6 Security Tips To Keep Your Membership Organisation Safe
In today's digital landscape, implementing robust digital security measures is paramount for any membership organisation to protect sensitive membership data. This guide outlines six essential cybersecurity tips, emphasising the importance of using a password manager for unique credentials and enabling two-factor authentication everywhere possible. Additionally, learn about the benefits of using a VPN for sensitive work and consistently applying software updates to minimise risks and enhance your overall online safety.
It seems like every other day, we hear about another company being hacked, new data being leaked, and more people being exposed. Unfortunately, this is the reality of our digital world, and it's unlikely to change anytime soon. This means we simply have to adapt.
Much like how people once didn't lock their doors, but now it’s universally accepted that we need locks, security screens, alarm systems, and doorbell cameras, there are now just some digital security things we need to do. These steps won't just reduce the chance of your data being stolen; they'll also minimise the damage if the worst does occur.
So, today, let’s talk about 6 security steps you can take to keep your personal data and your membership data safe and secure.
1. Never Reuse A Password
This one’s pretty simple; never use the same password twice. Always make a new password for a new account. That way, if one password gets hacked, it’s just one password for one account, not the golden key to every one of your accounts.
2. Use A Password Manager To Keep Your Data Safe
So, until embarrassingly recently, I assumed that when someone guessed your password to log in to one of your accounts, there was a physical human at a keyboard attempting to guess your password. This is not the case; people instead use programs that attempt thousands of options in an effort to crack your password. The digital equivalent of pressing every possible combination of numbers on a keypad.
Because of this, your passwords shouldn’t be a normal word with a number; don't make your password Guest1, it will take no time at all for a machine to crack that.
Instead, you should use a password manager. A password manager is an online service that securely stores all of your passwords and logins. It can also generate passwords to use.
In practice, this means when you make a new account, you ask your password manager for a new password, it gives you some nonsense like: GVXC45654jvflinskijr!30 you then use that as your password and crucially save it in your password manager for future use. This way, every single account has a unique password, and that password is something that no machine will ever brute-force.
There are a lot of different password managers out there, but I’d recommend any of the following:
Password managers can sync across all of your devices, from computers, phones and tablets. Meaning that you can access all of your passwords no matter which device you’re on.
While on the subject of passwords not to use, several security providers release the most common passwords they see used each year. This data is obviously anonymous, but it serves as a great reminder that if you are using any of these passwords, you should change them. You can see NordPass’s list of the 200 most used passwords here: Top 200 Most Common Passwords.
3. Use Unique Usernames
When given the option to set your username for a site, always choose a unique username, rather than using your name, email address, or mobile number. This is because if some of your data is part of a leak, the “bad guys” may have access to all those details. If they attempt to log in to your online banking and your username is simply your name or email address, they will likely have access to that information, and they will be halfway to gaining access to your banking account.
This applies to Member Jungle, too; as an administrator, you can choose to make your username something unique, and you should absolutely do this. Your membership system will have a lot of personal information about your members on it, so you should do everything you can to ensure that it stays secure.
4. Use Two-Factor Authentication Everywhere Possible
Two-factor authentication (2FA) is an absolute must-have. If you're unfamiliar with it, this is where, upon logging into a site or service, you're sent a one-time password (OTP) via text, email, or an authenticator app. You then need to enter this OTP to complete your login. Yes, it adds a few seconds to the process, but it's incredibly well worth it. Think of it this way: unlocking the deadbolt on your front door when you get home takes an extra few seconds, but it's far better than finding someone has broken in and made off with your fridge.
Beyond the Basics: Stronger 2FA Methods
While 2FA is crucial, how you receive that OTP matters. It's best to use methods other than email, as a compromised email account could inadvertently hand a hacker your one-time password. Instead, opt for:
- SMS to your mobile number: This is a common and effective method. With Member Jungle, for example, you can have your OTP delivered directly to your mobile number via SMS.
- Authenticator Apps: These are a superior form of 2FA. Instead of a code being sent to your mobile or email, you open a dedicated third-party app on your phone, which dynamically generates a new code every 30-60 seconds. You then copy and paste this code into your browser to complete the login process. This adds another layer of security between a potential intruder and your account. Member Jungle also offers the option to receive your OTP as a code on your Member Jungle mobile app.
- Physical Authenticator Keys: For the highly security-conscious, these are small USB devices that plug into your computer or phone, serving as your second factor of authentication. The principle is the same, just instead of typing a code, you simply insert the key. They offer excellent security, just make sure you don't lose them.
By implementing these stronger forms of 2FA across all your critical accounts, you add a formidable line of defence against unauthorised access.
As far as trusted authenticator services go, 1Password, Google Authenticator, Authy, and 2FAS are all well-respected.
I am far from an expert on authenticator keys, but PC Mag has a whole article on them that’s worth checking out if you’re curious, The Best Hardware Security Keys for 2025. I’ve personally used a YubiKey a few times, and it worked really well, but that’s the extent of my knowledge on this one.
5. Use a Virtual Private Network (VPN) for Sensitive Work
A Virtual Private Network (VPN) essentially creates a secure, encrypted tunnel for your internet connection. Normally, when you browse online, your general location and other details are quite visible because your connection is "open." This is particularly risky if you're using public Wi-Fi in places like a hotel, cafe, or airport. Not only can the websites you visit see more about you, but anyone else on that same public Wi-Fi network might potentially gain access to what you're doing, allowing them to steal your data and information. Imagine sitting in an airport, using their Wi-Fi to access your banking, while a bad guy on the same network could be watching and intercepting your details.
A VPN encrypts all your data, allowing you to access the internet both securely and privately. You don't necessarily need to have a VPN turned on all the time, but it becomes crucial for sensitive work or whenever you're connected to a public Wi-Fi network.
As far as the best VPNs to use, NordVPN, Proton VPN and Surfshark are all well-rated and reviewed.
You’ll notice that both Nord and Proton are well respected in both the VPN and password manager sectors. You’ll probably be able to find deals where it's cheaper to get your VPN and password manager from the same provider than getting them from separate ones.
6. Keep All Software and Devices Updated
Developers regularly patch vulnerabilities in their systems, making them more secure against hackers and viruses. By keeping all of your devices, software, and apps updated with the latest versions, you significantly reduce the risk of having your security compromised.
Some systems, like Member Jungle, will update automatically, keeping you on the cutting edge without any effort on your part. Others will require you to accept the update before it installs. Always accept updates and turn on auto-updates for your apps whenever possible. If your phone or laptop keeps screaming at you to update, it's for a good reason; update it.
On the subject of old software, support for Windows 10 will end on October 14, 2025. This means that after that date, there will be no more updates, security fixes, or official support for Windows 10, making it a much more vulnerable system over the coming years.
If anyone in your club or association is still using Windows 10 on their computer for official tasks, they will need to move to Windows 11 to mitigate the risk of a security breach. This may mean investing in a new computer, but it’s worthwhile; a chain is only as strong as its weakest link.
Key Security Takeaways For Your Membership Organisation
If you do all of this, you will limit the amount of risk you are putting yourself and others in, and crucially reduce how big a breach may be. If someone gets access to one account, but all of your other accounts use different usernames, different passwords, and two-factor authentication, the breach will likely be limited to just that one account.
For more information on how Member Jungle keeps your account and data safe, please read How does Member Jungle protect your data?
For a deep dive into protecting your organisation from the most common types of online threats, phishing and social engineering, please have a look at Defending Against Deception: Your Guide to Social Engineering and Phishing.