7 Ways to Help Protect Your House of Worship from a Cybersecurity Attack

It’s cybersecurity awareness month. Is your house of worship prepared for today’s cyberattack tactics?

A Jacksonville, Florida church is trying to get back more than $700,000 in donations that were stolen by cybercriminals in May of this year. The money was meant to help a community of churches and ministries, but instead went to criminals who could be anywhere in the world.

In 2019, a house of worship suffered a significant financial loss from a phishing scheme where the criminal pretended to be a vendor asking for payment. The house of worship didn’t realize what happened until the actual vendor contacted them about lack of payment—and by that time their money was long gone.

Cybercrime can be scary. It’s expected to cost the world $8 trillion in 2023 and $10.5 trillion annually by 2025, according to Cybersecurity Ventures. As religious organizations become more reliant on technology for communication, donations and data management, they become more vulnerable to cyberattacks—and, unfortunately, they already belong to a frequently-targeted group as-is.

Houses of worship are vulnerable because cybercriminals think they’re an easy target. Criminals know you hold a lot of personal and financial information from donors, employees and congregants, and may target you for financial or ideological reasons.

Common types of cyberattacks used on religious institutions are:

• Financial exploitation
• Ransomware
• Website defacement

So, what steps can you take to help best prepare your house of worship for these types of attacks?

1. Create a culture of cyber readiness – this requires a holistic approach, much like the one needed to address physical dangers. According to the Cybersecurity & Infrastructure Security Agency’s (CISA), the six Essential Elements of a Culture of Cyber Readiness for religious organizational leaders are:
   • Yourself: The Leader drives cybersecurity to be a major part of operational strategy.
   • Your Staff: Staff are your first line of defense. Their skills must continue to grow in practice and training.
   • Your Systems: Know where your information resides, know what applications and networks store and process that information and build security around these.
   • Your Surroundings: Make sure only those who have permission have access to your digital work space.
   • Your Data: Keep backups and have a contingency plan, which usually starts with being able to recover systems, networks and data from known, accurate backups.
   • Your Crisis Response: To try to limit damage and quick restoration of normal operations in the event of an attack, conduct regular drills as you would for a fire, making this an extension of your other business contingency plans. Check out the 8 Cyber Security Drills You Should Run in 2022 from CV3.
2. Train staff and volunteers on cybersecurity awareness, teaching them to:
   1. Create strong passwords (or passphrases) and avoid sharing them
   2. Recognize and report phishing attempts (this is how 80-95% of all cyberattacks begin) by familiarizing themselves with specific examples
   3. Lock their computer when away
   4. Use multi-factor authentication to log in
   5. Be ready to play their part in their cyber incident response plan. For information about the six phases of a cyber incident response lifecycle and how you can establish a cyber incident response team and plan, visit this blog article.
3. Try to ensure your network and systems are secure using:
   1. Firewalls
   2. Antivirus software
   3. Other security tools
4. Conduct a vulnerability assessment to identify the risks to your house of worship. You can conduct this assessment yourself. Just reference the Conducting a Comprehensive Vulnerability Assessment section (p. 39) of CISA’s Mitigating Attacks on House of Worship Security Guide.
5. Develop a comprehensive cybersecurity plan (check out CISA’s Cybersecurity Resources Road Map, designed for small and midsize organizations, or their Cyber Essential Starter Kit)
6. Regularly backup data
7. Update staff passwords quarterly

For even more resources to help better prepare your house of worship for cyberattacks, check out CISA’s complete Mitigating Attacks on Houses of Worship – Security Guide.

At Glatfelter, we want to help make sure your congregants, staff and volunteers are safe from these increasingly sophisticated cyberattacks. An entire section of the Glatfelter Ministry Care website is devoted to risk management and cybersecurity. For example, check out our blog called Are churches cyber crime’s perfect victims?

Finally, with today’s growing cybersecurity threats, it’s important to be insured by a cyber product that is designed to meet the modern threats your house of worship faces.

Glatfelter is proud to be introducing a more robust, standalone, non-admitted cyber product, available to new and renewal clients beginning January 1, 2024. Visit the link below for access to applications and more information.

You have the knowledge and power to help secure your religious organization’s sensitive data. Consider this the beginning of a new level of commitment to cyber readiness culture.