It’s no secret that cybersecurity is a growing concern among associations and members alike. Most of the time, data breaches don’t come from complex hacking attempts — they come from preventable mistakes, like using an easy-to-guess password. According to an article by Twilio, the password “123456” is still commonly used (often across multiple accounts) and has appeared in over 24 million data breaches.
Your Association Management Software (AMS) stores a lot of sensitive information, and data security measures can be confusing to implement on your own. The good news is that you don’t have to! With Rhythm, you can add another layer of protection to your system with Multi-Factor Authentication (MFA) in just a few simple steps. According to our CTO, Jim Catts, “MFA is simple to use, but extremely effective in preventing hacking and phishing exploits.” So let’s dig into the details!
Introducing Multi-Factor Authentication: A Layered Approach to Securing Data + Applications
What is multi-factor authentication?
Multi-factor authentication (MFA) is a security measure that makes it harder for bad actors to gain access to your AMS. Because MFA requires an additional layer of verification, it’s not enough for hackers or scammers to gain access to your staff login info — they’d also need access to the staff member’s mobile device.
Typically, association staff log in to the platform using a username and password. When MFA is enabled, another type of verification (usually on the user’s mobile device) is required during login. This additional layer of security significantly reduces the risk of unauthorized access to a team member’s account.
How it Works at Rhythm: Simple opt-in process
At Rhythm, enabling MFA can be a low-effort, high-impact win for everyone. By contacting your Rhythm representative, current customers can opt-in to MFA and staff members can begin using it immediately after setup. Once enabled, staff members will need to enter a time-based, one-time password (TOTP) in addition to their regular email address and password to log in to the Rhythm Console. This can be done with any authenticator app installed on their mobile device, but Rhythm has detailed instructions for users working with Twilio Authy — which may make the setup experience more seamless.
Security is a team effort
Keeping sensitive data secure should always involve a partnership between your association and your AMS provider. Not all Association Management Software providers offer multi-factor authentication, so be sure you ask about it.
At Rhythm, we keep your data secure by…
- Requiring MFA for all our staff and devices
- Partnering with best-in-class tech partners such as AWS and Auth0 with proven track records for securing data
- Following the “Least Privilege Approach” during development, reducing the risk of a weak link in our code base
- Enforcing secure password requirements to prevent the use of easy-to-guess passwords
- Using Mobile Device Management (MDM) to enable encryption and remote wipe of laptops and mobile devices
You can enhance your association’s security posture by…
- Learning the signs of suspicious behavior and/or phishing attempts
- Developing a security awareness training program for your staff and volunteers
- Implementing a password manager for your team
- Turning on disk encryption for all devices (especially laptops and other mobile devices)
- Enabling multi-factor authentication
If you’re a current customer who would like to opt-in to MFA, please contact your Rhythm representative.