Having your membership data in the cloud is convenient, cost-effective, and efficient. But with the many advantages comes the risk of data security breaches. If your membership database is hosted online, it’s your responsibility to do everything in your control to safeguard your members’ personal information.
If you’re using an online software provider to host your membership database and store credit card information, it’s up to them to make sure the system meets PCI Security Standards. But your users will need to do their part to keep client data safe.
Here are some common-sense rules for data security that you and your staff should be following!
It’s pretty obvious that when someone leaves your organization, they should no longer have access to your membership data. But this one tops the list because it is so often overlooked. There is nothing complicated about it– just remember to update your administrators when positions change.
If possible, everyone who accesses your membership database should have a different username and password for several reasons. First, every transaction and change that is processed through your system should have an administrator attached to it. If an issue ever arises, you’ll know exactly who you need to approach to fix it. It also prevents people from leaving your organization with your log-in information (if you forget to change it).
Make your passwords at least eight characters, and include both letters and numbers. Use both upper and lower cases and if you can help it, don’t use words you can find in the dictionary. It’s best to have a unique username and password for every website you log on to so that if one website gets compromised, you don’t risk compromising the others.
Your email password should be extra secure because when you forget a password online, that’s where a replacement password will be sent.
Don’t write your passwords on a post-it and stick it to your computer, and if you have a document that contains all of your usernames and passwords, use an encryption tool to keep the information secure.
Never ask your members to send you credit card details or other sensitive information by email, and don’t be casual about taking credit card information by phone. If you write it down on a piece of paper, process it immediately and dispose of it securely or store it in a locked drawer. If you are taking payments online through your software provider, check to make sure they meet current security standards.
Data security is not top-of-mind for most people, so it can be helpful to create a security policy and ask each member of your staff to read and sign it. This is an effective way of raising awareness of the risks and ensuring that your staff acts mindfully when it comes to member data.
You probably know people who avoid using technology because of fears around security – maybe you’re one of them. The truth is, these fears are justified and having your data compromised is possible. However, it’s often not the technology that’s insecure, but the practices of people using which may lead to a security issue. Even with the best software in the world, you can still inadvertently have your data hacked if you’re not mindful about your day-to-day processes.