Are your system administrators causing cybersecurity risks?

04 Mar 2025 11:47 AM | Sarah Gamble (Administrator)

We often think of the end-user when it comes to cybersecurity risks, but in reality, your Association’s system administrators can cause significantly more damage.

This was the topic of an email exchange I had recently with an AMS vendor who was trying hard to educate his customers about these risks.

No matter how much his company spent on cybersecurity protection on their cloud-based solution, Associations’ system administrators could very easily undermine everything they do and expose sensitive data.

This is because of the Administrator’s broad security rights to the system, or as I like to say…their superpowers.

Yet, rarely does the administrator commit this breach deliberately. Instead, it’s a common issue generally due to lack of knowledge.

What are common ways system administrators cause cybersecurity risks?

Here’s just a few ways that system administrators can expose their organisation’s data to greater cybersecurity risks, and what they should do instead:

  1. Sharing system logins and passwords – This is too common, especially when the Association is trying to minimise software license costs.

    • Better Practice: If you must share passwords, use a Password Manager tool. Ask your Managed Service Provider to help you set this up if you are

    unsure.

  2. Failing to remove old administrators and users – This allows former employees to access the system and could also lead to a hacker obtaining access if the same user/login information was used for other compromised systems.

    • Better Practice: System access must be removed at an employee’s departure or even when they take extended leave.

  3. Failing to make Multi-factor Authentication (MFA) the default setting – If MFA is available, turn it on as a mandatory setting for all users! Yes, some users will complain because of the inconvenience this may cause, but MFA is still one of the best ways to reduce cybersecurity risks.

    • Better Practice: Make MFA a default for all administrators as a minimum, but preferably for all users. 

  4. Failing to tightly control access to systems – Users should only have access to the information they need to do their jobs, and no more. Giving greater access rights (particularly admin rights) to employees may reduce helpdesk requests, but it adds more risk to the organisation too.

    • Better Practice: Ensure user security roles are controlled, tracked and managed properly.

  5. Failing to control data downloads - There are rarely good reasons for a user to download large quantities of data from a system. When this occurs, there is no longer an audit trail of what happens to that information, and it can be shared without notice and stored in insecure places.

    • Better Practice: Administrators should limit who can download data and for what purposes. Administrators should also review audit logs regularly to see who has done this.

  6. Sending data to others via email or other insecure ways - If data must be shared, particularly with third parties, too many times it’s share in an email as attachments. The organisation has lost control of the data at that point, and it’s also vulnerable sitting inside of mailboxes.

    • Better Practice: Only share sensitive data via secure file transfers or as a minimum, via a password-protected SharePoint folder. Ask your Managed Service Providers for options if you’re not sure.

Final Thoughts
It’s in the best interest of all software vendors to keep their systems as secure as possible. Unfortunately, an Association’s system administrator can easily undo all of this with their “superpowers.”

Knowledge is key to ensuring this doesn’t happen.

Tammy Ven Dange is a former charity CEO, Association President, Not for Profit Board Member and IT Executive. Today, she helps NFPs with strategic IT decisions, especially around IT investments and cybersecurity risks.

Let her know if you need some help!

Strengthening Trans-Tasman Connections: AuSAE and Tourism New Zealand Business Events Renew Partnership

Association professionals across Australia and New Zealand have even more reason to explore trans-Tasman opportunities. AuSAE is proud to announce the renewal of its longstanding partnership with Tourism New Zealand Business Events, celebrating 11 years of collaboration.

For over a decade, this partnership has strengthened connections between the two countries, helping associations expand networks, share knowledge, and deliver world-class events.

Toni Brearley, CAE, Chief Executive Officer at AuSAE, said:

“Our partnership with Tourism New Zealand Business Events has opened doors for association leaders to plan unforgettable events and connect with peers across the Tasman. Together, we’ve created opportunities, shared knowledge, and elevated the experiences of our members and their delegates. This partnership reinforces our commitment to fostering strong trans-Tasman collaborations, helping associations innovate, grow, and deliver outstanding value to their members.”

Helen Bambry, Business Events Manager at Tourism New Zealand, added:

“Partnering with AuSAE means we can directly support association professionals in bringing their next international business event to New Zealand – offering assistance, funding, and support to ensure exceptional experiences for both organisers and delegates.”

Watch the Tourism New Zealand Business Events video

What this partnership means for you

For Australian associations:

  • Receive expert guidance and support to bring conferences or member events to New Zealand.
  • Access funding assistance through Tourism New Zealand Business Events.
  • Expand your network and build partnerships with New Zealand peers and industry leaders.
  • Deliver international experiences for members and delegates just across the Tasman.

For New Zealand associations:

  • Strengthen professional connections with Australian association leaders through AuSAE’s network.
  • Share expertise and collaborate on professional development, governance, and member engagement initiatives, and more.
  • Gain visibility within the broader association community in Australia and New Zealand.
  • Access opportunities to host international association events and delegates in New Zealand, boosting local engagement and knowledge exchange.

About AuSAE:

The home for association professionals, the Australasian Society of Association Executives (AuSAE) is the leading - and only not-for-profit, member-based - organisation supporting association professionals in Australia and New Zealand. For 70 years, AuSAE has been a trusted partner for those working in associations, providing professional development, support, and networking to help association leaders achieve organisational goals, advance their careers, and strengthen the wider sector.

About Tourism New Zealand Business Events:

Tourism New Zealand Business Events provides expert guidance, funding, and support to attract conferences, incentives and corporate events to New Zealand.

--- ends ---

For more information about AuSAE, please contact Toni Brearley, CAE:
Toni Brearley, CAE
Chief Executive Officer, AuSAE
E: toni@ausae.org.au
T: + 61 458 000 155

To apply for funding and support to host a conference in New Zealand contact Helen Bambry:
Helen Bambry
Business Events Manager, Tourism New Zealand
E: Helen.Bambry@tnz.govt.nz
T: +61 415 933 325


The Australasian Society of Association Executives

Contact us:

Email: info@ausae.org.au
Phone: 1300 764 576 (within Australia)
Phone: +61 7 3268 7955 (outside Australia)
Address: Unit 6, 26 Navigator Place, Hendra QLD 4011, Australia

                    
        


Powered by Wild Apricot Membership Software