top of page

8 Critical Security Measures Every Center Director Needs to Do

In the dynamic world of pregnancy center management, staying vigilant and ahead of the curve is crucial to effectively fulfilling your center's mission. As a dedicated director, you play a pivotal role in guiding your center toward success and ensuring it continues to positively impact your community.


The Stories Marketing team comprises individuals who have served in your shoes. While we’re here to provide proven marketing strategies, we love using our personal experiences to provide additional resources and support.


To help you navigate the ever-changing landscape, here are some critical insights every center director needs to know.



1. Understand your center’s rights to your websites and online assets.


One of the best questions you should ask a potential new marketing company (or your current provider) is, will I own my assets, or will you? This list includes your website, domains, Google Business Profile, Google ads account, Meta Business Manager and ads account, Google Search Console, Google Analytics, and more.


Stories Marketing recommends pregnancy centers have admin access to all their assets. If you choose a service or company that requires a different setup, ask the company how they track conversions and if they provide transparent reporting. This can prevent you from paying for a service that does not provide the desired results. 


If you switch companies or there is a change in staff at the center, remove past admins or users on any profiles. This is especially important for any ad accounts. We’ve seen accounts that were deleted from past agencies, causing the center to lose their successful campaigns and have to start over. We’ve also seen centers get kicked out of their assets. We want to make sure your profiles and accounts are protected and secure. 


Note: We recommend having more than one (trusted) admin on your Facebook and Instagram pages so you don’t risk losing access permanently. 



2. Own multiple domains and don’t let a client-facing domain expire.


In the sprawling landscape of the internet, your brand's identity needs a sturdy fortress. Imagine your domains as the protective walls around your digital castle. To safeguard your center’s brand from impersonation, if it’s affordable and available, we recommend acquiring both the .com and .org domain variations. 


For example, if your domain is thewomenscentertx.org, we recommend also buying thewomenscentertx.com and redirecting it to your primary domain. This strategic move can prevent a competitor or pro-abortion group from buying a similar domain and redirecting traffic to their site. (Trust us, we’ve seen it happen!)


In the same vein, you shouldn’t let an old domain go. However, releasing a client-facing domain can also be detrimental to your Google ranking. If you launch a new website or are changing a domain due to a rebrand, it’s imperative that your website company performs 301 redirects to ensure your site does not disappear from local search. 





3. Ensure your website is secure and there is no PHI stored on your site.


The Department of Health and Human Services defined PHI as all “ ‘individually identifiable health information’ held or transmitted by a covered entity or its business associate in any form or media, whether electronic, paper, or oral.

‘Individually identifiable health information’ is information, including demographic data, that relates to:

  • the individual's past, present,  or future physical or mental health or condition,

  • the provision of health care to the individual or

  • the past, present, or future payment for the provision of health care to the individual,

  • and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.13 Individually identifiable health information includes many common identifiers.” 

Examples of PHI that apply to pregnancy centers include a client’s name, email address, phone number, physical/mailing address, and date of birth.


If your site is built through WordPress, you’ll need an additional plug-in to help protect your site. (We recommend WordFence.) Your hosting company should also provide ongoing updates to your site to keep it healthy and up-to-date. If you use Wix or similar providers, they provide additional security at no extra cost. With any option, use a strong password and turn on 2-FA (2-factor authentication).


However, no matter where your site is built or hosted, your data is vulnerable. We recommend utilizing third-party HIPAA-compliant forms to ensure no PHI (personal health information) is stored on the backend of your client site. If you don’t work with a company that provides HIPAA-compliant forms, use an online scheduler (Ekyros is an example) or remove forms altogether. 



4. Do not let your SSL certificate expire. 


SSL (Secure Sockets Layer) is a security protocol that creates an encrypted link between a web server and a web browser and authenticates a website's identity. Without an SSL certificate, visitors are redirected to a warning page when they attempt to view your site. While they can continue to the site from the warning page, many abandon their search since it is not deemed safe. 


5. Have a professional, secure email that matches your domain.


Professionalism is non-negotiable in the digital age, where first impressions are often formed online. It's a small but impactful detail that can significantly enhance your pregnancy center's credibility and build trust with clients and partners.


One of the simplest ways to convey professionalism is through your email address. Consider this: Would you be more inclined to trust an email from "yourcentername@gmail.com" or "director@yourcentername.org"? A professional email address that uses your center's domain (director@yourcentername.org) exudes authenticity and dedication.


This seemingly minor change can affect how your center is perceived. It assures clients that they interact with a legitimate, organized, and professional organization. It sends a clear signal that your center takes its mission seriously and values the trust that clients and partners place in it. It’s also wise to have an email (like info@ or help@)  that is accessible to multiple staff members.


