Guarding Against A Digital Invasion
Think about all of the information you gather from parishioners, visitors, employees, and vendors. Most, if not all, of that information probably resides on computers and in the cloud. Personal, payment, and private data is being gathered and utilized on a daily basis.
Keeping this data secure is essential. We never want to think that are world could be compromised, even when we hear about it happening to other organizations. One thing that has become clear is the necessity of looking at things from a different viewpoint. Identifying potential hazards and loopholes only helps us stay safe.
Some things to consider are: password strength, staff education, limited access, and monitoring.
The stronger the password, the more secure the data. Many people select a password that is easy to remember. If it’s easy for you to remember, it’s easy for a criminal to figure out. You can, however, create a password that is both easy to remember and hard to discover. Morgan Wright, a security expert, teaches a fail proof system for password creation. In effect it is – select a 4 or 5 word sentence. For example, My house is blue. Using the first two letters of each word, create a password where the first letter is capitalized and the second is lower case. Begin the password with a hashtag and the number of words in the sentence. Using My house is blue, my password would be #4MyHoIsBl. You can customize the password for the site you are logging into. If I was logging into Facebook I would add Fa to the end of the password, so it now would be #4MyHoIsBlFa. Relatively simple but very secure.
Let’s not assume that everyone using our computers and payment systems is aware of the potential dangers. Consistently educating the staff on security and safety precautions keeps the topic at the forefront. It’s easy to relax and forget the potential dangers lurking just outside our screen. Maintaining a system of continuous education will remind everyone why certain securities are in place.
At the same time, limiting who has the ability to access the data and systems will limit the potential for something to go wrong. It’s not about trust. It’s about security. Thinking through who really needs to be able to sign in, see data, pull payments, will help you identify where a weak link exists.
Monitoring is an essential aspect of data security. Things change rapidly in the technology space. And cyber-criminals are consistently finding new and interesting ways to invade your systems. It is a prudent policy to establish scheduled monitoring processes that are either conducted internally or outsourced to a managed services company.
Your parishioners are assuming their data is secure when they give it to you. Donors, parishioners, and contributors are assuming your payment system is PCI compliant. Assumptions are dangerous and provide an opportunity for you to ensure they are valid. Being proactive keeps you and your congregation focused on the things that matter. And chances are good you have at least one person in your congregation who has cyber security expertise. Seek them out. Knowing your data is secure will give you peace of mind, something that is priceless.