Safeguarding Your Church

Safeguarding Your Church

by Amanda Hallemeier, Accounting Clerk

Amanda Hallemeier | SST CPAI recently attended a luncheon, “Technology in the Church.”  The luncheon was an amazing opportunity to get to know our clients and gauge their needs. Churches are using social media, websites, and are in the world of IT as much as the Fortune 500 companies of today.

In “Safeguarding Your Church,” the presentation that impressed me most, speaker Melody Parlett from Enable Ministry Partners began the conversation by asking everyone if they had heard of the latest Ransomware attack “WannaCry.” To those unfamiliar with Ransomware, it allows hackers to kidnap your personal data and encrypt it. This happens through email attachments, infected websites, etc. Your data is then held hostage until you pay the ransom for the encryption key.

Safeguarding Your Church | SST CPAOne threat that Melody mentioned shocked me. Apathy! Apathy is, “Do nothing and hope for the best,” or “I’ll get to that when I have extra time or budget.” IT security cannot be achieved by IT professionals alone. One needs only to look at the 90/10 rule. 10% of security safeguards rely on technology and 90% of security safeguards rely on the user. As a business leader, one must set the tone for your employees in building a security conscious culture. Open communication with staff is a major priority.  Your staff needs to know how easily the information they retrieve, process, and export can be compromised.

Melody also addressed “Network Vulnerability.” When you evaluate the equipment and computer systems in your network, that are used at your church or foundation, how many of these systems are outdated? Old security programs can lead you to new problems. While maintaining your network, keeping all software and hardware current, it is not always safe against new malware. How often your organization preforms a backup determines how quickly your organization can be up and running again after a threat. It is always recommended to keep a backup not only in the Cloud but also on site.

The last threat discussed is “Social Engineering.” The term Social Engineering can be misleading, it may sound like you need a Master’s degree or have a million followers on Twitter, but Social Engineering is much easier and needs no degree. Social Engineering is when scammers use social interactions to steal data or gain unauthorized access to your accounts. Those unaccustomed to social media are the biggest threat in this type of scam. These scammers will exploit familiarity, sympathy, and your desire to be helpful to get your information. Make sure that your staff is trained to spot these types of hacks. Emails that look like they come from within the organization, asking for money or personal information without a verification, should always be regarded as suspicious. Team members should also be on guard if an unfamiliar IT representative requests employee login information. Keep your employees knowledgeable about who their IT representatives are and the best way to communicate with them. The best practice is a safe practice and continually educating your team on how best to prevent these types of digital threats.