By Tony Vargas
When it comes to cybersecurity, many of us can feel lost among the cyber lingo and unsure on how to protect our churches, schools, and ministries against risks in the digital world. A conversation with ARM’s IT manager Tony Vargas will help answer many of your questions on cybersecurity and risks.
Q: Why should churches be concerned about their Wi-Fi technology and their firewalls?
A: Wi-Fi is often one of the most vulnerable points in digital ministry. Passwords shared with members and guests often means the abuse of the Wi-Fi network.People will share passwords with others or even post the passwords in an accessible location. In a worst case scenario, church members simply do not configure the Wi-Fi systems securely when they are first installed.
There are several important points to remember regarding Wi-Fi networks. Segment church computers from member and visitor computers. Enable device isolation which prevents users from seeing each other. It protects users from others who have also connected. Also, change the Wi-Fi password frequently to prevent those nearby from abusing it.
Firewalls require a lot of care. It’s your primary connection point to the rest of the world. There are three things you must be diligent in for cybersecurity. Protect all passwords. Don’t use default settings. Always keep the software and firmware up to date. All too often, these devices are taken through an initial setup and forgotten.
Q: How can I protect sensitive information such as my church directory, church member contact information, and even electronic tithe transactions?
A: Make sure you’re using passwords that are required to access your computers, devices, or network and be sure to change those passwords regularly. A password should be 8-10 characters at a minimum, one capital letter, one lowercase letter, one number, and one special character.
If your church decides to publish its member directory online, incorporate some obstacles to make sure hackers don’t access the information. For example, create a members only login to access that information.
You should encrypt any sensitive church information, especially on laptops. Mobile devices are vulnerable to theft because of portability. Once someone has physical access to devices, it is not difficult to break into them. Drive encryption is something to consider strongly for all mobile devices. Many options are available to any size church. These include both free-of-charge and paid applications. Carefully evaluate each program to find the best fit for your church.
Make sure your wireless network is secure—use passwords, change them frequently. Remember, if someone is on your network, they can get access to the computers on your network. Have a separate guest network for the congregation and a business network for church computers. The separation of the two different networks is necessary.
To protect electronic tithe transactions, make sure the systems you are using are secure. For example, the link should begin with “https” indicating that it is a secure connection. The North American Division of Seventh-day Adventists provides an online giving website for each church to collect funds. The site is AdventistGiving.org. The IT department at the North American Division oversees the security of this site. Encourage your congregation to refrain from storing card information anywhere.
Q: How can individual members help protect their church’s data?
A: A lot of church members may have the key to the building. And, just like you don't share these keys with people you don't know, members shouldn't share the business Wi-Fi or other connectivity information with visitors or other people you don't know. The church may be doing a good job of separating the two Wi-Fi networks, but some people may still be sharing the password to that private, business Wi-Fi. This might be because it’s convenient or the only one they know. Their actions negate your efforts in one stroke. Education is also essential to help members understand the importance of protecting the private network.
Another way to help is to be vigilant and alert to any suspicious activity. If someone calls and asks about church members and an individual’s name, take note of who the caller is and why they are seeking information. That's called social hacking. Think carefully and be cautious of who you share church information with including names, numbers, and passwords.
Watch for Part 2, coming out next issue, where we'll discuss cybersecurity systems and hacking.
Tony Vargas is IT Manager for Adventist Risk Management
By Tony Vargas