By Guest Blogger Craig Huss

Published in Net Results Magazine, Nov-Dec 2019

The Tuesday after Thanksgiving, known as GivingTuesday, is a day set aside for people to support the organizations, causes and communities that mean the most to them – often through charitable online donations.

It’s a significant time for religious organizations, which are the nation’s largest recipients of charitable giving. Unfortunately, it’s also a time of vulnerability: 49 percent of church giving transactions are made with a credit card, increasing cybersecurity risks for donors and recipients. 

Online thieves are ready to prey on nonprofits whose volunteers, staff, and generous members are eager to give for a good cause.

In 2019 alone, 140 attacks targeting the public, state and local governments, and health care providers have been reported. Yet, a recent study by Church Mutual found that only 11 percent of today’s worshippers fear a cybersecurity breach at their place of worship. 

Assess Your Vulnerabilities 

Religious organizations need to be proactive about understanding cybersecurity and following best practices to protect their members – as well as their own organization’s data and financial security. 

To prepare for a secure giving season, take this data and cybersecurity self-assessment to understand your current risks.

Then consider these next steps.

1. Make a Plan, Check Your Policy 

One of the best ways to protect your organization, its members and donors is to get ahead of potential issues. You’ll need to know where you are vulnerable to a potential attack – on every networked device, across your entire system. 

That knowledge will inform your data security and response plan in the event your systems are compromised. To accomplish these critical steps, your best bet is to consult with a security expert or engage a managed service provider. 

Now’s a good time to review your insurance coverage, too. Understand what’s covered in the event of a data breach – and update your policy if needed.

Education should be part of your data security plan. Everyone who uses your networks and systems – church leaders, staff, members, and donors – should know how to use them safely and securely.

If you already have an internet use and access policy, you’re on the right track. It should be shared widely and updated each year to reflect the evolving needs of your organization – with measures to address vulnerabilities and changes in the digital world. Staff and volunteers should be trained on the policy annually and kept informed on changes made throughout the year.

2. Evaluate Networks and Systems

Protecting your Wi-Fi network is vitally important, especially if you allow your members to use it. As a start, avoid broadcasting the name of your protected network publicly to minimize the number of external attempts to access it. Segment your network to have a protected segment, which is only known to internal staff, and a guest segment for public use.

Always require permission to access the protected network and ensure that any accounts making multiple unsuccessful attempts to log in are locked out. Also be sure to use firewalls and encryption to further restrict access to your network and the data on it. 

Your internet use and access policy should also include information on accessing your broader set of systems, devices, and data. Not all staffers or volunteers should be given the same level of access, particularly when it comes to the most sensitive and critical data. 

Establish authority levels for individual access, providing clear criteria for each level. Authority levels should reflect the individual’s role within your organization, their responsibilitie,s and pertinent background information, obtained through background checks.

3. Think Safety and Security

The people within your organization play a significant role in keeping it secure. It’s important to provide employees and volunteers with cybersecurity training when they start and as needed throughout the year.

Most of the cybersecurity information employees and volunteers need is related to their personal safety and security. They may already be familiar with some of these practices:

Creating strong passwords and using multi-factor authentication

Handling and protecting sensitive information

Knowing how to identify potential threats: phishing, ransomware, and other malicious emails

Implementing active anti-virus/malware detection software on your organization’s devices

Conducting regular training sessions will ensure that everyone is on the same page and working together. It also gives you the opportunity to educate employees and volunteers on any risks and challenges unique to your organization and how to minimize them.

Cybersecurity can be an intimidating concept – the digital world changes quickly, and it can be challenging to keep up. But by taking these preventive steps now, you’ll help to ensure a safe, secure giving season for your members and your organization.

Craig Huss is the Assistant Vice President
and Chief Information Security Officer,
Church Mutual Insurance Company. Craig joined Church Mutual in 2016 as senior IT executive manager – infrastructure and operations, and was promoted to his present
position in September 2017.