In this day and age, hackers are no longer lone actors at one workstation in a basement. They are sophisticated crime syndicates with powerful, cutting-edge technology and with more employees than most of our organizations. The stakes are high, as data is more valuable than ever, and we are only as strong as our weakest link.
To ensure top-level data security, all of ACD’s users have important responsibilities. Our infrastructure protections are stronger than ever, but we must rely on our users taking responsibility in three key areas: 1) your access information (username and password), 2) your list of users, and 3) your exported data.
When it comes to your access information, ACD systems ensure you have two-form factor authentication, very strong password quality and that your password is updated regularly. But, as a user of our system, it’s your responsibility to:
- ensure your password is not written down or stored electronically on your computer hard drive
- ensure your browser cannot be accessed by anyone but you, especially if you use a service like Last Pass or Google Password Manager
- ensure your computer locks behind a password or pin after inactivity or upon start-up
- ensure your computer, antivirus, and firewall are set to update automatically and that you restart often
- ensure your internet connection is private and that you NEVER access ACD systems from public Wi-Fi
In terms of managing users in our system, communication is key. It’s vital that ACD is notified to remove access when your employees or volunteers change. Ideally, we ask that you notify us before one of your users is no longer on staff.
Finally, when it comes to your exported data, ACD wants you to be able to access reports and download data easily. But with ease comes risk. It’s imperative that users that do not need to download data or view reports are not given that permission, and ACD can easily accommodate permissions requests. Even better – remove the need to download data altogether by utilizing API integrations and/or automated file postings to secure FTP locations. We also strongly recommend that you never email exported information or attachments with personally identifiable information. Use share links with restricted access permissions, instead.
We have your back, but we also need to make sure they are the right backs! While ACD’s systems are designed with layered defenses to protect against external threats, transmit data securely, and ensure we can isolate and mitigate threats, if detected. But, in the end, every single one of us has a role to play to ensure the highest levels of security. When we all understand our responsibilities and follow best practices, we can all rest easy.