SSL - What it Does

Website SSL provides a more secure way to interact with a website. With an SSL site, the URL starts with https instead of http - the "s" stands for "secure". SSL improves security in two ways: authentication and encryption.

• Authentication ensures that the domain being displayed in your browser's address bar is indeed the website you are seeing. This prevents users being victimized by a variety of hacking techniques designed to trick them into entering private information to a website that is not what it appears to be. SSL is not a cure-all, as there are many ways hackers and con-artists can trick people, but it does prevent some of the more insidious methods, such as DNS highjacking and man-in-the-middle attacks.
• Encryption prevents potential eavesdropping, which is especially important if you are accessing the internet over WIFI. Without encryption, your logins, passwords, and other sensitive information could be obtained by anyone able to intercept or listen in on your network traffic.

SSL - Why It's Become So Important

It's the need for encryption that has driven the adoption of SSL in recent years. Increasingly, browsers warn users whenever information is about to be entered on a website that is not using SSL. If you want users to trust your website and feel at ease, SSL has become a must-have.

Another huge motivator for encryption is the increased use of mobile computing. The ease and convenience of WIFI means it is also much easier for somebody nearby to listen in on your network traffic. The need for website SSL was made all the greater in October 2017 when it was discovered that WIFI's built-in security standard, WPA2, is highly vulnerable to attack, affording little protection against eavesdropping.

SSL - What are the Options?

SSL certificates are traditionally issued by a commercial certificate issuer, with prices ranging from tens to hundreds of dollars per year. In 2016, a new system for issuing free automated certs was created by Let's Encrypt, using a protocol called ACME. Commercial SSL certs are typically good for one or two years. Free ACME certs are good for at most 90 days but are renewed automatically.

So if there are expensive SSL certs, and cheaper certs, and very cheap certs, and even free certs, what's the difference?

The good news is that when it comes to encryption, there is no difference. All SSL certificates regardless of cost., support the same enterprise-level 2048-bit data encryption. And as we've seen, encryption is the main issue.

One way SSL certificates can differ is the level of website authentication they provide. The most basic level is domain validation (DV). This means that the domain on the cert matches the domain of the website, so if the browser address bar says https://www.somesite.com then you really are at www.somesite.com. All SSL certs provide this. For the vast majority of websites, this is all you really need.

Commercial SSL certificates can, at additional cost, provide organization validation (OV), and there's an even fancier version of this called extended validation (EV). While DV authenticates the domain, OV and EV also authenticates the legal business name of the organization, providing assurance that the people running the website really are who they claim to be.

With an OV cert, users can inspect the certificate in their browser and see the name of the organization, although most people won't know how to do that. With the even more expensive EV cert, the organization name appears in the browser's address bar in green, making it completely obvious. EV certs are what you normally see with banks and other financial institutions where trust is most important. Twitter currently uses an EV cert, but Facebook and Google don't bother, and just have OV certs. If your domain is widely recognized, then an EV cert doesn't add much.

There are a several other distinguishing features of SSL certificates:

Commercial SSL certificates provide liability protection, covering losses due to a flaw in the certificate. It's like insurance for the cert. For a basic GoDaddy cert, losses up to $100,000 are covered. Free certs do not have this at all, while more expensive certs typically cover higher amounts. It's debatable how useful this is.

Another consideration is reliability. SSL works because each browser - Chrome, Firefox, IE/Edge, Safari, etc - is programmed to trust the various certificate issuers. However if an issuer fails to exercise acceptable levels of security and diligence, they can have this trust revoked at the discretion of the browser makers. This could render invalid some or all of the SSL certificates that they've issued. While such occurences are rare, major websites typically use the more established and reputable issuers, which also tend to be more expensive.

Prestige and reputation can be a factor. Users who are very discriminating and technical may look at the issuer and level of a certificate, and use that to judge the trustworthiness and credibility of a website. A free or bargain-basement cert might be looked down upon.

