A cyber criminal on the computer

7 Ways to Help Protect Your House of Worship from a Cybersecurity Attack

By Emily Arndt on October 30, 2023

It’s cybersecurity awareness month. Is your house of worship prepared for today’s cyberattack tactics?

A Jacksonville, Florida church is trying to get back more than $700,000 in donations that were stolen by cybercriminals in May of this year. The money was meant to help a community of churches and ministries, but instead went to criminals who could be anywhere in the world.

In 2019, a house of worship suffered a significant financial loss from a phishing scheme where the criminal pretended to be a vendor asking for payment. The house of worship didn’t realize what happened until the actual vendor contacted them about lack of payment—and by that time their money was long gone.

Cybercrime can be scary. It’s expected to cost the world $8 trillion in 2023 and $10.5 trillion annually by 2025, according to Cybersecurity Ventures. As religious organizations become more reliant on technology for communication, donations and data management, they become more vulnerable to cyberattacks—and, unfortunately, they already belong to a frequently-targeted group as-is.

Houses of worship are vulnerable because cybercriminals think they’re an easy target. Criminals know you hold a lot of personal and financial information from donors, employees and congregants, and may target you for financial or ideological reasons.

Common types of cyberattacks used on religious institutions are:

  • Financial exploitation
  • Ransomware
  • Website defacement

So, what steps can you take to help best prepare your house of worship for these types of attacks?

  1. Create a culture of cyber readiness – this requires a holistic approach, much like the one needed to address physical dangers. According to the Cybersecurity & Infrastructure Security Agency’s (CISA), the six Essential Elements of a Culture of Cyber Readiness for religious organizational leaders are:
    • Yourself: The Leader drives cybersecurity to be a major part of operational strategy.
    • Your Staff: Staff are your first line of defense. Their skills must continue to grow in practice and training.
    • Your Systems: Know where your information resides, know what applications and networks store and process that information and build security around these.
    • Your Surroundings: Make sure only those who have permission have access to your digital work space.
    • Your Data: Keep backups and have a contingency plan, which usually starts with being able to recover systems, networks and data from known, accurate backups.
    • Your Crisis Response: To try to limit damage and quick restoration of normal operations in the event of an attack, conduct regular drills as you would for a fire, making this an extension of your other business contingency plans. Check out the 8 Cyber Security Drills You Should Run in 2022 from CV3.
  2. Train staff and volunteers on cybersecurity awareness, teaching them to:
    1. Create strong passwords (or passphrases) and avoid sharing them
    2. Recognize and report phishing attempts (this is how 80-95% of all cyberattacks begin) by familiarizing themselves with specific examples
    3. Lock their computer when away
    4. Use multi-factor authentication to log in
    5. Be ready to play their part in their cyber incident response plan. For information about the six phases of a cyber incident response lifecycle and how you can establish a cyber incident response team and plan, visit this blog article.
  3. Try to ensure your network and systems are secure using:
    1. Firewalls
    2. Antivirus software
    3. Other security tools
  4. Conduct a vulnerability assessment to identify the risks to your house of worship. You can conduct this assessment yourself. Just reference the Conducting a Comprehensive Vulnerability Assessment section (p. 39) of CISA’s Mitigating Attacks on House of Worship Security Guide.
  5. Develop a comprehensive cybersecurity plan (check out CISA’s Cybersecurity Resources Road Map, designed for small and midsize organizations, or their Cyber Essential Starter Kit)
  6. Regularly backup data
  7. Update staff passwords quarterly

For even more resources to help better prepare your house of worship for cyberattacks, check out CISA’s complete Mitigating Attacks on Houses of Worship – Security Guide.

At Glatfelter, we want to help make sure your congregants, staff and volunteers are safe from these increasingly sophisticated cyberattacks. An entire section of the Glatfelter Ministry Care website is devoted to risk management and cybersecurity. For example, check out our blog called Are churches cyber crime’s perfect victims?

Finally, with today’s growing cybersecurity threats, it’s important to be insured by a cyber product that is designed to meet the modern threats your house of worship faces.

Glatfelter is proud to be introducing a more robust, standalone, non-admitted cyber product, available to new and renewal clients beginning January 1, 2024. Visit the link below for access to applications and more information.


You have the knowledge and power to help secure your religious organization’s sensitive data. Consider this the beginning of a new level of commitment to cyber readiness culture.

Emily Arndt

Em, a proud cat mom to Margot and Teddy, enjoys learning guitar, the beach, writing, and working on her sarcasm.


The information contained in this blog post is intended for educational purposes only and is not intended to replace expert advice in connection with the topics presented. Glatfelter specifically disclaims any liability for any act or omission by any person or entity in connection with the preparation, use or implementation of plans, principles, concepts or information contained in this publication.

Glatfelter does not make any representation or warranty, expressed or implied, with respect to the results obtained by the use, adherence or implementation of the material contained in this publication. The implementation of the plans, principles, concepts or materials contained in this publication is not a guarantee that you will achieve a certain desired result. It is strongly recommended that you consult with a professional advisor, architect or other expert prior to the implementation of plans, principles, concepts or materials contained in this publication.

This blog post may contain the content of third parties and links to third party websites. Third party content and websites are owned and operated by an independent party over which Glatfelter has no control. Glatfelter makes no representation, warranty, or guarantee as to the accuracy, completeness, timeliness or reliability of any third party content. References to third party services, processes, products, or other information does not constitute or imply any endorsement, sponsorship or recommendation by Glatfelter, unless expressly stated otherwise.

Related posts

About the top 4 insurance claims houses of worship experience.

Continue Reading

Tips on how to make list of church inventory to help you if a claim occurs.

Continue Reading

How you can help protect your most important asset: your people, and how to help them set up their insurance benefits so that they reflect their wishes.

Continue Reading

Submit a Comment