3 Steps You Should Take to Protect Your Health Club’s Data
Odds are your club stores important data about your members and employees. Here are three steps to help you safeguard that data from theft.
Your club is overflowing with valuables, from the new treadmills you recently purchased and the big-screen TVs hanging above them, to the credit cards and other personal belongings your members have trustingly stored in your locker rooms.
But some of your club’s most valuable property may be something you can’t see or touch: It just might be all of the data you’ve collected and stored about your members, your employees, and your business’ operation.
In the world today, data is a commodity that’s constantly increasing in value, and, as a result, is subject to theft.
Here are three steps you can take to help safeguard your health club’s data.
1. Collect Essential Data Only
“If you don’t need it, you shouldn’t collect it,” said Jennifer Urmston Lowe, the national accounts manager at the Sports & Fitness Insurance Corporation. “You need a member’s bank account or credit card information to charge them, but do you really need their Social Security or driver’s license numbers? You’re liable for any information you collect, and the less you collect—the less liable you are.”
Data security begins at the point when you take information from the member. And, if you don’t need to record it on paper—don’t.
“Going paperless and utilizing an online joining system or a member portal are additional ways to maintain control,” said Carole Oat, the national sales manager for Twin Oaks Software & Billing Services. “By doing this, it actually puts some of the responsibility in the members’ hands, and takes it away from club staff.”
“Look for a reputable vendor. Ask if they’ve orchestrated penetration tests. Find out if you’ll be alerted to security concerns if anything is compromised.”
Mike Rucker, Vice President of Technology
2. Invest in a Cloud-based Member Management System
Today, more clubs are turning to cloud-based, member-management systems that provide software as a service (SaaS)—a delivery model in which centrally hosted software is licensed on a subscription basis. While moving to a cloud-based solution means handing control over to an outside firm, it can, the experts agree, be a very smart move.
“Most of the major vendors have their own security teams, and their efforts are going to eclipse anything that a small or midsized club could put together,” said Mike Rucker, the vice president of technology for Active Wellness, a diversified club company based in Sausalito, CA.
But you can’t assume that, just because a company is selling SaaS, it necessarily has security covered. You still need to vet any company you’re considering, Rucker said. “Look for a reputable vendor. Ask if they’ve orchestrated penetration tests. Find out if you’ll be alerted to security concerns if anything is compromised.”
3. Select the Right Partner
In addition to selecting partners with strong security measures, you also need to choose ones who can work together effectively. After all, you’re probably not going to be using only member management software; you’re also going to be using software for your Website, employee payroll, rewards program, CRM (customer relationship management), and other applications. All of these programs are going to be collecting personal information that needs to be safeguarded and, in some cases, shared among them.
When selecting your software providers, be sure to ask each of them about their own security solutions, and how they’ll work with the other products you rely on.
While building strong relationships with your service providers is important, Rucker cautioned against leaving your security arrangements entirely in their hands. “Make sure you have your own advocate on staff who’s thinking about security,” he said. “Half of the battle involves just asking the right questions.” If you’re not sure where to start or what questions to ask, the Internet is your friend—there are free checklists available online.”