Your members count on you to keep their personal information secure, but what happens if it falls into the wrong hands?
Hacking is the top data security concern consisting of 37% of total data breaches in May 2018, according to the Identity Theft Resource Center. If your member data has been improperly accessed, your members could grapple with identity theft, scams, takeovers of credit cards and bank accounts or worse.
But a loss of member trust isn’t the only problem your organization could face if you do not keep your member’s data secure.
Depending on the data that has been stolen, experts say organizations could be legally liable for damages related to data breaches, security obligations and even service level commitments and customer guarantees.
How much can your organization afford to lose if your members’ data is compromised?
Member organizations often hold a great deal of members’ highly personal information. These members are increasingly accessing organizations through websites. So how can you keep member information secure when it comes to what can seem like the Wild West world of the internet?
* Think carefully about all access points to your website and your member data.
CMS, SSH, cPanel, website servers – everything must be carefully secured to prevent hackers from installing malware. If your web server is breached, hackers have the ability to install malware to capture personal and credit card data from your members, without having to access your membership portal at all.”
* Encrypt all data and use the strongest available encryption.
Sound like common sense advice? You’d think so, but between 30-45 percent of data stored by a large majority of companies remains unencrypted, according to “The State of Encryption Today” report by cybersecurity firm Sophos. Organizations cite everything from encryption security being “too expensive,” to not understanding how it works as reasons for not properly securing data.
Not sure how to best encrypt your organization’s data? Contact a cybersecurity expert ASAP.
* Implement a data security plan.
Start by identifying the type of data your organization collects (be precise, this can have legal implications as well), work with a legal expert to determine what regulations and laws could affect that data storage.
Evaluate your current data policies and practices and work with your legal, human resources and technology teams to assess the risks involved with the data you collect and store. Remember to regularly audit and update your data security plan.
*Examine the security of your data communication.
Internal and external email and messaging systems have varying levels of security. It’s important to be aware of how your organization’s data is being communicated and increase security where necessary.
* Be careful who you partner with.
Any third-party vendors or partners with whom you share sensitive information need to have their data security practices examined as well.
Survey and Ballot Systems, for example, is SOC II compliant and we handle all member data using industry-leading SOC II is a technical audit that ensures strict policies and procedures for security, integrity and confidentiality of all voting data. This level of compliance is something you should look for with any vendor, but especially one handling your member and voter data.
Do you have questions about why it’s important to secure member data and how to do it right? Contact the election security experts at SBS, we’re here to help!