5 Cyber-Security Risks and Solutions for Your Church
Cyber-security risks are a threat to anyone that uses a computer connected to the Internet. Those risks can lead to having your personal data stolen. Data breaches are everywhere these days. Companies that have been affected include Target, Home Depot, Sony, Citibank, NSA, the IRS and the list goes on.
You might think your church doesn’t need to worry about cybercrime, right? I wish that were true. In 2015, a sizable 3.4% of the 40,000 hacks made per day were against religious organizations and 19.5% were against non-profit organizations.
These data breaches are becoming more and more commonplace. As you may already know, a data breach occurs when sensitive information, such as banking information or intellectual property, is stolen digitally using a computer. In addition to financial information, personal information is also often the target of these thieves. Names, social security numbers, addresses and phone numbers are all targets once a network has been hacked.
What’s at risk for hacking? Just about anything that runs on electricity and connects to the Internet. The next weakest link? You and your staff. Most people are trusting when it comes to data, and thieves will take advantage. This can lead to some serious problems when it comes to your ministry’s data security.
If you’re pinched for time, here’s a quick overview of the risks and some solutions:
- Reused passwords – don’t reuse your passwords.
- Unpatched computer systems – always install security system updates in Windows Update or the Mac App Store.
- Phishing – if it looks fishy it probably is phish-y. Be extremely vigilant about what email attachments and links you open and the sites they send you to.
- Unsafe software installation – never install any software without consulting your IT team.
- Improper computer disposal – always remove and secure or destroy your computer hard drives before disposing of a computer.
With that out of the way, here’s an in-depth look at five cyber-security risks and solutions for your church:
5 Cyber-Security Risks and Solutions for Your Church
Reused passwords – It’s something we’ve all done, so watch out for the reused password. I know, I agree that it’s much easier to remember one password than 50. However a reused password puts your personal information at risk as well as your church’s data.
A recent study from Swivel Secure (a network solutions provider) titled “Passwords: The Weak Link in Digital Security” found that 62% of respondents say they are concerned about their personal security online.
According to the firm’s vice president, Fraser Thomas, the risk isn’t being taken as seriously as it should be. “This year has seen an all-time high in data breaches which have left millions of confidential personal details, credit card and account numbers, and corporate systems exposed to theft. Yet this seems to have had little to no effect on the security practices of the country’s workforce.”
According to the Swivel Secure survey, 73% of U.S. full-time workers admit to reusing the same batch of passwords online.
What can you do about making sure you’re safe from this particular cyber-security risk? Try using secure password services like LastPass and 1Password. These password services can generate unique passwords for you and keep them in a protected, cloud-based database that you can access from any web browser on multiple computers or mobile devices. The advantage here is that there’s very little to remember in the way of passwords. Alternatively, you can try to use a generic password prefix or suffix and change a few unique characters within. For example “Mike$Facebook2016” or “Mike$LinkedIn2016” … it’s much easier to remember your passwords this way.
Unpatched computer systems – Remembering to update your church computer’s operating system can be difficult. Some systems prompt you to update and some don’t. Some make it easy to do with minimal user interaction (Apple) and some require three or four restarts (Microsoft) to finish the task. With all of that work it’s no wonder some people avoid those updates like the plague. Yet avoiding them is one of the worst things you can do when it comes to protecting your ministry’s data. These updates usually contain the latest security fixes for your operating system and can protect you from malicious web sites and computer programs.
So how risky is not updating? Consider this 2015 Cyber Risk Report from HP which found that 44% of breaches in 2014 used known vulnerabilities. That means that the attacks could have been prevented through updated operating systems.
This is one cyber-security risk you can easily avoid. Regularly download and install your computer’s operating system security patches. Updating once a month is a good idea.
Phishing – If you Google “what is phishing?” you’ll get a nice definition that states that phishing is “the activity of defrauding an online account holder of financial information by posing as a legitimate company.” In fact there are multiple types of phishing. One very common tactic is to try to scare the victim via email. You might be told that if you don’t change your password for your online banking, you’ll lose access to it. The modus operandi is to send an unsuspecting user to a fake web site that looks just like the real thing (think your bank or your credit card company) and hope that the victim doesn’t catch on. The thieves hope you’ll put in your user name and password and other identifying information so they can easily access your legitimate accounts.
Does your ministry have finance or accounting departments? Spear phishing and whaling targeting these departments are becoming a big problem according to Mimecast.
A targeted phishing attack is known as spear phishing. These attacks are pointed at specific folks whom the hacker explicitly wants to target due to job function, financial status and so forth. Similar to spear phishing is “whaling”. Whaling targets high-value individuals such as CEOs, company board members and government officials. These “large” marks are somewhat of a holy grail as they often have very large sums of money or sensitive information in their digital accounts.
If you are concerned that you or your church is a high-value target, be sure to take identity protection steps such as cross-cut shredding your old paperwork and make sure you avoid clicking any links or attachments in emails. Phishing is a very common cyber-security risk that’s easy to fall victim to.
Unsafe software installation – Looking to use Adobe Photoshop but don’t have access to it? A quick search on the web will lead you to hundreds of sites that will either send you to illegal software sharing portals or offer you free versions of comparable programs. I already know that you would never download illegal software, but what about those free, comparable programs? They look like a good deal, but often the software is loaded with adware and malware. Sometimes these additions are not even included by the original creator! They’re added on later by a middleman. Avoid those sites and talk to your ministry’s IT team about what software you should be using on your system and where to get it from. This will help you steer clear of licensing issues and shady malware.
Norton by Symantec, the company behind Norton Antivirus software suggests the following: “Only download from well-known vendors that participate in verification programs that confirm software is legitimate. For example, TRUSTe is one such organization that provides vendors with a seal of approval logo after a due diligence process has been completed. Look for the TRUSTe logo to confirm a site is safe.”
Again, working with your IT staff can help you avoid the cyber-security risk of adware and malware.
Improper computer disposal – There’s one sure thing about technology, and it is that technology is outdated almost immediately after it’s released to consumers. When it’s time for a new computer there’s something your ministry should be aware of … someone needs to ensure that the hard drive is removed, destroyed or secured. This prevents someone from salvaging the computer and copying any data from it. Data retrieval can be done even when you think a computer is broken or that you’ve formatted it to the way you purchased it. One more thing, be sure to “Go Green” and dispose of the computer parts properly – Mother Nature could use the break.
Bonus: Forgetting background checks – if you just read the overview list, you’re missing out on this bonus tip. A background check can help your ministry weed out job applicants or volunteers that may have a history of cyber theft or other criminal activity. Be sure to run one for each new member of your team and rest a little easier.
Has your ministry encountered any of these risks? What was the outcome? Do you have Cyber Liability Coverage to offset your cyber-security risks? Tell us about it in the comments, below.
You can also talk to us any time by calling 800-843-6054.