Data security & cybersecurity for associations
In today’s world, associations have a great deal of data at their disposal. Not only do they manage their organization’s data, but they manage data on behalf of their members.
We’re also seeing more and more organizations using cloud-based platforms to store and manage this data, primarily due to the convenience and demand of online accessibility. Although, when using a third-party application, it’s important to understand how they manage and protect your data. So how do you deal with third-party data applications in a secure way?
Our Data Security & Cybersecurity for Associations guide answers this question and others surrounding data security, roles, best practices, and environments. We start from the top with clear definitions, explain the importance of data security, and leave you with resources to secure and protect your organization’s data.
Why is data security important?
Data breaches can happen to anyone. For example, in June 2021, data associated with 700 million LinkedIn users was posted on a Dark Web forum. This data included email addresses, full names, phone numbers, geolocation records, personal and professional experience, and other social media accounts and details.*
This sort of data provides hackers with an opportunity to gather further information through a practice called “phishing” where an attacker uses a fake email as a weapon.
Essentially, the attacker pretends to be someone of interest – i.e. a prospective employer, a colleague, or even the application (such as LinkedIn) itself. The attack can be well-devised and hard to detect, but they always have one thing in common: they require the user to take action by clicking on a link or opening a document. In doing so, they can coax information from you, exploit you, or use the information they find to access your online systems. Ultimately, the attacker can take over your accounts and use this to gain further access to personal and work systems.
What they are after, typically, is more data. Data is the asset that most cybersecurity practices are ultimately protecting. When they can get more direct data, either personal or from your company, it can be sold on Dark Web forums and even be used to directly access banks or other financial systems.
So protecting your data is crucial for many reasons. But what can you as an individual do to ensure your organization’s data is secure?
*Source: The 57 Biggest Data Breaches in History (Updated for 2021)
Your role in data security
Our intention is not to provide technical advice on systems or computer security to cybersecurity professionals. Instead, we want association professionals, such as yourself, to feel equipped to work safer and smarter when managing your own data and your organization’s data.
Organizational data is typically a mix of data we own and data someone else owns but we are responsible for. Proper management of this data stewardship is especially critical in associations because of the level of sensitive and confidential data (email, date-of-birth, SIN or social security number, or other personal identifiers).
As an organization, you have a legal responsibility to keep this data protected. This starts with proper education on the basics of data security and training so all individuals can play a role in helping your organization meet that responsibility. Stay tuned, we’ll dive into this a bit more.
Cybersecurity and data security: What is the difference?
Data security is a specific type of cybersecurity. And, while data security has a technical side, it is the layer of cybersecurity that almost everyone in an organization touches and can help protect.
Data security is also the level of cybersecurity that protects the base asset of most attacks: organization data. To get to the data, the bad actors need a way in. This path is usually via an individual’s work account or an online system that is not adequately protected.
Technical staff are responsible for the latter, but you as an individual play a large role in protecting your accounts and computer. And, with work-from-home being an increasingly popular option, sometimes the “work” environment and the “home” environment are on the same computer.
Finally, it’s important to note that data security isn’t just about cybersecurity; classifying and organizing your data will also help protect it. Part of keeping your data secure is knowing who can access it – i.e. clients, groups of employees, partners, etc. Knowing and understanding the categories of access to data helps keep all data safe.
What is a data breach?
Put simply, a data breach occurs when someone gets access to data they aren’t supposed to have. For example, accidentally emailing sensitive information to the wrong person is a breach, just as a hacker infiltrating your work systems, who can then copy all your stored data, is a breach.
Most breaches can be managed. Tactics include controlling access to the data or compartmentalizing data to lessen the amount of data a breach can expose. If you suspect a breach of any kind, it’s important to contact the appropriate individual within your organization immediately so they can mitigate security risks before it’s too late.
Bad practices to avoid
You can learn more about best practices to protect your organization’s data, including a recovery plan template, in our Data Security & Cybersecurity for Associations guide.