For organizations wanting SSL on more than one domain, then a multi-domain SAN cert is an option. These support up to five different domains. Prices fluctuate, but if you have three or more domains, then a SAN cert is usually cheaper than three individual basic certs from a commercial issuer.

On May 25, 2018, the EU General Data Protection Regulation (GDPR) will come into effect.

The GDPR (General Data Protection Regulation) pertains to EU citizens and any organizations that collect or process data on EU citizens. If your membership database includes EU citizens, you will want to understand the GDPR, how it affects you, and what your obligations as a data controller are.

1. You must obtain consent to track personal information about individuals. Normally this is not a big deal, because people who actively fill out forms to apply for membership or other website services are generally well aware of what they are signing up for. But if you intend to use that data for other purposes, or if you have old historical data in your database that was not collected in such circumstances, or you are creating records yourself to track information about people without their knowledge, then the situation is not so clear.
2. If you have a privacy policy or terms of usage, they should state what information you collect and what you are using it for in simple, unambiguous language. If you find that you have old data in your records for which you do not have consent to use for your current purposes, that data should be removed.
3. Even in cases where you have collected personal data with proper consent, the GDPR makes it clear that people can withdraw their consent, and you have to respect their wishes in that regard. The GDPR even allows them to request that you delete their personal data – this is called their right to be forgotten. If you receive such a request, you should know how to find their data records and either:
• delete the records entirely
• if you cannot delete the records, blank the personal data fields
• if you cannot blank the fields (for example, if it is a required field), then anonymize the data (change it to something that is no longer personally identifying)
4. When removing data, it is important to distinguish between their personal data, and your organization's business records. You do not need to eliminate all traces of their existence, only the personal data that you do not require to do your own work. For example, if the individual made a purchase from you, the records of that purchase are your business records, and it is reasonable to keep them on file for your own accounting. But if you are tracking personal information like photographs, birthdates, or education history, and those data are not pertinent to your organization's ongoing work, then that data should be removed on request.
5. Individuals have a right to know what information you collect about them. If the person is a current member or guest on your system, they may already be able to access their profile, which shows most of the data that is collected. If they have been archived or do not otherwise have a login, and they request a copy of the data you have on file about them, you should:
• verify that you are releasing the data to the person in question (sending it to an address that you already have on file for them is a reasonable approach)
• use your Report Builder to build a custom report for just that member. Select as many fields to display as are likely to be relevant, and add a single condition to select information only where member_id = that member's ID.
• export the results of that report, and send it to the person
• you can also go to the Payments module, pull up their account history, and email their account statement, so they can see their purchase history with the organization.

As noted above, they can request that you delete personal profile data, but their purchase history is part of your accounting records, and you can retain that information if you wish.

Read more about the GDPR here.

Millennials are starting out their careers. They are looking for job leads and are focused on their career. Smart associations will target the next generation of members by offering:

• student or under-30 member rates
• member-only job boards
• mentoring programs
• networking opportunities/events for this group

Exware will talk about attracting the next generation in its blog over the next few months.

Here are some very specific and immediate tactics that you can implement:

Step 1:
Make sure you understand the age demographics of your current membership. Do you track birth date or age range so you can understand where your at? If your membership is older in age, you need to figure out how you can attract the next generation.

Step 2:
An easy 'win' -- offer a student or under-30 rate; however, make sure you track second year retention rates

Step 3:
ffer a members-only job board that incentivizes this generation to join. Most millennials will change jobs frequently.

Step 4:
Leverage your experienced membership base by offering a mentorship program.

Introducing a Mentorship Program

Yes, this may sound daunting so let's start with the basics:

• Ask your members if they want to be a mentor. If yes, in what areas.
• Ask your student members if they need mentoring. If yes, in what areas.

