In today’s electronically connected world, anyone with a computer is vulnerable to cyber attacks. That is true for churches as much as for any private business or government agency.
When hackers can break into Target, Home Depot, Sony, Citibank, the NSA, the IRS and even Facebook, how can you keep your church and the personal information of your congregation safe?
Churches are particularly vulnerable because their systems tend to have a diverse set of users – staff, volunteers, members, and visitors with their own devices that might connect to the church network while they are in the building.
Cyber crooks are not trying to get a sneak peek at next week’s sermon. They are after user names, passwords, and personally identifiable information such as names, addresses, dates and places of birth, and Social Security numbers.
So how do you protect all that?
First, accept that you are at risk. Do not succumb to the temptation to believe no one would bother with your church’s data. There is always someone out there who will.
Then, make sure you understand the threat. Here are some of the threats you need to learn about:
Phishing – Phishing emails can take many forms, including alerts that look as though they are from legitimate sources. Their objective is to trick the recipient to click on a link or attachment that opens the door for hackers to steal data or infect systems with malware. It only takes one employee or volunteer to make one mistake to compromise an entire network and cause a data breach. Make sure everyone who uses your system understands the threat.
Malware – This is malicious software installed without a user’s knowledge. It typically occurs when a user clicks on a link in a phishing email or visits an infected website. The ways malware can get into your system increase every day. Points of vulnerability can include the growing number of Internet of Things devices such as thermostats, alarms, cameras, and appliances that connect to the Internet.
Technical Vulnerabilities – There can be holes in software code that allow cyber criminals to gain unauthorized access to a system. These can exist in all sorts of applications and operating systems. An astounding number of vulnerabilities are discovered every day. They can be closed by applying patches and updates, but the only defense is to have multiple controls in place.
Create a culture of cybersecurity at your church. Here are some tips:
- Use strong passwords. It is easier to remember a simple password – but also easy for thieves to guess. Avoid letter combinations that would be obvious for a church to use. “God” and “Jesus” will be some of the first things the hackers will try.
- Do not leave passwords written out in the open. You may find it helpful to keep yours written on a sticky note, but a thief will love you for it.
- Never reuse passwords. Again, that is the easy route, and the easier it is, the more vulnerable to a hack.
- Use antivirus protection. This is basic, but it needs to be said: Make sure you have a state-of-the-art antivirus program running on your system at all times.
- Keep software updated. Not just your security software, although that is critical: The threats are always changing, and you need to keep up with those changes. You need to make sure you keep up with updates for ALL your software, including such basics as Microsoft Office.
- Train staff and volunteers. It is not enough for the pastor and church secretary to be security-conscious. Anyone who connects to your network needs to be on guard.
- Make sure you have a working firewall. It can be as important as the lock on your church office door.
- Employ encryption. If you store personally identifiable information, such as banking information for electronic tithing, you must make sure your database stores that information in an encrypted format.
- Employ dual authentication procedures. A two-step login procedure makes you more than twice as secure.
- Develop a response plan. No matter how careful or smart you are, breaches can occur. You need a plan in place to react and minimize the damage when intruders get into your system.
Originally posted on Southern Mutual Church Insurance Company
ChurchInsure is a division of Anchor Insurance Agencies specializing in the unique insurance and risk management needs of religious institutions. Visit our website to learn how we can serve you at anchor-insurance.com/churchinsure.