Most importantly, sign a BAA with your email provider and marketing company.



6. Turn on 2-FA on every login you can.


2FA, or “Two-Factor Authentication,” is a security measure that adds an extra layer of protection to the traditional username and password login process. Users must provide two separate authentication factors from different categories to verify their identity. The three main categories of authentication factors are:


  • Something You Know: This is typically a password or PIN.

  • Something You Have: This involves a physical device or token, such as a smartphone, security key, or smart card.

  • Something You Are: This refers to biometric characteristics like fingerprints, retinal scans, or facial recognition.


By requiring two of these factors, 2FA significantly enhances security and helps prevent unauthorized access. Even if a hacker manages to obtain or guess your password (something you know), they would still need the second factor (something you have or something you are) to gain access. This adds an additional layer of complexity, making it less likely for unauthorized users to breach your accounts.


Many security standards and regulations, such as the Payment Card Industry Data Security Standard (PCI DSS) and National Institute of Standards and Technology (NIST) guidelines, recommend or require the use of 2FA as a best practice for securing sensitive information.

It's important for individuals to enable 2FA wherever it's available, especially for accounts that contain sensitive information. This additional layer of security helps protect against various cyber threats and enhances overall online safety.




7. Utilize a secure password-storing system.


One way to ensure that all your online accounts are protected with strong, unique passwords is to use a subscription-based password manager. This software is used to generate, store, change, and share complex passwords with your team members. Users only need to remember a single master password to access their vault of managed passwords.


Examples of subscription-based password managers are Dashlane (which is offered through TechSoup) and LastPass. 


Here's how a subscription-based password manager can help keep online accounts secure:


  • Password Generation: Password managers can generate strong, random passwords for each of your accounts. These passwords are typically complex, with a combination of letters, numbers, and special characters, making them more resistant to hacking attempts.


  • Unique Passwords for Each Account: One of the biggest online security risks is using the same password across multiple accounts. If one account is compromised, others with the same password become vulnerable. A password manager allows users to have unique, strong passwords for each account without the burden of having to remember them all.


  • Secure Storage: Password managers store your credentials in an encrypted vault. This means that even if the password manager's database is compromised, the stored passwords remain protected because they are encrypted. The encryption is typically strong and designed to withstand various types of attacks.


  • Automatic Form Filling: Password managers often include a website browser extension that automatically fills in login credentials on websites and apps. This not only saves time but also reduces the risk of falling victim to phishing attacks by ensuring that you only enter your credentials on legitimate sites.


  • Cross-Platform Access: Subscription-based password managers often synchronize your password vault across multiple devices and platforms. This means you can access your passwords securely from your computer, smartphone, or tablet, providing a seamless and consistent experience.


  • Secure Sharing: Some password managers allow users to securely share login credentials with trusted individuals without revealing the actual passwords. This is useful for sharing accounts with family members or colleagues without compromising security.


  • Audit and Monitoring: Many password managers offer features to audit and monitor the strength of your passwords. They can identify weak or reused passwords and prompt you to update them for better security.


  • Multi-Factor Authentication (MFA) Support:

Password managers can be set up to require MFA to access the password vault, adding an extra layer of security for your passwords. Users can only access and edit passwords if they log into the vault with a master password and a second form of identification, typically a code sent by text message or authenticator app to that user.  


8. Watch out for Facebook (Meta), Google, or website domain scams.


When in doubt, don’t click on suspicious links or enter any information on a form or site. If needed, ask your marketing partner to help you identify a scam, but this link gives more information on how to spot a potential Meta or Facebook hacker. 


Other ways you can avoid online scams that could make your organization vulnerable to attack include:

  1. Look past the logo and links and check the email address. Hackers can’t spoof a real domain like facebook.com or support.facebook.com, wix.com, godaddy.com, or others.

  2. Know who your domain(s) are hosted by, and ignore any emails or letters from companies with other domains. If you get something in the mail that states your domain is about to expire or you have to pay this fee, verify who your domain is with before proceeding. This is a scam that is trying to get you to move your domains. 

  3. Don’t ignore notices directly from Google, but take time to verify the legitimacy of each claim.


Also, if you get messages through Facebook or Instagram instead of a notification on your Business Manager, it most likely is a scam. To date, Facebook will still send an alert if there truly is an issue with your account. 



Stay Secure and Protected

If you are looking for a marketing company that values security and have questions about setting up your accounts properly or reducing your liability online, contact us today. We’re a full-service digital marketing company specializing in pregnancy center marketing. Our team is always looking for points of vulnerability and ways we can help protect our centers from outside attacks. 


1 view0 comments

Recent Posts

See All

Commentaires


bottom of page