Cybersecurity Q&A:

When to Upgrade and How to Combat Hackers

Q: How much should my church spend on cybersecurity efforts?

A: This is dependent on the size of your church and the scope of your technology. A church of 400 members is entirely different than one with 100 members. Evaluate the size of your church, the extent, and amount of technology you have. How much information do you store on that technology? That should give you a clearer picture of how much to invest in cybersecurity efforts.

Q: How often should my church upgrade its security systems?

A: All churches must evaluate their technology’s security systems on an ongoing basis. Two questions to ask: Is there any maintenance I should be doing? Is my software obsolete (no longer produced or used, out-of-date)? Replace or update your equipment before the product vendor ends technical support or the equipment is no longer capable of protecting you against the threats that exist. Threats are always changing, so it’s important you are also constantly vigilant.

Q: How can my church prevent a breach or hack?

A: A typical statement in the technology security industry is, “It’s not if you will be hacked, but when.” The reality is that if someone wants to get in, they will find a way. It’s just a matter of how difficult you make it for them and if you make yourself a likely target. Hackers will often go for the “easy target” first before going after the harder ones. There are clear signs that will alert you to the risk of a potential hack. If you notice anything odd, it’s time to check things out. Examples of this include your computer acting funny, or missing data. Another indication is a new computer virus or bug.

Q: My church leaders don’t feel there is a need for a cybersecurity system. How can I convince them that this is important and necessary?

A: People may often question why a person’s name or phone number is considered critical information, or why cybersecurity is needed. If a hacker can access this information, that means he knows the names of everyone at your church! He is then able to perform what is called “social hacking.” For example, if I am a hacker, and I call a church member asking for money and mention the names of a few church members or even the church pastor, I am more likely to be successful. You’ve given me, as a hacker, the tools to sound legitimate. 
Check out the first part of this series – Cyber Basics: How to Protect Your Ministry On the Cyber Level

Tony Vargas is IT manager for Adventist Risk Management