"The information we control about our organisations, and our members, is information that is highly valued by those who would use it for their own gain. As always, we should make our associations models of good organisational management and be vigilant in protecting our information."
Association executive Mark Levin explains why even associations must put checks and balances in place when it comes to safeguarding the digital security of their operations.
Too often those of us in the not-for-profit sector think that trends that affect our members’ businesses do not necessarily apply to our business - the association business. We must remember that “not-for- profit” is the status given to us by a government agency, it is not a business management philosophy. We have the same challenges that our members, or our members’ employers, have on a day-to-day basis as they strive to be successful. Not-for-profit organisations still need to be managed in a business-like manner We have a product to sell, and while our product may not be a manufactured product or a scientific product, we still must produce that product at a prominent level for our customers/members. We use the term programmes instead of products but in fact we are producing value every day for our members.
We need to be skilled at marketing, fiscal management, meeting planning, communications, social media, human resource development, accounting, and inventory control. If you think those skills seem like the ones your members need to have to be successful in their businesses or professions, then you are right, they are the same. We may use different terminologies for some of these same skills within the not-for-profit community, but that does not stop us from having the responsibility to use these skills to provide service to our members.
That is why it concerns me when we do not realise that one of the biggest issues in the private sector − cybersecurity – is also a big issue for our associations, Chambers of Commerce, and other membership-based organisations. In associations, we retain information about our members and other key stakeholders that is valued by those who would steal that information and use it for illegal purposes.
We have members’ names, addresses, cell phone numbers, credit card numbers and security information, spouses or significant other names, and contact information, spending histories, checking account numbers, passport numbers, passwords, and other items that make those intent on identity theft looking closely at how they can get that information from us. In many cases, we do not have the financial ability to obtain the levels of cybersecurity that many of our member companies and member employee companies must attain to protect all the information that they gather. That makes associations even bigger targets then some of these other private sector institutions.
When members join our organisations, renew their memberships purchase educational programmes and publications, or engage in other association related transactions, they put their trust in our cybersecurity systems. In today’s world, that trust is based, in part, on what cybersecurity levels exist in their places of employment. When engaging in association activities, they are frequently required to ascertain the security levels we (associations) have in protecting their information before they will give it to us or accept communications from us.
Here are some basic things all of us need to be doing to assure our members and stakeholders that the security of their electronic data and online identities are as safe with us as they are with all the other entities with which they do business and conduct communications:
These measures might seem overly simplistic to an IT specialist, but what about the rest of our association staffers (and perhaps key volunteers)? Do they understand the need for enhanced cybersecurity? Are they familiar with the technology and terminology that level of security entails? Are they willing to take training and adhere to organisational cybersecurity guidelines?
The information we control about our organisations, and our members, is information that is highly valued by those who would use it for their own gain. As always, we should make our associations models of good organisational management and be vigilant in protecting our information.
About the Author
Mark Levin, CAE, CSP has more than 20 years of experience as an association executive and is also an internationally-known speaker and consultant to the non-profit and association community. He currently serves as Executive Vice President of the Chain Link Fence Manufacturers Institute, an international trade association, and as President of B.A.I., Inc., his speaking and consulting firm.
Supported by the Union of International Associations (UIA), the International Association of Professional Congress Organisers (IAPCO) and the Interel Group, the global public affairs and association management consultancy, Headquarters Magazines serve the needs of international associations organising worldwide congresses.