Data security is not just a factor for major corporations and other businesses. Its importance also lies with associations. Many associations are collecting just as much, if not more, data than for-profit entities; and the number of associations continues to rise each year. As we talked about in a previous post, the number of associations has nearly double in the last few decades, and in an era of “big data” and constant data collection it’s imperative to have the proper measures in place to secure this data from potential threats.
What types of data does your association collect? Perhaps the most relevant to data security is the data and information of an association’s members. This data may include such things as name, phone numbers, or addresses. If these are stolen or hacked, it might not be that big of a deal – yet still not a good thing. A name, address, or phone number are fairly easy to obtain of course, and probably not the target. We need to think a little bigger here.
Many association members pay dues or make consistent donations from a bank account or credit card. These days many associations store this information to be called later which allows them to automatically charge dues to members or keep track of donations/income. Some associations may even require things such as a Social Security number or other private identification. This is the type of data that can be really vulnerable and valuable to a digital intruder.
Imagine if your association had a data breach and your member’s credit card numbers, bank account information, and social security numbers were copied or stolen. How would your association look to not only your constituents but the rest of the community? Your organization would likely lose a lot of trust, and could ultimately find itself in an even more precarious position. What could you have done to prevent such a thing? How do you ensure that valuable and sensitive data remains secure?
The first step is evaluating the current state of your data’s security. This is often called a security or risk assessment. This outlines the measures you currently take to protect your data, and the possible risks that are out there. Furthermore, this may also outline what steps to take should an attack occur or a threat imminent, and will determine what types of compliance may be necessary as well.
To take this a step further beyond data security, you also want to be able to recover your data if anything is lost. Disaster recovery methods are just as important as securing your data. Malicious software or even a heavy weather event could be a threat to taking down your database or losing important changes you’ve made. Completing consistent backups and having a disaster recovery plan is just as imperative as securing your data.
The first step to creating a solid disaster recovery plan is determining who will be responsible for backing up your data, and who will be responsible for recovering it should things go awry. Then you can outline the proper steps to completing these tasks and what other members of your team will be notified or involved. This falls into the category of business continuity, or “association” continuity if you will.
Overall, data security and disaster recovery methods are extremely imperative to running a successful association and maintaining trust with your members and others in the community. If your association is unsure of how to move forward with proper data security and/or disaster recovery we suggest consulting with IT experts like Neovera who can help with risk assessments and business continuity plans.