Before you match your mentors/mentees, it's important that you provide guidance. For example, ask the mentees to list potential areas they are hoping to work on during the course of the mentorship. Each mentor/mentee can then discuss their list during the initial meetings. From there, the mentor and mentoree can agree on a set of reasonable mentoring objectives.

Make sure you actively follow-up with the mentor/mentee to find out how it's going. This is invaluable feedback and will help you grow the program as well as use the results and feedback to attract new millennials.

In addition, you may want to track some basic member demographics so you can monitor change. For example, age range of members and age range by membership type. This will allow you to track membership acquisition by age group -- with the goal to increase your 'under 30' stats.

What does this mean for Exware clients?

Ask Exware to how you can start tracking your membership age stats and what programs will fit with your association's goals and objectives.

Understanding the make-up of your membership can be an important tool to help with your planning and program development.

Research shows that while most associations are still dominated by members from Generation X or older (born before 1980), the next wave of members, consisting of Millennials and the even younger Generation Z, are coming up fast. Those born from 1980 onward represent over a fifth of a typical association's membership, and studies have show that associations demonstrating membership growth and high renewal rates are usually those that have a higher percentage of Millennials.

Is your membership mostly in the early stages of their careers, middle, or nearing retirement? Knowing this allows you to see what types of programs may be of most interest -- should you be focused on career building and networking events aimed at your younger members or leadership/management oriented programs?

Understanding your member age brackets also allows you to assess if you're attracting and keeping younger members that will continue with your association as older members retire. If you find that you need to attract and retain younger members, consider programs that will attract them -- mentorship programs, networking events, career building courses/events, member-only job boards, etc.

The best way to plan for the future is to know where you stand now.

What's this mean for Exware clients?

Exware now offers a Member Demographics module that shows membership stats by age. Associations can also set-up stats on three additional membership demographic fields. Ask us about it today.

Machine learning is one of the biggest growth leaders in technology, giving computer systems greater ability to understand and interact with the world and with society. Machine learning has traditionally been used for things like identifying faces or other objects in photographs, automatic translation, transcribing handwriting, and data forecasting. But now it is being applied in an ever-greater range of applications and businesses.

Machine learning is a technology in which a computer system is fed large amounts of data to analyze, as well as the outcomes or goals it is expected to achieve from that data. It builds an internal model of how to process the data, usually random and meaningless at first, and then applies that model to the data repeatedly. It adjusts the model as it goes, and gradually improves its performance over time. Such systems can learn to disregard irrelevant information, and find patterns that more traditional methods can miss. In some cases, the systems can match or even exceed the abilities of a highly-trained human, or deal with volumes of information too great for a person to process.

Benefits of machine learning are increasingly finding their ways into our day-to-day lives. Our phones have better voice recognition and predictive text, services like Netflix, Amazon, and Google are giving us recommendations that better match our wants and needs, while the latest automobiles come with driving assist features to make our roads safer.

In the future, member associations will be able to use tools like these to better understand and meet their member's needs, plan and organize better events, improve marketing and member retention, reduce spam in their inbox, and benefit from better website security.

What’s this mean to Exware clients?

At Exware, our research team is actively investigating machine learning tools to find ways they can improve our AMS system and benefit our clients. Stay tuned for updates.

As part of client support, Exware continually updates modules and servers. One of our most recent updates is adding DKIM support to the Email Distribution module. DKIM improves overall deliverability of emails sent via the Email Distribution module. It reduces the chance of these emails getting blocked, spam-filtered, or tagged as possible fraud by the receiving mail system.

DKIM stands for DomainKeys Identified Mail. It works through a system of cryptographic signatures which verify the authenticity of the emails being sent. The way it works is a bit complicated, but below is a quick rundown.

When DKIM is enabled, each email sent contains a unique encrypted signing block embedded in its mail headers. This digital signature is generated using public key cryptography, which is the same technology that keeps websites secure using SSL. When setting up DKIM for a website, a special Email Distribution DKIM public encryption key is added to the domain's DNS. Only the Exware mail server has the matching private key, which means only the Exware server can generate the correct cryptographic signature for each email. The receiving mail server can look up the public key in the DNS and use it to verify the validity of the DKIM signature block in the email. That way it knows the received email is legitimate, as its signature matches what's in the domain's public DNS records.

