Cybersecurity Awareness Month

Yesterday I learned that October is Cybersecurity Awareness Month, and has been since 2004.

That's 20 years, and I'm just hearing about it now.

Maybe we need a “Cybersecurity Awareness Month” Awareness Month.

But hey, it's a good excuse to talk about some easy things that you can do to tighten up your security. Here's a quick list:

• Make sure your site has the latest CiviCRM security release, which came out this week.

• Take a minute to review the list of user accounts that have access to your CRM data, and close any accounts that are no longer used.

• Remind staff of your password policy (or good heavens, create one if you don't have it). That should include things like: not using the same password on multiple accounts; using a long random string instead of "password123"; being just as careful with email passwords as you are with your login password (extra points if you can guess why that matters).

• Document the meaning of each user permission role (and keep that documentation up to date), so you can easily adjust user roles as your staff come to need different levels of access.

• Severely limit the number of users who have administrator access to modify other user accounts. (This is like the genii who insists “no wishing for extra wishes.”)

• Review your data breach response plan, or create one if you haven't already. If something should go wrong, that's not the best time to start thinking about how you'll handle it.

Naturally, the list could go on. Just as it is for the physical security of your office and your home, maintaining tight security on your CRM data is an ongoing effort, not a one-and-done affair.

Chances are, you'll never have to deal with a security breach. But though the chance of one is low, the potential impact is enormous.

October is as good a time as any to pause and make sure you're giving this topic the attention it deserves.

All the best,
A.