Reducing Your Church’s Exposure to Possible Cyber-Intrusions and Data Breaches

Tony Grahn
Written on May 28, 2019

Businesses have several exposures relating to cyber liability and data breaches, but churches are certainly not immune from these same type of losses. Here are several helpful tips that can help any church protect their parishioner’s personal information. These tips can also help prevent the church from uncomfortable apologies and explanations to their members, as well as embarrassing lawsuits.

1. Know Your Data

Know where and how your church data is stored. Is it kept in-house, at an offsite data facility, or outsourced to a third party? Many transaction components require churches to send parishioner’s personally identifiable information, such as credit card information for donation processing, to a third party. Consider all the elements of your church data when evaluating your cyber coverage needs.

2. Know Your Software

Churches often utilize third-party software programs to pass or retain data. Their lengthy electronic waiver often requires the church to maintain liability should a breach occur. Know how the programs work, who has access to the program, and what security measures are in place.

3. Secure Your Technology

Security measures aren’t just for your desktops and servers. Consider all devices the Pastoral staff, other employees, and volunteers are now using. That might include smartphones, home computers, tablets, and other portable devices. Such devices should be password protected and sensitive data transmitted to an from them should be encrypted.

4. Practice Security Measures

Put into place routine security measures such as updating passwords, requiring installation of software security patched in a set period of time, using firewalls, and making backups of important church data.

5. Control Administrator Access

Limit the number of individuals who have privileges to run, change or control critical business applications. This is similar to a church giving out a door key to anyone, and then losing track of who has one. Limit and control access5

6. Train Employees

Educate church staff on the risks of providing personal information on social media, the risks of catching computer viruses from suspicious email links or websites, and the risks of using company resources such as laptops on public networks.

7. Monitor, Monitor, Monitor

Ensure that internal security measures are being followed, anything unusual is investigated, and the church is routinely updating protocols for cyber breaches.

Click here to read how to avoid a cyber attack. Or, contact us for more information.