Since spammers don't have access to the server's private key, and have no ability to mess with another domain's DNS records, they are unable to generate DKIM-signed email. This is why DKIM-signed email is more likely to get past modern spam-filters.

To have this added to your Exware AMS, please contact us as we must set up the system on our servers and update your DNS records to match.

Another recent email change applies to clients whose email is hosted by Exware using Connex Email Manager. This improves deliverability for addresses that forward to a third-party email account. It's done using a technology called Sender Rewriting Scheme (SRS), which modifies some of the mail headers in a way that make it easier for the third-party system to understand that the email has been forwarded. Without SRS in place, some receiving mail systems might reject the forwarded email as possible spam. This improvement has been added automatically to clients whose email is hosted by Exware.

As we enter into a new year, it's a good time for Associations to do a quick audit of 'what is' and make a plan for 2018. Here are some specific things to review:

1) Go through your website to:

• double check that all content is still relevant. Make sure links to third party sites and/or documents still work. Use this link checker tool: https://www.drlinkcheck.com/
• make sure you can easily find content that the public and your members are trying to find.
• review your Google Analytics to see what is your most popular content and what was least popular. This can give you ideas on how to changes things on your homepage or the navigation of your site. Hide or delete obsolete content - this can also speed up your site.

2) Review your membership:

• create a report of recently lapsed members and personally follow-up with them. Try to bring them back onboard or at least understand why they left
• review your Renewal Reminders to ensure they are up-to date.
• total up the number of new applications and renewals for the year and see how that compares to prior years - Exware clients can do this by exporting the sales summary in the Membership module.
• create and email a member satisfaction survey - keep it short and quick for best results.
• review your accounts receivable to ensure it's up to date -- Exware clients can do this in the Payments module.

3) Review your site security:

• have you added SSL to your site yet?
• if your site does have SSL, you can see if its configuration gets a passing grade by going to https://www.ssllabs.com/ssltest/
• review your list of admins to ensure it's current. Archive admins no longer with you.
• make sure you have strong email passwords, particularly for generic accounts like info@ and hr@. Malicious password-guessing bots work around the clock trying to break into email accounts, so weak passwords will eventually fail.

The final step is to make a Plan for 2018:

• what are your membership retention goals?
• what are your membership acquisition goals?
• what are your membership engagement goals?

What's this mean to Exware clients?

Contact Exware to find out ways that we can you achieve your goals or how to do any of the above items.

With cloud computing becoming common-place, many Canadian Associations have not been able to take advantage of it due to The Personal Information Protection and Electronic Documents Act (PIPEDA) which is a Canadian federal law that applies to the collection, use, and disclosure of personal information in the course of commercial activities in all Canadian provinces. It requires that all personal data is stored and hosted in Canada.

This goes against the nature of cloud computing where the specifications and the location of your servers is immaterial. The benefits of the cloud computing approach is that you do not need to concern yourself with low-level IT details like server hardware and hosting facilities, and related issues like hardware maintenance and server migrations. But the very abstraction that makes cloud computing attractive also makes it problematic when you do need to state with some specificity where your data is located.

Cloud vendors are starting to allow some flexibility in their services. Starting a year ago, Amazon has allowed their cloud customers to confine their instances to their Canada (Central) Region, which means that stored data and cloud servers will be located in the Toronto-Montreal region, and will be geographically isolated from other Amazon facilities in the U.S. and abroad. Amazon claims to have two availability zones in Canada, meaning that even if one of their facilities suffers a serious problem, the other can pick up the slack and ensure continuity of service.

What does this mean for Exware clients?

