HFTP 2019 Club Forum — Security, Integration and System Selection

Attendees to the 2019 Club Forum

Central to the function of all businesses – whatever their purpose may be – is technology. And so, HFTP recently held its annual Club Forum with the main topic of club technology. The HFTP Club Forum is a one-day program where club professionals gather for an in-depth seminar and interactive discussion on a pre-selected subject.

For the second-annual program held October 26, 2019 the technology agenda focused on three technology topics: data security, integration and system selection. The day was facilitated by club IT expert, Bill Boothe, president and owner of The Boothe Group. Boothe specializes in assisting private clubs and resorts with the planning, evaluation, selection and implementation of computer technology. His expertise helped inform the group on current trends, security recommendations and technology best practices; as well as led interactive discussions where the group shared their own experiences.

Data Security
An important component to using technology is keeping it secure to reduce and hopefully prevent cyberattacks and data theft. At the beginning of the session, participants were asked if their clubs had in fact been victims of a cyberattack. While only one-third raised their hands, Boothe mentioned it was more likely that most had been breached – with many not even realizing it.

Cybercrime is a serious business and IT security is a top priority for club boards, with many advocating significant resources devoted to protecting data and networked computer systems. Since this was something that most attendees were informed on, the Forum split into groups to list out security measures they use to protect their clubs’ IT resources. The following is a summary of the results, with a full list published in a separate document.

Top of the list is to reduce human error by training employees, and to train continuously. This leads into the simple, but very important, preventative measures of maintaining strong passwords and changing them frequently. Also, don’t open attachments in an email unless you are expecting it. When it comes to continuous training, make sure to keep employees up-to-date on evolving cyber threats, as there are always new ways to infiltrate your systems. And finally, there is also the possibility of in-person access. Put in place measures for ID checks when an unknown person, such as a technician, asks to access a server or other IT tool.

A major defense against a breach is to consistently monitor against intrusions. At minimum, have a firewall and virus protection software that is updated regularly; and use a secure VPN for remote access. Filter email, including limiting communications from countries with strong cybercriminal activity, and emphasize the practices you set up in training: do not open messages from unknowns. But don’t just put up these walls and walk away. Test them by conducting penetration tests to see where there may be security weaknesses and set up alerts for intrusion detection.

Restriction is another security measure that will go a long way towards limiting access. This includes not connecting a system to the Internet if it is not necessary – such as POS. And, only allow access to system components to those who use them. This not only keeps the keys with those who need entry, but it also reduces potential data errors.

Last, when it comes to members versus administration, be sure to keep those lines of communication separate. For public, member-facing Wi-Fi, use a separate network from what is used for club business and make sure the business line is hidden. For the public network, be sure to build in an auto-logout function.

Integration (Rather, Interfacing)
The second item on the agenda was to cover integration – which was directed at reviewing the pros and cons of single source tools vs. best of breed systems, and the merits to having a club’s tech tools work together. At the beginning of the discussion, Boothe quickly pointed out the concept is more accurately defined as interfacing – because it is about making connections between systems.

The common evolution for function-specific tools is for them to become popular enough that a club management tool will follow suit and build it in. Often, the third-party solution will be bought or absorbed by the larger provider. Why would a club use a specific software tool – such as tee time scheduling or email marketing – when the same function is available in a comprehensive club management system?

The list of reasons for continuing to use single source solutions is short, but heavily weighted in the pro column. Often, the organization has been using the specific tool for some time and does not want to make the change. Or, the single source solution is better because it is the specialty of the provider.

Alternatively, shifting to the specialty function within a broader club management system eases functionality. This is true because it is part of the same environment as the other tools used throughout the club. The familiar interface reduces training needs and keeps technical support to one company. The one system also maintains one database, helping to reduce error and keeping sensitive information in a single space – making it easier to secure. On the customer-facing side, members enjoy a single sign-in.

When deciding on the specialty tool, the administrative team needs to determine whether the positives are worthwhile to use a third-party solution vs. what is available through the club management solution. Even if the club decides to stick with the single-use tool, it is imperative to keep aware of the improvements and add-ons to the club management system. Do not be adverse to listening to sales pitches from the vendor, as the representative can introduce you to new functionalities that might eventually make sense to switch over.

System Selection
To cap the day, Boothe advised on system selection (view the full presentation). His presentation explained how to get organized to begin the process, outline club’s requirements and determine whether to reengineer the current solutions or go with a whole new system. Once the club is to proceed, he explained the evaluation and implementation process.

The first step is to get organized. The club needs to allot adequate time to conduct proper selection and implementation. To do this, key staff and management need to be asked to participate. Beyond the assumed participation by IT and the accounting staff, frequent users also need to be asked to provide input.

To start, the system selection team needs to document the club’s requirements, formally listing the required specifications and functions. Once gathered, deliver this document to potential solution providers to incorporate into their demo presentation.

A key to the process is to determine whether the club needs to reengineer its current system or replace it. Reengineering includes the potential to ease aggravations through user training, reconfiguring the system, process enhancements, procedure adjustments and/or management enhancements. To decide, the selection team needs to analyze the reengineering steps to prove that the legacy software cannot be salvaged.

Once it is determined that a new system is most likely needed, approach the software demonstration stage with care and time. Schedule a full day for each demo and allot a time slot for each department to participate. Be sure not to be distracted by the bells and whistles, rather have the representative focus and demonstrate the specifications previously sent. And finally, conduct your own note taking and documentation (do not rely on what the vendor provides).

Post demonstration, take the time to regroup to rate the software your team has been shown. This should happen at the conclusion of each demo with key staff, allowing you to rate the software with your fresh impressions. To keep it uniform, establish a standard rating system such as a “1-10” points system awarding points to each module. To help focus on the more important features, establish a weighting factor that places priority on the functions that are heavily relied on by operations. This helps your team choose a system that has top-rated functions that are most used.

Other factors to consider when narrowing your selection are customer references and cost. Both are important considerations, that call for additional leg work. Speaking to previous users helps you to understand the working functionality of the system – have any issues come up through use or how has the customer service been? Make the effort to reach out to your contacts in the club community vs. relying on the vendor’s references, which are likely to be groups that have primarily positive experiences. And be realistic about costs. Assume a 10-year useful life and consider the long-term costs, not just the initial costs.

You are almost there. You and your team have determined the potential candidates. The final stage is to analyze and negotiate contracts. Issue a request for proposal (RFP) to the companies you are considering, asking for an outline of the software, services and costs. Once returned, conduct an apples-to-apples comparison between the systems. Remember that value is more important than price, and price should be your last consideration when selecting your system.

The Club Forum closed with an open discussion amongst participants. They relayed their experiences with newer technologies, including beacons and handheld hardware, and how to use the technology to alleviate common issues such as managing crowds. It was a productive day that drew direct feedback from experienced club professionals on a variety of technical implementations. Stay tuned for the announcement of the 2020 Club Forum on the HFTP News site.

Eliza Selig (eliza.selig@hftp.org) is the HFTP director of communications.

You May Also Like

About the Author: Eliza Selig