NCRA is doing its best to keep your personal identifiable information (PII) safe and secure.
NCRA requires all employees to complete annual security training and tests as well as weekly topical training and tests. Topics have included creating secure passwords, using multifactor authentication, and when to use virtual private networks (VPNs) among many other topics. NCRA also performs quarterly Payment Card Industry (PCI) compliance tests to ensure our online properties that accept or use personal or financial data are appropriately secured and that information is encrypted before saving to the database.
Natalie Dippenaar, NCRA Director of Membership & Technology, explained: “Some initiatives we are currently working on include phasing out the use of PDFs where members write their credit card numbers in favor of making online payments in the portal or calling to provide a credit card number to charge. Sharing credit card numbers via email is insecure and something we need to discourage. Additionally, we are implementing enhanced security checks with online credit card payments, specifically ensuring the correct address/ZIP code or expiration date/CVV code are provided for the card. Many members shortcut the step of entering the address and expiration date and have found their cards declined. While an inconvenience, this is an important step to ensuring the person using the card is that person.”
But the foundation of NCRA’s cybersecurity awareness is staff training according to Shane Fernandez, Chief Executive Officer of Complete Network Integration, the company that oversees the Association’s email security and training.
“Our focus is as much on training people as it is on having good systems in place,” says Fernandez. “We‘re looking to build a human firewall so that everyone has a security mindset and uses good security processes when handling emails and data. That’s where good training comes in.”
Fernandez notes that the majority of cyberattacks these days are made via email because it is one of the main ways that we lower our defenses. NCRA has a number of different systems in place to keep everyone’s data safe, including next-generation antivirus software that layers in additional ransomware protection.
“Within the email system, we have email notifications that notify us of potential threats or identify who unsafe senders are,” he adds. “But our best defense is our own intelligence.”
For email, NCRA’s Chief Financial Officer John Dripps recommends using the SLAM method to evaluate your emails. He adds, “There is a second meaning to SLAM: Stop, Look, Ask, and Manage, which prompts the receiver to check the Sender, Link, Attachment, and Message.”
When asked what our members can do to reduce risks in their own jobs, Fernandez says his top tip is to have your radar on when reading your email. “If an email is asking for personal identifiable information, always pick up the phone and call the sender if you can. For every email we have to have our radar on. That goes a long way to prevent data breaches.”