BlogWildApricot Updates Here’s What You Need to Know About WildApricot Security WildApricot Updates Here’s What You Need to Know About WildApricot Security Author: Kate Hawkes August 27, 2018 Contents 🕑 5 min read With the news full of tales of cyber attacks and hackers, you may be wondering about the safety of the data you and your members share with WildApricot. We’ve put together this article to let you know some of the key security procedures we use to keep your data safe. We’ll also cover some simple steps you can take to make sure your data stays safely locked away. We constantly update these procedures and work to uphold globally-recognized data security standards. You can find a more complete explanation of WildApricot’s security procedures by clicking here to visit our page on Keeping Your WildApricot Account Secure. In this article, we’ll cover the following questions: What is information security? What is WildApricot doing to keep your data secure? What can you do to keep your data secure? What Is Information Security? Information Security is the practice of preventing confidential or sensitive information from being accessed, used, shared, destroyed or changed without the owner’s authorization. Within technology systems, some of the most widely-known examples of information security being breached include hackers stealing personal data and publishing it online, or cyber attacks corrupting important systems and files. With thorough information security procedures, organizations and individuals can protect themselves against these threats by making sure that it’s almost impossible to access their data. What Is WildApricot Doing to Keep Your Data Secure? You Own Your Data We comply with the requirements of the General Data Protection Regulation (GDPR), which requires any company that stores the personal data of EU citizens to comply with laws on the way this is used. For more information on how WildApricot deals with your data, see our Privacy Policy. How We Access Your Data We treat all customer data as confidential. Inside our company, we use special software to manage sensitive data so that it isn’t transferred by emails or text messages, which might make it vulnerable. The access our employees have to data and systems is on a strictly need-to-know basis, and we ensure that only the necessary people have access to sensitive data. What Our Security Team Does We have a dedicated Security Team of specialists who identify areas that might be more vulnerable to a cyber attack so we can fix or strengthen these areas and prevent attacks from happening in the first place. The Security Team uses a range of tactics, including offensive processes such as conducting tests on our web application and infrastructure, and defensive processes such as monitoring security alerts and conducting investigations into any security incidents. How We Secure Our Product Before releasing any new features or functions, the WildApricot Security Team always reviews their safety using globally-recognized testing methodologies (OWASP Top 10 and OWASP Testing v3). We also conduct penetration tests, which simulate real-life hacker attackers to discover the areas where our system could be vulnerable. In addition, we’re working to develop a special software that would automatically detect attacks. Only once each feature has passed our rigorous testing do we approve it for release. How We Secure Your Payments WildApricot complies with the Payment Card Industry Data Security Standard (PCI DSS), which ensures that payment transactions are secure. We successfully completed our most recent annual PCI DSS certification in 2018, and we are currently preparing for our 2019 certification. WildApricot doesn’t store the payment data of its clients, and only transfers them to accredited payment gateways. What Can You Do to Keep Your Data Secure? Administrator Rights The account administrators of your WildApricot account can manage who is able to access sensitive information including your member database. To help keep your account secure, you should only grant administrator access to those who really need it. You can add new administrators and limit the access that each administrator has by hovering over the Settings menu on the navigation bar, selecting Security from the drop-down menu, and clicking on Account administrators. Here, you can select whether a new admin should be able to edit everything (Full access), see everything but not make changes (Read-only), or only see and work on membership, events, donations and/or the website. Find out more about limited administrator rights by clicking here. Secure Passwords Your password is the gateway to your WildApricot account, so making this stronger is a quick step that can make a big difference to your security. Start by choosing a password of at least 8 characters, include numbers or punctuation marks to make it harder to guess, and try to avoid any obvious words (definitely not ‘password’ or ‘123456’!). It is generally recommended that you change your password every 1-2 months and that you never share your password with anyone else. It’s also important to have different passwords for each account that you have (e.g. your email, social media, online banking) so that someone won’t have access to all your information if they do get hold of one of your passwords. Unfortunately, it can be difficult to remember multiple passwords, which means you could find yourself locked out of an account if you forget the password. Many people find it helpful to sign up for a free online password manager such as LastPass or 1Password— these services act like a secure vault for all your passwords, but you only need to remember a single password in order to access them. Sharing Networks If you’re away from your desk, it pays to be extra vigilant when accessing your WildApricot account. If you’re using a shared computer, for instance in a library or at an internet cafe, be sure to log out of your account when you’re finished, and never select the Remember me or Save password option that many websites offer when you’re logging in. If you’re using your own laptop but connecting to the internet via public WiFi, you might see a message pop up asking if you want to set this new network as Home, Work or Public. Selecting Public triggers changes in your settings that will make it harder for other people using the network to access your information. If you’d like some more in-depth technical information on how WildApricot keeps your information secure, click here to visit our page on Keeping Your WildApricot Account Secure. Find out More About Information Security 12 Simple Things You Can Do to Be More Secure Online – PC Mag Securing Custom Domains with Security Certificates – WildApricot Help Pages Securing Your Site Using Traffic Encryption – WildApricot Help Pages The 1-Minute Guide to Getting a Website Security Certificate – For Free – Infographic WildApricot Privacy Policy WildApricot Security Overview Related WildApricot Updates Articles WildApricot Updates 🕑 2 Min Read WildApricot Stands as a Top Performer by Capterra Users WildApricot Updates 🕑 5 Min Read How to Connect Your WildApricot Account to Over 950 Apps and Services WildApricot Updates 🕑 6 Min Read Changing Your Website Theme: Tips from a Home Beer and Wine-Making Organization The Membership Growth Report: Benchmarks & Insights for Growing Revenue and Constituents Get the report now!