How to protect your organization’s member data
Protecting your member data is in everyone’s best interest. For your organization, it reduces data security and privacy issues. For your members, it improves their trust in your organization, which ultimately results in greater member loyalty.
Keeping your organization’s data safe involves six fundamental approaches:
- Know the regulations regarding Personal Identifiable Information and Business Identifiable Information
- Put software in place that protects your member data
- Set up data security and governance policies to mitigate risk to your organization
- Share security measures with members and staff to build trust around their data
- Have a plan in case of a data breach
- Stay up to date on the latest security threats and how to protect against them.
In this blog, you’ll find more details about these six things that you can do to help keep your member data secure and stay in compliance with data privacy laws.
1. Know the regulations.
In the U.S., organizations are responsible for maintaining the privacy of Personal Identifiable Information (PII) and Business Identifiable Information (BII), according to the privacy terms published by your organization and regulated by data privacy and protection laws that vary by state and federal regulations. The Cybersecurity & Infrastructure Security Agency of the U.S. government (CISA) is a great resource for understanding what your organization needs to know about cybersecurity.
In addition, any organization doing business in Europe must comply with General Data Protection Regulation (GDPR) rules. Fines for GDPR violations can be in the millions of dollars, and it only takes one unhappy person to report an error.
TIP: Use this GDPR checklist to help ensure your organization’s compliance with GDPR.
2. Put software in place that protects your member data.
Keeping your organization’s data safe and complying with data privacy laws and guidelines are big challenges when your data is scattered in multiple systems. Putting in place a centralized system to collect and manage your member data will make data security and privacy easier.
Choosing membership management software with a full set of applications will help your entire organization manage member data in one location. That means you’ll have fewer places to worry about when it comes to securing access to your data and ensuring your data practices are consistent and compliant
TIP: Aptify by Momentive Software is membership management software that includes comprehensive functionality, such as CRM, accounting, meeting and events management, and more, to help your organization manage member data in one secure place.
While managing your organization’s data in a centralized system makes it easier to keep a handle on security and privacy, it’s also important that your membership management software has a strong security and privacy foundation.
For example, Aptify is built on the Microsoft Azure cloud computing platform. Microsoft invests billions annually in enterprise software security, and Microsoft Azure provides a protected foundation across physical, infrastructure, and operational security. This combination helps to protect your applications and data, supports your compliance efforts, provides cost-effective security for organizations of all sizes, and is PCI compliant.
Many capabilities in Aptify are native to Microsoft Azure, giving your organization the modern security benefits of the Azure environment through Aptify, including:
- Cloud-native network security and monitoring that protects the data and performance of your applications and network
- Backup and disaster recovery that minimizes any disruptions to your organization
- Built-in cloud governance capabilities to help ensure your organization meets global data regulation requirements, including General Data Protection Regulation (GDPR)
- Automatic, non-disruptive updates that can be seamlessly deployed
TIP: According to the CISA, you should automatically update your software to keep your organization cyber safe.
It’s also important to make sure your organization is following the cybersecurity best practices that your software supports. Be sure to choose a membership management software vendor that will work with you to help you understand what security and privacy functionality the software includes. The vendor also should help you to understand what practices you should be following on your end.
For example, the Aptify team provides customers with a list of suggested practices to prevent unauthorized access to your system and help protect member data. This includes:
- Implementing multi-factor authentication (MFA). Aptify helps to ensure your members are creating strong passwords and enabling MFA for all log-ins. Aptify also allows you to use reCAPTCHA for payment processing validation.
- Restricting access where needed. According to the PII regulations, only those who need to have access to do their job should have access to it. With Aptify, your organization can maintain data security by managing data access for each individual
- Not holding on to payment data. You should never store payment or credit card data in a database, network, or cloud-based storage system because if you do experience a data breach, it will be your responsibility in terms of fees, penalties, and damages incurred from it. Instead, use a hosted payment or donation form to keep sensitive payment information out of your system and reduce your PCI risk. For example, Aptify uses BluePay, which does not collect payment information but does allow for payment methods to be securely stored for future payments.
