Is your church the perfect victim for cybercrime?

Cybercriminals think so.

11.5 Trillion Dollars. Yes, you read that right. According to AugustaFreePress.com, this is the yearly global cost of cybercrime predicted for 2023—up a whopping 40% from 2022. Why is this number so unfathomably massive? It’s simple. As new technologies emerge and offer new digital capabilities, cybercrime gains new capabilities, too. Despite the severity of this growing threat, however, most organizations do not realize the extent that they are at risk.

Cybercriminals prefer it this way, of course—working from behind-the-scenes and creating issues that their victims often never see coming. Unfortunately, churches and other faith-based organizations are the single largest target of cybercriminals with phishing scams across the nation. It’s time to get these criminals out of the dark and into the spotlight.

During one particularly infamous phishing scam, according to the Georgia Attorney General, cybercriminals sent out emails pretending to be the pastor of a church, and asking for emergency donations from congregation members. The email explained that they had to quickly help a widow in need and used the Pastor’s name, but a fake email address. It instructed recipients to take action by purchasing specific gift cards and mailing them to a provided address. These “impersonation-style” attacks can feel incredibly personal and happen more commonly than many realize. In fact, abnormalsecurity.com reported that between January and June 2022, 15% of all phishing attacks were impersonation attempts.

It’s terrifyingly easy for today’s hackers. But there are several things we can do to help outsmart and deter them—starting with some education and clear, church-wide communication. The more that you and your congregation members know about cybercrime, the better. One of the most important things to be aware of when it comes to cybercrime is how to spot red flags.

RECOGNIZE RED FLAGS

• Emails requesting quick or immediate action
• Emails containing spelling and grammatical errors, or that are written in an unusual tone
• Emails that ask you to open links or download documents
• Web addresses, names and email addresses that are misspelled— (they can be off by just one letter)
• Misleading links – (hover over the link with your mouse before clicking to see what website appears. Does it send you to where it says it will, or does the website look strange?)
• Requests for money, gift cards, credit card or fine payments and updates to important or confidential information – (even if it seems like these come from your bank, it’s smart to contact your bank directly to confirm before ever responding with personal information.)
• Content that says you’ve “won” a contest, and that asks for additional information in order to send you a payout or prize

With each passing year, new cybercrime tactics are developed, so new red flags will emerge. Take time to read-up on these tactics and stay as up-to-date as possible. Provide updates to members of your church as well. As you open your church’s emails, create budgets, record personal information and logs, there are some other critical things to remember.

PROCEED WITH CAUTION

• Practice careful clicking – If you see pop-ups, links or email attachments—don’t click. If in doubt, call the sender directly to ask if they meant to send you something.
• Supercharge your passwords – Swap passwords for passphrases, for example “TheCowJumpedOverTheMoon,” and include symbols. Change them every six months.
• Think thoroughly about security questions –You leave a digital footprint wherever you go, and chances are you follow your favorite band on social media, or you’ve talked about them online—so don’t make their name the answer to one of your security questions. Think of online statements as breadcrumbs that online hackers can follow, and choose specific security questions that are on topics you know you have not spoken publicly about.
• Constantly communicate – Spread the word across your parish regularly, to members, employees and volunteers. Help ensure that everyone better understands their cyber exposures and knows how to keep an eye out for red flags.

Getting hit by a hacker can be incredibly expensive—and paying for some extra layers of protection will likely pale in comparison. Weigh the costs of these products with your church’s budget and speak to an expert about products designed to reduce your risk.

PURCHASED PROTECTIONS

• Special Software – Top-tier anti-virus software can provide a significant layer of extra protection. Talk to experts and ask questions to determine what product or set of products best suits the needs of your church.
• USB keys –Encrypted USB keys are highly recommended by experts as the safest way to store passwords. Passwords should never be stored on your computer in any sort of word document, excel sheet or program.
• Insurance Coverage – As a provider of insurance to specialty markets, Glatfelter understands the value of cyber coverage first-hand. Talk to a trusted agent about your unique exposures to find out what coverage might best fit your needs.

Unfortunately, as technology continues to grow and evolve, cybercrime will, too. With churches seen as easy, key targets, it’s more critical than ever before to talk to your worship community and formulate a plan of action that everyone can feel good about. Tap into more resources to share with your team by visiting our Cyber Security Risk Resource Hub here, and employ the tactics above to help protect your organization so that you can stay focused on your mission with increased peace-of-mind.