Exware is researching cloud hosting options to determine the specific pros/cons for our clients before introducing new packages. For those not ready for cloud hosting, Exware will continue to offer its traditional physical server options.

Almost all organizations would like to increase their membership, and according to the 2017 Marketing General benchmark report, far more are seeing increases than decreases - 46% compared with 25%. This has been the case for nine consecutive years. Membership retention is an important part of that, with the report showing a median retention rate of 84%. Challenges most frequently cited by organizations trying to retain and grow their membership include insufficient staff, an inadequate member database, difficulty maintaining younger members, and providing sufficient value to members.

Here are ideas that can improve membership retention by providing greater convenience and value to members:

1. implement auto-renewal
2. introduce multi-year renewal plans - 1 year, 2 year and 3 year rates
3. personally follow-up with recently lapsed members and try to win them back. If you can't, find out why. This is valuable information that can be used to refine your retention and member engagement strategies.
4. offer members an incentive to renew by a specific date. This can be done by offering an 'early bird' rate or a discount towards a future event or course offering.
5. offer a discount to archived members to get them back -- CAUTION: you don't want people to "archive" because they know you'll offer an incentive. This may be a good 'one-time' promotion to clean-up your archived member list.

How easy does your association make it for members to stay current?

Our 4th and last installment of our style guide series will touch on the things covered by regular style guides: how to write for your audience. Your language style choices will help to define your "voice". Keeping it consistent will help to convey professionalism and authority.

There are many things you might want to decide on a set of standards to use for, such as:

Spelling: Are you using American, Canadian, or British English spelling conventions? Make sure your work computers are configured with the correct language choices, so that their built-in spell checkers will give you consistent results.

Abbreviations: Do you include periods or not? (For example, USA or U.S.A.) Some abbreviations have multiple variants; which ones are preferred on your site? (For example, USA vs US.) Pay particular attention to the abbreviations that are commonly used in your field.

Numbers: Numbers, especially larger ones, can be written numerous ways. For example, "one thousand" vs "1,000" vs "1000" (or even "1.000" in some European styles). Style recommendations on this point sometimes change depending on the size of the number. For example, numbers below 20 should be written out, but higher numbers should be numeric. Also consider whether ordinals should be spelled out or abbreviated, such as "fifth" or "5th" or even "5^th" if you want to get fancy. Should you write #1, or Number 1, or No. 1?

Locations and Addresses: Should states and provinces be spelled out, or abbreviated? If abbreviated, should you use standard two-letter postal abbreviations? How should phone numbers be written, especially when area codes are included?

Jargon: Some terms are not widely understood outside their specialized fields. Try to avoid jargon in areas that may be outside your audience's regular experience. At the same time, have a list of approved jargon that they should be comfortable with, and feel free to make use of it if it helps to make your writing more concise.

Writing Style: What is the likely reading level of your audience? Should you write in first or third person ("I" vs "we") or avoid personal pronouns entirely? Should you avoid passive sentence constructions and vague attributions (such as "It is felt that...")? Should you use a conversational tone, or a more formal tone? Should contractions be spelled out fully (such as "cannot" vs "can't")?

Credits, Footnotes, and Captions: How do you give credit to sources? As a byline before the article, or a footnote after the article? Do you credit image sources in the image caption, or the article footnote?

Linkiness: Do you link often or very little? A "linky" website will try to link relevant terms (such as organization names) to their websites. This helpful for readers who want to find more information without having to pay a visit to Google, but it also risks diverting them away from your website. If you do not want to divert your readers in mid-article, you can place the relevant links in a "More Info" section in your footnotes.

While you may need to come up with a few standards and rules that are particular to your organization and website, very often you can simply defer to one of the industry-standard style guides that are used in the publishing industry. Here are some samples to get you started:

• Wikipedia Simplified Manual of Style
• APS Style Manual
• Canadian Press Style Guide (free variations available through many universities)
• Chicago Manual of Style
• Strunk & White's Elements of Style