3. Set up data security and governance policies to mitigate risk.
Data governance is increasingly vital as all organizations face new and evolving data privacy regulations and cybersecurity threats. Be sure that your organization has an updated data governance policy that sets standards for who handles data in your organization, who can access data, and how data is used.
Your data governance policy should include
- Purpose – Start with a statement about why you have established the policy. Explain how it supports your organization’s mission and goals
- Roles and responsibilities – Determine the roles and responsibilities of your data owners, users, and stewards. Also, consider who will make up your data governance body (this might be a small committee)
- Rules – Include guidance on how your organization will regulate data. Include rules about data-specific subjects, such as: access and availability, usage, security, quality, and integrity
- Key definitions – Include a glossary of important terms used in your policy, such as data, data user, access, and metadata. Also, include definitions of key terms used in your organization, such as “current member” and “lapsed member”
- Review process – Including a section that covers how your data governance policy will be established, reviewed, updated, and approved
- Additional resources – Include documentation, such as data regulations, that might need to be referenced by anyone handling data in your organization.
Once you have established or updated your organization’s data governance policy, share it with stakeholders in your organization. Then, consider meeting quarterly or annually, based on your organization’s needs, to refine and enhance your policy in the future.
TIP: With Aptify Dedicated Teams services, Aptify consultants can monitor your systems and provide recommendations to mitigate security risks.
4. Share your security measures with members and staff.
As your members become accustomed to highly personalized online experiences in their daily lives, they’ll expect the same level of personalization with your organization. But to entrust you with their data, they also need to know their data is secure.
Let your members know that you have data security precautions in place. Tell them how the information you collect will be used for a more personalized experience, and your members in turn are more likely to trust you with their data.
TIP: Aptify allows you to customize and post data privacy messages on your member-facing website.
It’s also important to educate staff and remind them often of the security governance plans your organization has in place. Aptify makes this easier for you, as you can use the Education module in Aptify to assign learnings to your staff and even set up workflows based on hire dates.
5. Create a plan in case of a data breach.
Having a plan in place and a team responsible for managing security breaches is crucial, as cybersecurity threats can have harmful consequences.
In a recent article in the Washington Post about the FBI and European authorities taking down a major cybersecurity threat, German police and prosecutors said in a statement that they succeeded because the victims filed charges with the police instead of paying ransoms. In contrast, only about 20 percent of the U.S. victims filed charges, making it more difficult to solve cases and leaving victims out the ransom money or worse, like the example of a nonprofit hospital network that, “had to cancel urgent surgeries as its staff moved to paper charts,” according to an FBI affidavit.
How each organization handles security breaches differs, and the laws for reporting data breaches varies by state. Consider using this breach notification plan as a guideline for your organization’s plan.
6. Stay up to date on the latest security threats and how to protect against them.
The best way to protect your member data is to familiarize yourself with threats. It’s worth it for you and your staff to learn more about various types of fraud affecting membership organizations. After all, the threat of cybersecurity breaches is not going away. So, be sure you have the right team in place and the right software that won’t leak your member data to the dark web.
At Aptify, we can help. We share information, get updates through our Microsoft partnership, and have our own internal cybersecurity experts to help us mitigate risk to our customers. According to Tim Ward, general manager at Aptify, “Combating cybercrime is about having a mindset of ongoing security. You build a mouse trap that works for a while, and then the mouse gets smarter. That’s why Momentive Software makes significant investments in and has an ongoing commitment to the people, processes, and tools necessary to protect the data and systems our clients entrust to our stewardship.”
TIP: Stay on top of current security threats by building an internal cybersecurity team, joining a cybersecurity association, following government organizations, such as the Cybersecurity & Infrastructure Security Agency, and working with a software vendor that values security.
Take the next step to secure your member data.
We hope the tips and insights in this guide are helpful as you work to protect your organization’s data. Be sure to keep in mind that using the right membership management software can help.
For more than 25 years, Aptify has been a leader in membership management software, supporting large associations and unions. We have the experience and expertise to help your organization mitigate risk to your member data, so you don’t lose their trust.
Learn more about how Aptify can help you manage and secure your organization’s member data and processes: Explore Aptify