Here’s What You Need to Know About Wild Apricot Security

Kate Hawkes 27 August 2018 5 comments

Here's what you need to know about Wild Apricot security

 

With the news full of tales of cyber attacks and hackers, you may be wondering about the safety of the data you and your members share with Wild Apricot.


We’ve put together this article to let you know some of the key security procedures we use to keep your data safe. We’ll also cover some simple steps you can take to make sure your data stays safely locked away. We constantly update these procedures and work to uphold globally-recognized data security standards.


You can find a more complete explanation of Wild Apricot’s security procedures by clicking here to visit our page on Keeping Your Wild Apricot Account Secure.


In this article, we’ll cover the following questions:


What Is Information Security?

 

Information Security is the practice of preventing confidential or sensitive information from being accessed, used, shared, destroyed or changed without the owner’s authorization.


Within technology systems, some of the most widely-known examples of information security being breached include hackers stealing personal data and publishing it online, or cyber attacks corrupting important systems and files. With thorough information security procedures, organizations and individuals can protect themselves against these threats by making sure that it’s almost impossible to access their data.

 

What Is Wild Apricot Doing to Keep Your Data Secure?

 

You Own Your Data

 

Your personal data is yours and yours only. We pledge not to sell or transfer it. For more information on how Wild Apricot deals with your data, see our Privacy Policy 

We also comply with the requirements of the General Data Protection Regulation (GDPR), which requires any company that stores the personal data of EU citizens to comply with laws on the way this is used.

 

 

How We Access Your Data

 

We treat all customer data as confidential. Inside our company, we use special software to manage sensitive data so that it isn’t transferred by emails or text messages, which might make it vulnerable. The access our employees have to data and systems is on a strictly need-to-know basis, and we ensure that only the necessary people have access to sensitive data.


We’re always looking for ways we can improve our security by following the guidelines set by the Center for Internet Security, a global standard and best practice for securing IT systems against attack.  


 

What Our Security Team Does

 

We have a dedicated Security Team of specialists who identify areas that might be more vulnerable to a cyber attack so we can fix or strengthen these areas and prevent attacks from happening in the first place. The Security Team uses a range of tactics, including offensive processes such as conducting tests on our web application and infrastructure, and defensive processes such as monitoring security alerts and conducting investigations into any security incidents.

 

 

How We Secure Our Product

 

Before releasing any new features or functions, the Wild Apricot Security Team always reviews their safety using globally-recognized testing methodologies (OWASP Top 10 and OWASP Testing v3). We also conduct penetration tests, which simulate real-life hacker attackers to discover the areas where our system could be vulnerable. In addition, we’re working to develop a special software that would automatically detect attacks. Only once each feature has passed our rigorous testing do we approve it for release.


How We Secure Your Payments

 

Wild Apricot complies with the Payment Card Industry Data Security Standard (PCI DSS), which ensures that payment transactions are secure. We successfully completed our most recent annual PCI DSS certification in December 2017, and we are currently preparing for our 2018 certification. Wild Apricot doesn’t store the payment data of its clients, and only transfers them to accredited payment gateways.

 

  

What Can You Do to Keep Your Data Secure?


Administrator Rights

 

The account administrators of your Wild Apricot account can manage who is able to access sensitive information including your member database. To help keep your account secure, you should only grant administrator access to those who really need it.


You can add new administrators and limit the access that each administrator has by hovering over the Settings menu on the navigation bar, selecting Security from the drop-down menu, and clicking on Account administrators. Here, you can select whether a new admin should be able to edit everything (Full access), see everything but not make changes (Read-only), or only see and work on membership, events, donations and/or the website.

 

Administrator options screen

 

Secure Passwords

 

Your password is the gateway to your Wild Apricot account, so making this stronger is a quick step that can make a big difference to your security. Start by choosing a password of at least 8 characters, include numbers or punctuation marks to make it harder to guess, and try to avoid any obvious words (definitely not ‘password’ or ‘123456’!). It is generally recommended that you change your password every 1-2 months and that you never share your password with anyone else.

 

Change password screenshot

 

It’s also important to have different passwords for each account that you have (e.g. your email, social media, online banking) so that someone won’t have access to all your information if they do get hold of one of your passwords.


Unfortunately, it can be difficult to remember multiple passwords, which means you could find yourself locked out of an account if you forget the password. Many people find it helpful to sign up for a free online password manager such as
LastPass or 1Password these services act like a secure vault for all your passwords, but you only need to remember a single password in order to access them.


 

Sharing Networks

 

If you’re away from your desk, it pays to be extra vigilant when accessing your Wild Apricot account. If you’re using a shared computer, for instance in a library or at an internet cafe, be sure to log out of your account when you’re finished, and never select the Remember me or Save password option that many websites offer when you’re logging in.

 


If you’re using your own laptop but connecting to the internet via public WiFi, you might see a message pop up asking if you want to set this new network as Home, Work or Public. Selecting Public triggers changes in your settings that will make it harder for other people using the network to access your information.


If you’d like some more in-depth technical information on how Wild Apricot keeps your information secure, click here to visit our page on Keeping Your Wild Apricot Account Secure.

 

Find out More About Information Security

 

12 Simple Things You Can Do to Be More Secure Online - PC Mag

Securing Custom Domains with Security Certificates - Wild Apricot Help Pages

Securing Your Site Using Traffic Encryption - Wild Apricot Help Pages

Wild Apricot Privacy Policy 

Wild Apricot Security Overview

 

 

Get a Special Report on Simplifying Membership Management

Enter your email and receive this special report in your inbox.
Kate Hawkes

Posted by Kate Hawkes

Published Monday, 27 August 2018 at 4:13 PM

Get a Special Report on Simplifying Membership Management

Enter your email and receive this special report in your inbox.

Comments

  • Jon Kohl said:

    Friday, 31 August 2018 at 10:46 AM
    It's a little hard to take Wild Apricot's claim to take security seriously when it doesn't even offer what today is so basic and so first line of defense: two-factor authentication. Today it doesn't matter how good your password is as they can be intercepted, hacked, and guessed. With so many people in our database and in the databases of so many other customers who trust us and our security, that we don't have 2FA possibility is truly disappointing, especially when as the principal admin it is hard to monitor others with admin privileges.
  • Tatiana Morand

    Tatiana Morand said:

    Friday, 31 August 2018 at 11:01 AM
    Hi Jon,
    Thanks for your feedback. Feel free to add it to our wishlist forum so that our developers can take a look: https://forums.wildapricot.com/forums/308932-wishlist
  • Mary Adams said:

    Friday, 31 August 2018 at 1:23 PM
    I have a real concern that "read only" admin access to WA includes the ability to download the entire database. I would love to give more people in our organization the ability to view information in our system. But it would be irresponsible to do this if they have the ability to take all the data. This is on the wishlist but I don't see this as an optional feature. In today's world, this is should be a basic safeguard.
  • Ann Moran said:

    Sunday, 02 September 2018 at 3:37 AM
    Some of our 'Read Only' admins do need the ability to download information, eg our treasurer. So for us it would better to have an option to limit downloads for each admin.
  • Tatiana Morand

    Tatiana Morand said:

    Tuesday, 04 September 2018 at 10:26 AM
    Hi Mary and Ann,
    These are both good points. Thanks for sharing! If you'd like our developers to see this and possibly add it to our roadmap, you can comment on our Wishlist forum: https://forums.wildapricot.com/forums/308932-wishlist

Search: WildApricot.com 

About results ( seconds) Sort by: 
Sorry, an error occured when performing search.