Security is a Must

If your AMS isn’t a secure platform, you’re not going to need to worry about managing your members because there won’t be any. The AMS solution you use is a repository for a large amount of personal and professional information. If that repository is somehow breached, and your members’ information is leaked, the trust you’ve built will be lost and it will be all but impossible to re-establish the confidence and comfort your membership once enjoyed.

You have a responsibility to conduct your due diligence on the solution you select, to confirm whether the provider is dedicated to the protection of your association’s (and its members’) data. Of course, your AMS provider has a part to play as well. At the end of the day, it is their solution that will either succeed or fail in defending the privacy of your members. However, your association can prevent a lot of risk by thoroughly evaluating potential providers, to ensure you select a solution that promotes a safe and contained environment.

Below are a few of the methods that can be employed through an AMS to protect your members’ information. Ensure your solution has the measures suitable to prevent security breaches.

Authorization & Authentication
Your AMS provider’s solution should give your association the capacity to properly authorize payments (member fees) through the correct channels, and should you so choose, request 2-factor authentication from your members. Combining authorization with authentication will not only confirm whether the payment account is verified and suitable, but also give greater confidence that the cardholder is, in fact, who they have identified themselves as. This payment process is currently the most accepted method for preventing cyber crimes involving theft and / or fraud.
Your AMS should be able to deliver a customized confirmation that an applicant’s payment has been received. This closes the loop for the applicant, so they can know that their payment is being processed through the proper channels and your association is aware of their investment. Creating a paper-trail for these types of processes will legitimize your association to applicants and members and provide them with a strong comfort-level that their information is being handled in a professional and structured manner.
This seems like a no-brainer, but you should confirm nonetheless – your provider should have an established, accessible and comprehensive privacy policy that describes how they intend to protect your organization’s information. While the contents of this policy do matter (and should be reviewed accordingly), this is more of a sanity check. You need to confirm the existence of such a document because if the provider hasn’t taken the time to legitimize their commitment to your association’s data security by enclosing their intentions in a binding article, how can they be expected to actually follow through? Any legitimate provider will be able to produce a policy without delay.
Password Protection
Your members have a part to play in protecting information housed within your association’s AMS. However, they can’t be expected to take action on their own. Encouragement to protect their respective account privacy has to come from your association. Your AMS should allow you to set specific parameters on when members will be required to revise their password and should deliver an automated notification to members, informing them of the requirement to change passwords ahead of the deadline. By having a healthy password revision cycle, it will be much more difficult for member accounts to be hacked or compromised.
Storage Reliability
Confirm with your provider what type of data storage approach they take. If information is being housed within a cloud-based system, inquire what the cloud service is. Have the provider explain how the particular cloud platform will effectively protect the data your association stores upon it. Don’t hesitate to ask questions and get answers. You want to build confidence that the provider has thoroughly considered the alternatives and decided upon the cloud platform they’ve chosen for good reason.
Aside from the immediate stored data access a cloud-based platform offers, your solution provider should also have contingencies in place, should a catastrophic loss of information occur from the cloud system’s failure. Whether this is achieved with several physical storage arrays or by other means, the intervals at which your association’s data is backed up are what is most important. Inquire with your provider how often they back up data. You want your association’s data to be captured at a high frequency to ensure large chunks of information are not lost in the time between one back up and the next.
Inactivity Parameters
Your AMS should support parameters that automatically disengage and log out a member who has been inactive for a predetermined amount of time. Having session expiry mechanisms in place will prevent unauthorized personnel from capitalizing on the opportunity to access a member’s account, and your association’s information at large, when an open window has been left idle. Your association should, of course, preach the importance of member responsibility when protecting the integrity of their own account. However, it is important for the system to offer failsafe processes as well.
Should your association have a variety of member levels, your AMS should offer the ability to sequester certain areas of the system to authorized personnel only. These areas may contain information meant to be consumed only by a particular group of members or association representatives. Therefore, your solution should ensure that these areas grant access to properly credentialed personnel and bar those attempting to gain access without correct authority.
Data Transfer
Last, but certainly not least, when you are taking on a new AMS, your provider should have an established and well-conceived approach for moving your association’s data from its current location, to the proper destination within the new solution. During a transition, your information is inherently at a higher risk of being misplaced or exploited. Prior to commencing the handover, discuss, in detail, with your provider the methods they will use to ensure all of your data is efficiently transferred completely intact and uncompromised. Have them justify why it is that they employ the method they describe and if it is considered a best practice in the industry. You want them to build a convincing case as to why they prefer the approach they’ve suggested.

If you don’t have strong security, you can’t build a strong community. Members want to be made confident that their information is protected in the hands of your association and the solution you employ is up to the important task of safeguarding data from prying eyes. Take the time to evaluate whether your provider is equipping your association with an AMS that can stave off unnecessary breaches of privacy.

Guild provides an approach that ensures your association’s information is safe and secure within the bounds of our AMS solution. To learn more, please click here.