Signature March/April 2015 - 20

Sense &
Cybersensibility
individual, it is not difficult to research
online and find what organizations that
individual belongs to. Then, the hacker
simply attacks the organization with the
weakest online security and gets to the
individual that way. Associations who aren't
concerned about cybersecurity - "why
would anyone bother hacking us?" - are
thinking about the issue too narrowly.
Effective Database Management is
a consulting firm that helps associations manage their databases and keep
them secure. Trochlil says vulnerabilities in an organization's digital infrastructure are usually the result of a few
issues, including older systems with
out-of-date software or hardware, lack
of regular serious security audits, and
inertia - any of which can cause major
problems, he says. Often, the myth that
small organizations don't get
hacked leads to complacency
or the belief that an association can rely solely on the
security of credit card companies or other third parties
that are handling financial or
other personal information
for the group.
Trochlil says digital platforms will continue to grow,
evolve, and change. Financial
transaction interfaces will
have different concerns and
needs than social media sites
or third-party apps or cloud
storage. "Associations need to
be aware of all the different channels
they are working in and understand all
the areas where they are exposing data,"
he says. "They need to understand how
it all works. If they have an event app,
there could be a vulnerability. If it gets
overlooked until the event, then it might
be too late."

IN REAL LIFE
As in our storied boy-girl-catfishing
example, it's important to remember that
it's not just hackers and malware that we
have to worry about. Many digital vulnerabilities come from physical origins.
According to Arthur J. Gallagher & Co.
insurance, the top five leading causes of
cyber claims are:
1. Lost employee laptop or other computing device
2. Malicious act by an employee or
ex-employee
3. Improperly disposed information
4. Media campaign gone wrong
5. Subcontractor error
Wendy Mann, senior vice president
of NAIOP, says she is currently working
on a database conversion. NAIOP is an
association for developers, owners, and

"Associations have to be more sophisticated than we have in the past.
Mann says it behooves associations
to keep abreast of trends in the business
marketplace. "There are a lot of lessons
to be learned from for-profits," she says.
"Associations have always been cognizant
of the need and role in protecting membership. To serve our membership means a
sensitivity to protecting their information."
Mann has personal experience with
this - she was the victim of ID theft.
Someone physically took her credit
card information from a pay center and
rerouted her account to another address.
Luckily, she knew what to look for and
saw it on her account activity; otherwise, with her information and money
flowing somewhere else, it could have
been months before she found out.
"In cybersecurity, nothing is
100 percent," Mann says. "But
that doesn't mean I'm going
on a wing and a prayer. I find
some comfort in using systems
that have a track record of protecting clients. Especially for
transaction systems, you need
to look for solid, tested, wellknown systems."
Over and over, the resounding message from cybersecurity
experts is that the best defense
is education. Putting a priority
on familiarizing staff and membership with best practices can
make or break a cyberdefense.
It's a need that Mann sees as only becoming more pronounced in the coming years.
"What we have to face is a demographic
shift that will dramatically alter the landscape in the next five to 10 years. More
and more Baby Boomers are leaving, and
more and more Millennial leaders are
coming in. They have higher expectations

It's an interesting paradox.
Millennials are open to sharing just
about every detail of their daily
lives, but they are very interested
in knowing about privacy and
security policies.

MARCH/APRIL 16

signature

- Wes Trochlil, Effective Database Management

investors in industrial, office, and commercial real estate. In an effort to make
sure the system is robust enough to suit
the association's needs but still easy to use,
she says cybersecurity is at the forefront
of her mind.
"I'm worried about everything. We're
really trying to crystal-ball it," she says.

Table of Contents for the Digital Edition of Signature March/April 2015