Insight 2 of 4 - Membership in the Digital Age: Keeping your data safe from security threats

Security can either make or break your digital transformation

Membership organisations and Professional Bodies play a vital role in their communities. Their primary focus is on managing professional knowledge and facilitating the exchange of expertise among their members. Because the organisation’s value to their members lies in the services they provide, and the information they hold about their members, protecting the intellectual property of both the organisation and its members is of utmost importance.

Information security is often just considered to be a compliance challenge, particularly in light of regulatory standards such as GDPR, ISO27001 and PCI DSS. However, proper consideration of information security requirements is a key success factor of membership organisations and professional bodies to operate safely and effectively in the digital age. A successful cyber-attack can have potentially fatal consequences for membership organisations and professional bodies – a data breach may result in loss of trust from members, loss of the organisation’s reputation or even financial penalties.

Based on Hiscox Cyber Readiness Report approximately 45% of professional service organisations reported experiencing at least one cyber-attack in the last 12 months.  Gaining back the member’s trust and rebuilding the brand value might take years or even decades as is shown in the case of British Airways (whose brand reputation plummeted to a four year low following their 2018 data breach) or Tesco Supermarket (whose brand was contaminated by a major data breach in their banking arm in 2016).

Key consideration of information security challenges

In the complex world of membership organisations and professional bodies there are three key risk areas warrant attention on the journey to being digitally powered organisation.

1. Attacks on the organisation and internal users

The core activities of these organisations involve utilising and safeguarding the personal data of their employees, members, or potential members, as well as handling sensitive industry knowledge as part of their services. For example, an organisation may hold:

• Members’ CVs
• Members’ personal details (name, address etc. bank details for direct debit)
• Professional training/certification materials or other valuable intellectual property
• Employee’s personal details.

Organisations need to remain constantly vigilant to prevent various threats such as phishing, internal attacks, and malware attacks. Phishing attacks are typically carried out through deceitful emails. Internal attacks involve attempts to gain unauthorised access to sensitive internal data, either by internal or external individuals. Malware attacks use malicious software to disrupt access to internal networks, applications, and data. Ensuring that your staff are properly briefed on the importance of data security and armed with strategies and techniques to spot and eliminate attempts to compromise your data is a crucial first step in protecting your brand.

2. Attacks on organisation members

It’s not just your employees though! Your members are susceptible to phishing attacks that mimic communications from the organisation. These attacks can be highly sophisticated, employing the organisation’s logo and branding to deceive members and extract sensitive information. To safeguard both their reputation and members, organisations must take measures to guarantee that communications are easily identifiable. It’s crucial for members to be informed about verifying emails to prevent falling victim to such deceptive practices.

3. Target members and additional stakeholders

Target members and external organisations could be considered easier targets as they are not familiar with membership organisations and professional bodies behavioural patterns and tools e.g., website/application. The stakes may be high as they are not committed to the membership organisation or professional body and its quite likely they won’t become members after a cyber security attack. Organisations must make steps to ensure that communications from them can be clearly identified.

How we can help

Mason Advisory is dedicated to assisting membership organisations and professional bodies in attaining an optimal level of maturity in information security. Whether your organisation is embarking on a digital transformation or is already on the journey, we can help identify and mitigate risks while recognising and enhancing existing strengths.

We highly recommend our swift “Digital Association Readiness Health Check,” a process that takes less than 5 days. Our adept team can rapidly assess crucial issues, pinpoint areas for improvement, and furnish a focused development roadmap. This modest investment in organisational review serves as a preventive measure, averting unnecessary expenses on tools or overly complex solutions for identified risks.

The article underscores the vital role of information security in the digital journey of membership organisations and professional bodies. Mason Advisory’s solution provides a strategic approach to assess security readiness promptly, preventing costly investments amid the rapidly evolving digital landscape.

We hope you find this article informative. If you’d like to read the rest of the articles in this series, click the links below:

• Insight 1 – Laying the Technology Foundation for a Digital Association
• Insight 3 – How to unleash the power of data with knowledge & insights
• Insight 4 – Crafting a digital experience to attract and retain the next generation

For more information or help on your journey to Membership in the Digital Age, email contact@masonadvisory.com to discuss further.

If you want to find out more about our services, click here.