What Happened with the 2024 CrowdStrike Incident?
On July 19, 2024, a major disruption world-wide occurred due to a faulty software update issued by CrowdStrike, a leading cybersecurity firm. This update caused widespread IT outages, affecting various global industries, including airlines, banks, and media outlets. The issue stemmed from a defect in the update that led to Windows machines crashing and entering a continuous reboot cycle, known as the “blue screen of death” (BSOD).
CrowdStrike’s software, which is designed to protect against cyber threats, requires deep access to the computer’s operating system. When the faulty update was pushed, it interacted poorly with Windows systems, causing them to fail. Although the problem was not a cyberattack but a glitch in the update, it highlighted the fragility of our interconnected digital systems.
Why Are Churches Vulnerable?
Churches are particularly vulnerable to cyberattacks for several reasons:
- Sensitive Data: Churches often store sensitive personal and financial information about their members, making them attractive targets for cybercriminals looking to steal data for identity theft or fraud.
- Limited IT Resources: Many churches lack the sophisticated cybersecurity measures and dedicated IT staff that large organizations have, leaving them more exposed to cyber threats.
- Trust and Reputation: Trust is crucial for religious organizations. A data breach can severely damage a church’s reputation, leading to a loss of trust among members and impacting donations and participation.
Why Churches Must Act Urgently
Given the vulnerabilities and the potential impact of cyberattacks, it is imperative for churches to take immediate steps to enhance their cybersecurity measures.
Top 5 Critical Cyber Security Actions Your Church Should Take Immediately
1. Adopt Secure Password Management Tools
Using secure password management tools like 1Password, Dashlane, and Heylogin helps protect against unauthorized access by securely storing and managing passwords.
- 1Password: Offers features like Watchtower to alert users to data breaches and weak passwords.
- Dashlane: Provides a digital wallet and password manager to securely store passwords and payment methods.
- Heylogin: Focuses on secure passwordless login options, enhancing security by eliminating the need for traditional passwords.
2. Implement Multi-Factor Authentication (MFA)
Adding an extra layer of security through multi-factor authentication (MFA) significantly reduces the risk of unauthorized access. MFA requires users to provide two or more verification factors to gain access to an account, making it harder for attackers to breach accounts even if they have the password.
3. Conduct A Comprehensive InfoSecurity Assessment
Performing a thorough security assessment helps identify vulnerabilities and areas for improvement. The ACST Higher Ground InfoSecurity Assessment is a valuable resource designed specifically for non-profits and churches to evaluate their current cybersecurity practices and develop a robust security strategy.
The InfoSec Assessment for Churches is no-cost and takes less than 5 minutes. Any non-technical person can complete it easily and get a report and benchmark against thousands of other churches and orgs.
4. Educate Staff About Phishing Attacks
Phishing attacks are a common method used by cybercriminals to gain access to sensitive information. It is essential to educate staff on how to recognize and respond to phishing attempts. Here are some effective methods:
- Staff Meetings: Include a brief section in the agenda to discuss phishing risks and prevention strategies.
- Video Micro-Lessons: Create short, engaging video lessons for staff and key volunteers to watch.
- Required Training: Implement a mandatory 10-minute training session on the dangers of phishing and prevention techniques. Ensure compliance by tracking completion through a centralized system.
5. Update All Software and Systems (Regularly)
Keeping software and systems up to date is crucial to protect against known vulnerabilities that cybercriminals can exploit. Regular updates ensure that security patches are applied, reducing the risk of attacks.
By taking these proactive steps, churches can significantly enhance their cybersecurity posture, protect sensitive information, and maintain the trust and safety of their congregations.
The time to act is now, before a cyberattack occurs.
One of the best next steps is to get a 3rd party managed IT service to help if you don’t have full-time IT staff that can manage this on an on-going basis.
ACST’s Higher Ground services are offering a no-cost assessment for you to get a baseline of where your church’s IT is at regarding information security. The assessment also provides benchmark details to show you what thousands of other churches and ministry orgs are doing on any given issue too.
Strongly Recommended: You can take the InfoSec Assessment online for your church: www.acstechnologies.com/infosec-assessment
