Offering complimentary wi-fi to members during services is just one way churches are engaging with millennials. However, without properly securing your wi-fi and other organization-owned devices, you could be exposing your church to cyber attacks from outside intruders. With security threats to churches on the rise, cybersecurity is quickly becoming a top priority for religious organizations across the country. Check out these simple tips for advice on keeping your information and the information of your congregation safe:

1) Keeping Your Church Wi-fi Network Secure

One of the first things you should do when installing a new wi-fi router is to change the default passwords. These passwords are typically standard across devices and publicly available online. Anyone looking to infiltrate your network can easily gain access if these passwords aren’t changed and kept safe. Make sure the new password is both long (at least 16 characters) and complex (including symbols + mix of upper and lowercase letters) for maximum security.

When changing the default password, consider changing the default name as well; many routers will include the make and model in the default network name, making it easier for potential intruders to find the default password for your device. Not only does a name change protect against attacks, it makes the network easier for your parishioners to find, allows for a little personalization, and helps you discern any malicious networks mimicking your wifi to steal information. Posting your network name inside the church helps prevent any members from accidentally connecting to a fake network.

When changing the default password, consider changing the default name as well; many routers will include the make and model in the default network name, making it easier for potential intruders to find the default password for your device. Not only does a name change protect against attacks, it makes the network easier for your parishioners to find, allows for a little personalization, and helps you discern any malicious networks mimicking your wi-fi to steal information. Posting your network name inside the church helps prevent any members from accidentally connecting to a fake network.

Another important counterpart to your password plus name security is your network firewall and encryption. Most routers come with firewalls and automatically enable them, but make sure to verify a firewall option is up and running on your network. You can also access Windows firewall settings from any (Windows) computer connected to the network (or check out this article from PCMag for some more info). After confirming your digital access points are secure, think about physical access points. If you have publicly-accessible ethernet ports, consider putting locks on them to prevent unauthorized access or equipment being installed. This applies to the router itself–consider placing your network equipment in a locked utility closet for maximum security.

After confirming your digital access points are secure, think about physical access points. If you have publicly-accessible ethernet ports, consider putting locks on them to prevent unauthorized access or equipment being installed. This applies to the router itself–consider placing your network equipment in a locked utility closet for maximum security.

A more advanced wi-fi security tip is to limit your router’s range to your physical location. Although this requires turning down power levels and relocating access points, the benefit is that attackers can’t sit outside your building and attempt to access your network. By containing the signal you can ensure that only those inside the church itself are able to utilize the wi-fi. Finally, if your router offers a guest network feature, disable it. It’s harder to protect and ultimately not worth the risk, especially if church members are connecting to your secure network anyways.

2) Safeguarding Your Data

Regardless of what church management software you use (check out this infographic for some great options), chances are good that you store personal or financial information of both employees and donors, given that 81% of churches report housing sensitive information electronically. This can present a huge security and liability risk for your organization if that information is not properly stored and secured, both digitally and physically. If your church employees access donor information on laptops, that information could be stolen not through a

If your church employees access donor information on laptops, that information could be stolen not through a cyber attack but by a thief stealing the whole laptop. This happens more frequently than you might think, like this case of a laptop stolen out of a Chattanooga church last year. While sticking to desktops makes theft slightly harder, that’s not always an option for church employees.

If you need to access donor information on a laptop, consider investing in one specifically designed for sensitive information, like these business laptops from HP. Many business laptops come with encrypted hard drives that protect your data in the event of theft, and some have additional security features that can mitigate cyber attack risks.

Although encryption prevents attackers from accessing stolen data, it doesn’t help you recover it, which is where cloud-based backup solutions come in. There are a few options out there specifically designed for nonprofits with confidentiality in mind. Although the initial cost of buying secure devices + backup options seems steep, considering a hacker recently made off with $680,000 from a church in Des Moines, the potential risk is even higher.

3) Educating your Employees

Teaching employees and volunteers best practices regarding information security is one of the most effective strategies you can take to defend against cyber attacks. Socially-engineered attacks, like spearfishing and ransomware, are quickly becoming favorites for hackers, and for good reason. Many of these attacks are designed to circumnavigate automated security features and prey on specific users with custom information, and churches are increasingly falling victim.

Educating employees on how to spot phishing emails is a critical step in defending your data. Check out TechSoup’s hub for religious organizations as a starting point, but make sure to revisit the topic and update your employees periodically. Password policy is another key concept for employees; despite the sometimes onerous requirements of strong passwords, they are an essential defense against unauthorized intrusions.

While explaining why strong passwords are so important won’t make password policy less of a hassle, it will emphasize how critical they are to your organization’s safety and reputation. If your organization doesn’t have policies like these in place, consider hiring a dedicated IT staff member to help develop a comprehensive cybersecurity policy. According to report from 5ifth Wall, “85% of churches don’t have a full-time IT professional on staff, 63% have no system in place to detect a potential breach, and 55% don’t have a single procedure in place to mitigate the chances of a breach.” Bringing on an IT pro will help you and your organization navigate cybersecurity policy development and ensure your information is properly protected.

These are just a few ways you can take a more active stance on cybersecurity policy at your church. One of the most powerful tools you have is educating people on what to look out for regarding cyber attacks; staying on top of current cybersecurity issues is the best way to protect yourself.

What steps is your organization taking to secure your data?

[This article was written by the community outreach coordinator for HP’s Small Business Solutions team.]