Cloud based software that is properly secured and follows current day best practices is very secure. So much so that it is almost impossible for someone with malicious intent to hack into a system through the Application or an infrastructure or application vulnerability. In recent times, an overwhelming majority of data breaches are carried out through the practice of "Social Hacking" (more on social hacking here).
There are a number of things you can do in your organisation to mitigate risks of a data breach:
Each employee should have their own login to the system, and you should cancel or suspend all employee logins if they are no longer employed or on leave.
Employees should not share their password with others, even with other employees.
Employees should update their password on a regular basis. (Membes forces periodic Administrator password updates )
Restrict the ability to download (extract or export) sensitive data only to those that need it. It is good practice is to provide only one employee the ability to export data from the system. Any other employees needing extracted data must go through this person and provide a reason for obtaining the exported data.
Exported data should only be saved to secured computers.
Where exported data is no longer needed it should be deleted.
Never send exported data as an email attachment. Use a secure file delivery services for this at all times.
Ensure a data privacy policy is received from any third party service providers that you need to provide exported data to (such as an events co-ordinator, trainers etc).
Do not open attachments on emails if you do not know or trust the source of the email.
Do not install unauthorised software on any computers that are used to login to the Membes system.
Ensure anti-virus software is installed and kept up to date on any computers that are used to login to the Membes system.