Your members are trusting you with sensitive information. Any database with user profiles, contact information, or membership data can be vulnerable to database security issues.
From serious financial breaches to simple spam emails, unsecure membership data puts users at risk. It’s your responsibility to protect the data stored in your system and live up to your members’ trust. Here are some pointers to help you get started:
10 Ways to Max Out Membership Data Security:
- Store Less Data: The best way to minimize the damage of a breach is to collect less data in the first place. Do you really need member birth dates? An annual birthday greeting email sounds like a nice idea, but birthdates and social security numbers are prime targets for hackers. Outsource payment processing through a reputable third-party payment engine and leave it to the experts to store or secure financial data.
- Never Collect Info Over Phone or Email: Email and telephone spoofing are on the rise. Standard emails aren’t encrypted—they can be read by any server relaying the message. Sensitive data should never be purposefully collected over the phone or through email. Make sure to remind your members not to offer any, either.
- Use a Robust Web Form: A secure, customizable online form builder is a fantastic investment for membership data collection. A robust web form can validate fields and check for issues with zip codes, dates, improper numerical entries, or incorrect email addresses. Our OpenWater software is centered around collecting and managing all sorts of member submissions (such as registrations, abstracts, or applications) through a responsive and secure form on your website.
- Keep Email Addresses Private: Spammers can crawl public email directories to fill up their spam email lists. CAN-SPAM regulations may even prohibit you from sharing certain email addresses without consent. You’re much better off with a built-in member messaging feature, such as the integrated email system within OpenWater. Staff, speakers, and reviewers can easily keep in touch within the system without a public email directory.
- Check On 3rd Party Service Providers: Odds are a few external software services interface with your membership data (like Salesforce, an AMS, MailChimp, PayPal, or Xero). Check with the provider to learn about the tools and settings available to you and whether you need to do anything to better protect your members’ data privacy.
- Look (Regularly) for Viruses and Malware: This almost goes without saying, but don’t wait too long between scans for membership database security threats. Regular database health checkups are essential, just like in real life.
- Require Secure Passwords: Login credentials shouldn’t be easy to replicate or guess—set a high bar by requiring at least 8 characters, including a numerical character and/or another special character.
- Include a Captcha on Forms: Whether the form is for annual meeting registration, abstract submission, donations, or something else, an anti-spam Captcha can help prevent bots from accessing your system or logging into areas with sensitive information.
- Secure Downloaded Data: Any data taken outside of your secure system needs careful handling. If you download member data into a CSV file, for example, be careful with how and where you store it. Sending it as an email attachment exposes it to the same risks as collecting it through email in the first place (except that all the membership data is now in one email!).
- Install an SSL Certificate: Your website should carefully secure all access to its domain, no matter whether it’s through the CMS, SSH, FTP, PHP, or something else. Make sure visitors can see the padlock next to the “https” URL. This will make your members more comfortable sharing the information you need to collect (and prevent them from receiving warnings about how your site is “not secure” or that their connection is “not private”).