As we become more dependent on technology, security threats grow and change on a daily basis and user data continues to be vulnerable. This is true for churches, just as it is for any other organization or business. Learning to keep online data and accounts safe and being reminded to regularly update security protocols is increasingly important for pastors and church communicators. Everyone now knows that even the most powerful institutions are exposed to hackers and large-scale security breaches. So what can your church do? Plenty.
Simple preparedness routines and protocols can help churches take precautions to keep online data safer and lower the risk of tempting spammers, viruses, and automated bots to infiltrate church networks. Being aware and acknowledging that there are real risks are the first steps toward improved security.
Here are six common security threats to church data and tips for avoiding them:
1 – Social Media Attacks
Churches rely on social media so much these day and discerning friends from foes is important for church communicators and staff to recognize. Unknown friend requests can come with nefarious application install requests that make your church social media networks and friends vulnerable to hacks and attacks. Social media outreach should be carefully considered and planned for, especially when using church computers that may contain large amounts of stored data. Hackers love social media and churches are often targets.
How to avoid it:
Educate church employees about social media vulnerabilities and threats, and have conversations about creating best practices for account management. Also, make certain that church employees know that they should immediately report any suspicious activity on any church social media channel account they manage or with their own account. And it is always good to remind staff not to share church passwords, and for managers and pastors to have a physical log of all passwords and account access information for all church social media accounts.
If there is a breach, all vendors will ask for the name, email address and password on the account. Make sure your church leadership always has this information and is notified if and when passwords are updated.
2 – Website Attacks
Websites are the face of any organization and protecting them from malware and hackers should be a top priority for pastors and church leaders. Many people wonder if church websites even need SSL certification. The answer is yes. And this is only the first layer of creating a safer site. The risk of having hackers take control of your website and any password protected user databases that may be associated with the site warrants greater security.
These inherent vulnerabilities allow injection-style attacks where hackers gain direct access to the back-end database by entering in database commands (malicious code) instead of the usual data through a text box on a website. This is one of the most common attacks on websites that are database driven and the chances of the person being caught are low compared to the high value of the information that can be taken.
Other website weaknesses include Cross-Site Request Forgery, Broken Authentication and Session Management, and Security Misconfiguration.
How to avoid it:
Keep your church website safe by keeping software updated and current, making a conscious choice not to house quite so much critical information on the site, and hiring IT professionals to set up and monitor website security. From there, churches should also create a response plan if the church website is hacked. This plan could also include the church social media accounts as well (see above). And finally, back up your website content regularly. Church website content should live on back up files to prevent a total loss if the website is compromised.
3 – Password Phishing Threats
Spam emails trying to trick users into giving up their log-in information pour into every inbox daily with vigor. These phishing attacks are being ruthlessly filtered by anti-spam vendors and services that quarantine these nasty tricksters. However, spammers are getting more sophisticated at mimicking emails from friends, family or businesses and a few always get through to your inbox with clever tricks to get you to enter passwords. Again, churches can be particular targets for spammers.
How to avoid it:
A couple of simple solutions is to use spam filters for email and to never open emails from a person or organization you do not know. Often curiosity or force of habit gets people in trouble as they click through random emails. Some web browsers highlight the true domain name of a host in a URL string making malware more obvious. Protocols for handling suspicious (likely phishing) emails and phone calls should be discussed with staff as part of the church security plan and implemented.
4 – Leaky Software
Unpatched software is one of the most vulnerable areas of any computer that opens it and the entire network to hackers, and yet it goes mostly unnoticed. Adobe Reader is by far the most common browser add-in program that needs regular updating, but there are many others like anti-virus software. It seems like a no-brainer, but many users do not do it.
How to avoid it:
Keep church computer and data security in top shape by having IT professionals install and regularly update all software and check for breaches. This benefits security and often improves office computer system performance as well.
5 – Social Engineering
Yes, there are still scammers and spammers who are intent on tricking users into giving them your sensitive information. Recent examples include phone scams where people call you pretending to be the IRS and insist that you owe money that needs to be paid today and offer to take payment over the phone. Also, it’s good to remember that most large government agencies contact you by mail for major inquiries and payments. And any caller that asks for a social security number over the phone in the first five minutes is probably up to no good.
How to avoid it:
Screen calls from numbers you do not recognize. If it is important they will leave a message and you can then begin to determine if it is a legitimate call. Though be warned that scammers also leave messages, usually automated ones. The same is true for spammers with emails: do not open emails from unknown senders, and certainly do not divulge sensitive personal information via email to an unknown entity.
6 – Hacking the Internet of Things
Yes, hackers can hack digital devices that are connected to your network. IoT devices include digital cameras, DVRs, and webcams. Hackers enter the network and can actually take over these devices and the entire network.
How to avoid it:
Church IT staff should be aware and take inventory of all of the devices that are connected to the church network at any given time. This can lead to the discovery of vulnerabilities and provide information about how to create better protections. There are also solutions that provide greater security to internet routers, which block hackers from accessing the network and thus the smart devices on the network.
Making church networks more secure is a necessary and valuable use of time and resources. Is internet security 100% possible? We know the answer to that. Can churches put measures in place to reduce their risk and vulnerability? Absolutely! Churches that rely on technology should also rely on IT professionals to keep their digital communication systems performing well and as secure as possible.
