Did you know that the average time to identify a digital security breach in 2020 was 228 days? In 2020 alone, more than 155.8 million individuals were impacted by a cybersecurity breach.

Don’t become static. Now is the time to implement strategies to protect your organization from a cybersecurity threat. In the modern age, nearly every business collects and stores sensitive data. Before you solidify the best ways to grow your membership, ask yourself - 

‘What is the most sensitive member data that I collect?' 

Answers might include:

  • Sensitive data (phone number, email, home address)
  • Personally Identifiable Information (PII)
  • Member passwords
  • Employee passwords
  • Financial data/credit card numbers
  • Social security numbers (from all background checks)
  • Insurance information

5 Methods to Protect Your Association from a Data Breach

The most common security risks that businesses face are email scams where a bad link click leads to a breach. Other common threats include phishing, computer theft, or unauthorized (not necessarily malicious) users on the network.

Read on for five simple ways that you can create organizational-level protection against a data breach.

1.    Establish Internal Controls

Not everyone requires the same level of access. You can divvy out your access by tiers, roles, department, or customize which user has access to specific documents. Regardless of how much you trust your staff, you should limit each user's access as much as possible.

Limiting individual use will decrease your risk of misuse of organizational funds or member data being stolen. It will also ensure no single person has too much access or control to the overall system.

2.    Incorporate Intrusion Detection Software

Intrusion Detection Software (IDS) is a system or application that monitors all attempts to permeate a secure network and malicious activity.

The software will send you automatic alerts and analyze the patterns of your organization to notify you of anything out of the ordinary. Detected anomalies are examined so you can react immediately.

3.    Create Password Protocols

Passwords are a tricky area that appear simple but have a huge impact. According to a 2021 Data Breach Investigations Report by Verizon, nearly 61% of breaches were "attributed to leveraged credentials" or stolen passwords.

Consider the following password protocols:

  • Don't share credentials amongst admins, vendors, or representatives
  • Require multi-factor authentication
  • Set platform access to require passwords with special characters, numbers, and capitalized letters
  • Require frequent password updates
  • Store your passwords in a secure platform, such as LastPass

4. Develop a Data Breach Response Plan

Establish a framework for response and post-breach action. If an attack occurs, you need protocols in place so that certain key decisions are made ahead of time and not in the thick of it.

A basic outline for this plan may include:

  1. Confirm and validate the breach
  2. Curate the evidence and protect it
  3. Take action to assemble your response team
  4. Mitigate impact (identify the sources, isolate the compromised data, clear the networks, remove all malicious pieces of code, change all passwords immediately, etc.)
  5. Respond to specific members, alerting those exposed and impacted (reference your federal, state, and local laws to determine the time frame in which this must be done for compliance adherence).
  6. Determine future recovery plans and updated strategies based on your refined programs post-attack. Learn your lessons and mitigate the risk of a repeated breach by acknowledging your weaknesses head-on.  

5.    Training Is Your Most Valuable Asset

Lastly,  your organization is only as strong as its team. You must ensure that your technology investments don't supersede team training!  Even the best protection software will not safeguard against a team that doesn't understand the importance of technology security. 

Stanford researchers found that approximately "88% of all data breaches are caused by an employee mistake.

Training and testing should be a core pillar of your data security strategy. Consider conducting regular seminars and continuing education on data security, regularly testing and auditing your processes, and developing regular drills to solidify training and response plans. 

The more you prepare your staff for these scenarios, the better prepared they will be. 

Secure your Data... Then Act on It!

As an association leader, you are focused on growing your mission and serving your members.

Hum's Association Intelligence Platform was designed to help you understand and act on data insights to realize your goals.

Your digital data can be used to generate positive outcomes like:

  • Understanding the membership on a behavioral level
  • Improving your targeted campaigns
  • Launching personalized digital experiences that modern members crave
  • Understanding which content works vs. doesn't work
  • Talking to the right person at the right time with the right message
  • Outreach that converts

By unifying all of your existing systems (AMS, LMS, MarTech, etc.), we take the guesswork out of analyzing your organization’s data.

If you're ready to make complex data stories easier to act on, message us directly and leave us a note about your top priorities. We look forward to discussing your goals and determining if Hum is the right fit for your association!