Church Executive SEPT / OCT 2019 DIGITAL ISSUE | Page 17

Cyber security
church
& your
How to properly protect your
parish from scammers
By Elizabeth “Betty” Norman, BSN, MBA, CPHRM
Cyber criminals seek out organizations that seem unsuspecting.
Unfortunately, churches often offer just what they’re looking for.
I
n late April 2019, Father Bob Stec of the Saint Ambrose Catholic
Parish in Brunswick, Ohio found himself sending a note 1 to parish
members that no church leader ever wants to write. The church was
undergoing large renovations, and everyone was thrilled as the project
was both on time and on budget.
But things were too good to be true.
“On Wednesday,” he noted, “Marous Brothers [construction] called
inquiring as to why we had not paid … on the project for the past two
months totaling approximately $1.75 million. This was shocking news to
us, as we have been very prompt on our payments every month and have
received all the appropriate confirmations from the bank that the wire
transfers of money to Marous were executed / confirmed … Upon a deeper
investigation by the FBI, we found that our email system was hacked and
the perpetrators were able to deceive us into believing Marous Brothers
had changed their bank and wiring instructions … our payments were
sent to a fraudulent bank account and the money was then swept out by
the perpetrators before anyone knew what had happened.”
Before anyone knew what had happened. Those words are chilling and
common. They illustrate a growing problem that will continue to increase
as technology does: cybercrime. You might think about scammers when
scanning your personal email, but do you ever think of your church as a
large and glaring target? For so many attackers, religious organizations
represent their perfect next victims.
The more aware you are of cybercrime red flags, the better. Professional
hackers use cutting-edge technologies to steal identities, information,
credit card numbers and money. They demand ransoms, rewire funds,
use phishing scams or request gift cards. They crawl into databases
when someone clicks on a bad link or tries to download a document.
Share these tips with all church members to keep everyone as aware and
proactive as possible.
Use cautious clicking
Don’t ever click on links in emails or texts, or download documents and
files if you don’t know the user who sent them to you or expect an email
from them. A good rule of thumb is to call the sender when in doubt, and
to ask if they did, in fact, send you something that they’d like you to open.
Get smart about passwords
Today’s technology allows cybercriminals to crack passwords within
minutes or seconds. Internet security professionals suggest using a
mnemonic device password. Try taking the first letter of important words
in a sentence. For example, if you have a cat named Sylvia who has a
birthday in April, rather than making your password Sylvia04, create
a full sentence like “Sylvia celebrates her birthday in April.” This can
be formed into a password using the first letters and month number:
Schbi04. Then, to make things just a bit more complex, consider
starting or ending the password with a symbol of some sort (for
example, Schbi04#)
Switch things up
While we’re on the subject of passwords, experts suggest that
you change them frequently, and that you do not keep them written
down anywhere on your computer. The recommendation is that you
change passwords once every six months, and that you turn on 2-step
verification, making you use a login code that is texted or emailed to
you after putting in your username and password, when possible.
Protect your PC
Anti-virus software might be pricy, but the alternative could be
much more expensive. According to CSOonline 2 , cybercrime damage
costs are predicted to hit $6 trillion per year by 2021.
Ask a professional which security software might work best with the
programs and databases your church uses and put quality protection
into place.
Keep communicating
Discuss cyber security as a church regularly, and keep members
abreast of the latest tactics and techniques. Consider bringing in
an outside professional for quarterly or monthly trainings, or have
someone tech-savvy in your organization serve as a security trainer
and focus on conducting classes or seminars from time to time.
As cybercrime and hacking tactics become more evolved and authentic-
looking, and as churches become bigger targets, it’s critical to be educated
on this topic and take action. Proactively protecting your church and the
information that you hold can make an incredible difference.
Simply put, cyber security coverage has become something that
churches can’t afford to go without.
Elizabeth “Betty” Norman, BSN, MBA, CPHRM, is the director of risk control
services at Glatfelter Religious Practice. [ www.glatfelterreligiouspractice.com ]
1
https://stambrose.us/wp-content/uploads/2019/04/Important-Letter-to-the-Saint-
Ambrose-Community.pdf
https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-
andstatistics.html
2
CHURCH EXECUTIVE.COM | 17