Cyber criminals seek out unsuspecting organizations. Use these tips to help make sure your church isn’t one of them.
Six Trillion Dollars. Yes, you read that right. According to CSOonline[i], it is predicted that by 2021, cyber crime damage costs will hit $6 trillion yearly. That number is mind-bogglingly huge. But why? As technology continues to advance, so do cyber crime tactics. Despite this rise in threat, many organizations don’t realize that they could be active targets. Cyber criminals work in the dark and behind-the-scenes, making their efforts easy to miss…but we can’t afford to look away any longer.
Recently, a church in Texas found themselves victim to a highly-organized crime network. The scariest part of the attack is that it was one that many could easily fall for. According to the ABA Journal, the cyber crime operation that hit them used special malware to “infect computers and capture banking login credentials. The conspirators allegedly created lookalike internet pages for the victims’ financial institutions. They then accessed the bank accounts and transferred the money…”
It seems all too simple. And for today’s hackers, it is. This process is repeated over and over across the world, by tech-savvy scammers. How can you outsmart them and help protect your church, your members and the data you hold?
Education and communication are the keys. The more you know about cyber criminals, the better. The more you share your knowledge, the smarter everyone can become. It’s important to understand the reality of the situation: hackers use all sorts of emerging technologies to steal personal information, medical records, credit cards, checking account numbers, money and even identities. They can demand ransoms, duplicate websites, rewire funds, shut down entire computer systems and tap into online appliances, such as security cameras and even refrigerators.
This is overwhelming information, and it can be hard to know where to start. A great place to begin is by keeping an eye out for some of the biggest red flags, and letting all congregation members know that they should do the same:
IMPORTANT RED FLAGS
- Emails that request fast or immediate action on your part
- Unsolicited, unexpected emails that ask you to click on links or download documents
- Web addresses, names and email addresses that are misspelled—(look closely, they can be off by just one)
- Links that don’t lead where they should – (hover over the link with your mouse and see what website appears. Does it seem to send you to where it says it will?)
- Requests for money, gift cards, repayment of fines, and updates to important or private information – (even if it seems like these come directly from your bank, it’s smart to contact your bank directly to confirm before ever responding with information.)
- Content that says you’ve “won” a contest, and that asks for additional information in order to send you a prize
As time goes on and new cyber crime tactics are developed, new red flags will emerge. Work to stay up-to-date on this information and to keep all important parties in the loop on it, as well. As you open your church’s emails, work on budgets, record personal information and create accounts, there are some other important things to remember as well:
- Click carefully – Don’t ever click on pop-ups, links, or on attachments if you do not know who sent them to you or if they are unexpected. When in doubt, call the sender directly and ask if they meant to send you something.
- Power-up your passwords – Experts say that passwords should be complex, involve symbols, and be changed every six months. As inconvenient as that is, it’s much more inconvenient to deal with a breach of confidential information.
- Select security questions carefully – Don’t overlook the importance of quality security questions. They are equally as important as passwords. Pick difficult questions, and stay away from ones like “What is your favorite band?” You leave a digital footprint wherever you go, and chances are you follow your favorite band on social media, or have commented about them in public posts. Every statement you put online leaves the hackers a breadcrumb trail that they are all too eager to follow.
- Talk about it – Communicate regularly across your parish with members, employees and volunteers. Make sure that everyone understands your unique cyber exposures and how to watch out for them.
There are also several proactive security protections that come with a price tag but can be well worth your time and investment. In 2018, IBM reported[ii] that the average cost of a data breach was “up 6.4 percent over the previous year to $3.86 million.” Getting hit by a hacker can be incredibly expensive—and the costs of these products pale in comparison:
PROTECTIONS FOR PURCHASE
- PC Protection – A quality anti-virus software can go a long way toward helping you stay aware of red flags, data breaches and viruses. There are many choices in this area, and it is worth taking the time to ask experts questions to determine what the right product might be for your church’s individual needs.
- USB keys – Experts agree that a big password “no-no” is creating a spreadsheet that lists the passwords you’ve chosen. But if you use multiple programs and vary your passwords (as you should) it can be hard to keep everything committed to memory. This is where encrypted USB keys come in handy. These keys can store passwords in a safe place that can only be accessed by approved individuals when needed. (*Speaking of USB keys – NEVER plug a USB key into your computer if you do not know where it came from. This is a quick, easy way for hackers to gain access to your network.)
- Cyber Crime Insurance Coverage – As a provider of insurance to specialty markets, Glatfelter understands the value of cyber coverage first-hand. Our Cyber Liability and Privacy Crisis Management Coverage works to equip churches across the U.S. with protections and risk management tools. We complement the coverage with a full eRiskHub and portal, free of charge to clients, that includes things like incident response plan roadmaps, online training modules, risk management tools, eRisk resources, and a news and learning center to keep you up-to-date on all of the latest cyber crime information.
As cyber crime incidents continue to rise, and churches are seen as key targets, it’s critical to talk to your worship community and formulate a plan to take action. Using the tactics above can help protect your church’s members, finances and even reputation, and can help ensure that you can stay focused on your overall mission with more peace-of-mind.
Lindsey Elias, Marketing
As our Marketing Content Manager, Lindsey is passionate about producing quality content. When not at the office or planning her next Disney getaway, she loves hanging with her husband, family and fur babies and indulging in the two c's: carbs & coffee.
The information contained in this blog post is intended for educational purposes only and is not intended to replace expert advice in connection with the topics presented. Glatfelter specifically disclaims any liability for any act or omission by any person or entity in connection with the preparation, use or implementation of plans, principles, concepts or information contained in this publication.
Glatfelter does not make any representation or warranty, expressed or implied, with respect to the results obtained by the use, adherence or implementation of the material contained in this publication. The implementation of the plans, principles, concepts or materials contained in this publication is not a guarantee that you will achieve a certain desired result. It is strongly recommended that you consult with a professional advisor, architect or other expert prior to the implementation of plans, principles, concepts or materials contained in this publication.
To help you better secure your house of worship, we’ve compiled our claims data and singled out the top three property risks to worship centers.
Houses of worship have found that the option to donate online is mutually beneficial for them and their members.
It’s important to make sure your website is able to serve everyone—or you could find yourself in legal, financial or reputational trouble.