. To determine, decide, or establish in advance: date. This safeguard ensures that users who are no longer authorized do not have access to the data. * No more than three unsuccessful login attempts are allowed. Once three attempts have been made, the User ID is deactivated and the user cannot access the system unless the password is reset by the system administrator. * Access to data should be able to be limited to only certain subsets of the data, such as Name and Address, and not include financial transactions. You should also be able to limit access for certain users to business hours BUSINESS HOURS. The time of the day during which business is transacted. In respect to the time of presentment and demand of bills and notes, business hours generally range through the whole day down to the hours of rest in the evening, except when the paper is payable it a bank or by a Monday-Friday. Or you may even want to limit access to just certain designated IP (Internet Protocol) addresses. Audit Trails. A database system should be able to provide a security audit trail of user logins. For example, it should track the user identification, time/date, and IP address of every single login. These security logs should be reviewed periodically, and any suspicious behavior identified. Don't make the mistake of ignoring the audit trails until after you know of a security breach. In almost all cases you can stop a breach if you pay close enough attention to these logs regularly. Physical Security. A weak link in many organizations is the physical protection of their property and databases. This not only includes protection of your servers and computers, but also protection from unauthorized access to the printed records of your database. All paper records should be destroyed (cross-cut shredding is best), including any correspondence (including the envelope!) from your donors. Data identity thieves know that it is often much easier to sort through your trash looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. information than to successfully hack your systems or decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. your password files. User Security Awareness Training. Some of the greatest threats to your data are from hackers who can use social engineering to access your systems. Also known as "Phishing" schemes, these unscrupulous hackers can trick your users into revealing their security credentials. That's why it's important to make sure users are aware of such schemes, and to always be on the lookout for in search of; looking for. See also: Lookout "official" looking email that redirects them to a rogue Web site See rogue site. to enter their credentials. One of the easiest ways to identify a phishing attack is to be mindful of where the perpetrator A term commonly used by law enforcement officers to designate a person who actually commits a crime. redirects your Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. . For example, while an email link may display an official looking Web site address (such as www.paypal.com/login.aspx), hovering the mouse over the link will reveal the actual HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. address in the bottom left hand corner of the browser. In fact, this type of phishing scheme is so prevalent, that many service providers will never include a link to a login page in email communications. Securing your database systems should be a mandatory part of every organization's overall contingency planning, and in many cases it is necessary to ensure the organization's very survival. Both physical and software protections are required, and while outsourcing your database systems to professionals can provide added security, it's still necessary to teach greater security awareness among all your users to ensure that your data is as safely protected as possible. NPT NPT National Pipe Taper (pipe thread specification) NPT Non-Proliferation Treaty NPT Nonprofit Times NPT Newport (Rhode Island) NPT Nuclear Nonproliferation Treaty NPT Neath Port Talbot Jon Biedermann is vice president at SofterWare, Inc., developers of DonorPerfect. His email is jbiedermann@donorperfect.com |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion