5 Tips & Best Practices for Churches Handling Data

"The two most important days in your life are the day you are born and the day you find out why." - Mark Twain

When Mark Twain made this statement, there was no internet. There was no ransomware, data breaches, or other forms of cyber attacks. Let's take a minute and think about how technology is a game changer when it comes to Mr. Twain's statement.

Let's consider a person who finds out they have been anointed to do God's work. They have a deep desire to serve and the passion to address some of society's toughest problems, such as eradicating poverty, helping families in tough times, enabling disadvantaged teens to pursue a college education, or mitigating racial injustice. Most importantly, this person makes a commitment to be a spiritual shepherd to a congregation one day. These personal convictions used to be enough to do the Lord's work and do it well. But not today, not in a world that lives digitally.

To do what God has called you to do in this digital age, you must develop a culture where worship is tightly coupled with cyber awareness. Why? Because churches have access to sensitive information from their members, donors, and people they serve in the community. Couple that with the fact that most churches have inadequate cyber security measures in place, and you have perfect conditions that have led cyber criminals to make non-profits and churches their favorite targets.

Here are a few cyber awareness tips that can help church leaders mitigate cybersecurity risks, as well as steps they can take to avoid the attacks.

1. Have a security specialist evaluate your giving platform.

The same technology that makes it easier for you to get gifts, donations, and tithes online also makes it easier for cyber criminals to steal from your organization. Criminals know this. When accepting gifts online, have a security specialist assess the risks involved to ensure your online giving platforms are safe.

2. Educate your members on how to spot phishing emails.

The same newsletters, fundraising literature, and emails you send to your supporters to raise money can be exploited by cybercriminals to solicit your supporters, usually without them knowing they have been tricked. Teach your givers how to audit digital correspondence from the church and differentiate between authentic church requests and criminal messages. You can work with a cyber professional to learn how to perform checks on embedded links, as well as identify other tell-tale signs a criminal is targeting you.

3. Teach your members to spot ransom web links.

Simply put, teach your members to never click on a link that they have not verified as safe, even if it is correspondence from the church. One-click can lead to successful ransomware and phishing attacks that ultimately can lead to your organization being compromised. A cyber security professional or team can help you understand the "art" of clicking and not clicking.

4. Vet those serving in the church.

Insiders are 80 percent more likely to be the cause of a cyber attack than external threats, and insider threats are just as much of a threat to churches. So many volunteers have a passion for giving back and helping the church, but you must put boundaries in place to ensure that those serving do not have access to sensitive data. Work with a cyber professional to create an onboarding process that trains volunteers and establishes safe zones for those serving to best support the organization.

5. Get a dedicated cyber team in addition to your IT team.

The IT team can not automatically become the cyber team. Sometimes IT professionals can be brilliant technologists and engineers but be a poor choice without proper training to function in a cyber security capacity. Cybercriminals know that most churches have small IT teams that also support cyber security requirements for the organizations.

It cannot be stressed enough the need for churches to differentiate between IT and cyber security staff. Cyber security issues are specialized, and you'll want a dedicated cyber professional on your team to ensure everything is set up correctly, is optimized, and that if anything were to go wrong, you'd have knowledgeable specialists available to solve the problem.

If your organization does not have the resources to hire a designated full-time cyber security professional or team, then contract a cyber security professional to develop a plan to up-skill the existing team you have. You can also identify a cyber security training program that, when completed, will transform your IT team into layers of defense against cyber, ransomware, phishing attacks, and more.

These are simple rules to follow that can transform your organization's digital footprint and can serve as the primary building blocks for establishing a cyber-aware culture in your church. To move towards the next level of security, contact us at 1600 Avenue to get your church on the right path to a safer cyber future.

1600 Avenue is a Silicon Valley and LA-based 501c3 organization that can be your dedicated sounding board for all cyber needs. Supporting communities is our business, and we are dedicated to helping organizations and everyday people gain access to premium privacy and cyber protections. Contact us today for a free consultation to discuss your cyber and privacy requirements.