Back to Main

Still Using Excel for Your Member Data? You're Probably Not as Secure as You Think

Date:

The common practice of using Excel for storing sensitive member data presents significant data security risks, potentially leading to a costly data breach for your club or association. While spreadsheets may seem convenient, they lack the robust protection and audit trails of a modern membership management system, creating vulnerabilities whenever files are shared. Transitioning away from this insecure workflow to a centralised, single source of truth is essential for ensuring data privacy and responsible club management.

I recently challenged myself to photograph every single type of bird in Australia. Now, you’re probably thinking, “Wow, Piper, I didn’t know you liked birds so much.” Well, I don’t. All birds are just dusty sky rats, and I simply do not care for them. However, tracking down and taking pictures of all 600-plus species in the country just seemed like a fun challenge to set myself.

The reason I bring this up is that once I had a list of all the birds, I needed a way to keep track of my progress. Like many before me, I turned to a spreadsheet. Now, for a list of birds, a spreadsheet is convenient and easy. The issue is that a spreadsheet is far from a secure or problem-free method for storing any personal or sensitive data. For a list of birds, it's fine; if someone got access to my spreadsheet, they’d get no personal information from it; just a list of birds, with the occasional note along the lines of “This duck looks weird.” If anything, they would know less about birds by the end. 
 

This duck looks weird
 

To be fair, that is a weird-looking duck. 

This changes completely when you're dealing with member data. The information clubs and associations collect can be extremely sensitive, including names, addresses, phone numbers, and more; things that should absolutely stay private. Protecting your members' personal information is one of your most important responsibilities as an organisation, and in many cases, a legal requirement. 

The issue is that if you permanently store your member data on spreadsheets or occasionally download it to send to a committee member, you are putting that data at risk. This creates an un-password-protected copy of your database that is now floating around in email inboxes and on multiple computers, which completely negates the security of even the most robust membership management system.

Basically, a good membership management system should be like Fort Knox, a heavily fortified prison island to keep your data secure. Sharing member data via spreadsheets, however, is like transferring your precious cargo from that prison in an antique Victorian rowing boat. It’s lovely for some things, but for secure transport and storage, it is woefully inadequate.
 

Victorian rowing boat
 

So let’s talk about the security risks spreadsheets pose to your member data, how to mitigate them, and how to be done with spreadsheets forever.

The Problem: Bypassing Your Security for Convenience

Online security is incredibly important today, especially if you are collecting sensitive data from members. Every club and association really needs to have things like two-factor authentication, password managers, auditing of changes made to data and VPNs. The issue is that even if you have all of those things and are a Member Jungle customer or use a different membership management system, if you are emailing member data between committee members, you are undoing all of that hard work by taking that sensitive data outside of your protected system. 

Think of your membership management system as a bank vault, but every time you send a spreadsheet full of member data, you’re essentially leaving a copy of the vault’s contents in a non-password-protected file on a desk in the main lobby.

If you aren’t using Member Jungle or any other membership management system and are only using things like Excel to manage your membership, your data is always going to be at risk.   

For clarity's sake, let me break down just one way this can lead to a data breach. Let's imagine your events manager is on vacation and needs a list of members registered for an upcoming event. They ask you to email a spreadsheet because it's easier than logging into the management system from their laptop.

Here's why this is a problem:

  • The email itself may not be secure and could be intercepted.
  • The events manager might be using unsecured public Wi-Fi at a hotel without a VPN, making their email vulnerable.
  • The email could accidentally be sent to the wrong address.
  • The spreadsheet could be stored on a personal device without proper password protection.

These seemingly convenient actions can lead to a serious data breach. Ultimately, emailing member information in a spreadsheet is inherently risky. If there's no need to do it, don't. Use your secure membership management system to access and share data instead.

Why Sharing Member Data Is Dangerous

When you share membership data via spreadsheets, you create a multiplied threat. Each shared file becomes a new point of vulnerability. Hackers don't need to breach your main system; they just need to compromise one committee member's email or laptop to access all the data. The more you share these spreadsheets, the higher the chance one of them will fall into the wrong hands.

Your data's security is only as strong as its weakest link. While you might have a great security setup on your own computer, the data becomes vulnerable the moment it moves to a committee member's less-secure personal device or email account.

Human error also plays a significant role. It’s easy for a spreadsheet to be lost on a USB drive or accidentally sent to the wrong person. These simple mistakes can have devastating consequences.

The danger doesn't stop once the email is successfully sent. People rarely delete old emails, so a spreadsheet can sit on an email server for years. This creates a long-term risk. For instance, a disgruntled former committee member might, years later, find old membership data in their inbox and use it to cause trouble. While this may not be a frequent occurrence, it is a real threat that organisations should be aware of.

Ultimately, having multiple copies of sensitive data in different places simply multiplies the chances of something going wrong.

The Problem With A Spreadsheet-Based Workflow

Beyond the security risks, a spreadsheet-based workflow also creates serious reliability issues. When multiple people can alter your membership data, you have no way to track changes. This can lead to different versions of the data with conflicting information, leaving you with no single source of truth for your membership data.

A secure membership management system will have a comprehensive digital record of who did what and when. With spreadsheets, you lose all control once the file is downloaded and emailed. You can no longer track who made a change, when they made it, or why. If data is lost or compromised, you won't know who was responsible or how to fix it. This not only puts your member data at risk but also makes it much harder to resolve problems and maintain accurate records.

The Solution To Spreadsheet Problems 

If you don't have a system and are using spreadsheets to store and transfer membership data, you need to get one. I know this sounds biased, but it doesn't have to be Member Jungle. There are plenty of options out there, and if you have over 100 members, a proper digital system is a must. A membership management system creates a single source of truth for your data. Every change is made in one centralised location, so you can always be confident you're looking at the most up-to-date information. It also provides a comprehensive audit trail that tracks who accessed or modified data and when, which is impossible to do with emailed spreadsheets. While the idea of a new system can feel daunting, the security, reliability, and peace of mind it provides are invaluable.

Whether you have a membership management system or not, there are some steps you can take if you do need to share membership data via spreadsheets to minimise your risk:

  • Only share data when absolutely necessary.
  • Only share the necessary data when you do share it.
  • Always use a password-protected spreadsheet.
  • Never email the passwords.
  • Never email membership data to people’s personal emails; only send to their club/association email. 
  • Consider using secure cloud services like Google Drive or OneDrive instead of email attachments. These services allow you to share a link and set permissions so only authorised individuals can view or edit the data. This keeps the information centralised and under your control.
  • Instruct people to delete their copies of spreadsheets when they are done.
     

The Problem With A Spreadsheet-Based Workflow

Protect Your Members & Your Organisation

I hope this has helped you understand better some of the risks associated with using spreadsheets, and how you can work to minimise them. 

If you already use a membership management system and want to learn more about ways to secure your organisation against online threats, check out 6 Security Tips To Keep Your Membership Organisation Safe.

If you are new to the concept of membership management systems and want to understand what I've been banging on about, have a look at How Does Member Jungle’s Membership Management System Work.

 

Let's Keep in Touch

Subscribe and never miss another blog post, announcement, or special event. We hate spam and will never sell your contact information, we will only send you our monthly Member Jungle newsletter, full of great articles.