According to the Pew Research Center, it is estimated that over five billion people have mobile devices, and more than half of these devices are smartphones. With our increased dependence on mobile devices, remote work arrangements, and global connectivity, organizations are regularly exposed to cyber risks. Today, with the current outbreak of COVID-19, the Seventh-day Adventist Church may be more exposed to cyber threats than ever before.
How Are Churches in Danger?According to Beazley Breach Response Services, any business handling customer data will sooner or later deal with the challenge of cybersecurity. It is not a matter of “if” but “when.” For example, some churches still publish an online member directory, which provides valuable information for hackers. If a church decides to publish an online member directory, it would be best to create a member-only login that requires a password to access the publication. Keep in mind that passwords should be complex with a lowercase letter, capital letter, and a special character.
Another typical practice is for a hacker to call and ask for a specific church member to get their personal information like an address or phone number. If this occurs, ensure you write down who called and why they are requesting this information. Churches should follow best practices around data and personal information privacy and work with their local conference to establish policies to address releasing information of members.
Another prevalent method to acquire sensitive information from the church is through the Wi-Fi network. Churches may collect Personal Identifiable Information (PII) about their members. This can include items such as birthdays, family names, and online giving information. Having an open Wi-Fi network can give hackers access to this information, so keep your church network hidden and password protected. Only share the password with trusted individuals for ministry needs. Having a separate guest network for the congregation and a business network for the church computers will provide further protection. It would also be wise to disable open networks when physical services are not in session.
How Are Schools in Danger?With the current pandemic, distance learning has become more common. Many schools have decided to continue educating from home, which means personal and work laptops may be connected to networks with different levels of security. Home network security should be a priority. One way this can be done is by securing the wireless router at home in order to use the Internet more safely and securely. Change the name of the router from the name assigned by the manufacturer to a unique name. Also, change the passphrase to at least 12 characters to make it more difficult for hackers to access the network. It is also essential to review security options by opting for WPA2 or WPA instead of the WEP option that is less secure. Using firewalls will also help keep hackers from using your personal information. However, make sure you turn on this feature on your individual laptops or work laptops by verifying with your IT department.
Sometimes students and faculty bring their own personal devices and connect to the school network. This can cause significant problems if they are using a computer infected with malware. Enhance school network safety by connecting student-owned devices on a separate system from school-owned devices. This allows the school to have greater control over network security and minimize malicious viruses.
Beware of RansomwareHackers look for organizations that have valuable information on their computer systems. Schools retain information about students, faculty, facilities, and operational activities.
With faculty working remotely, ransomware can become more common due to phishing emails. Ransomware is a type of malware threat that infects computers and encrypts files on the computer until a ransom is paid to the hackers.
Ransomware can be delivered through phishing emails that appear to be sent from a legitimate organization or someone known and cause the victim to click on a malicious link or open an attachment. To protect yourself from phishing emails, verify the website address before clicking on a link from an email, even if it is from someone you know. Some of these websites appear identical to legitimate sites, but often have a slight spelling variation or a different domain.
Also, be careful when opening email attachments, especially when attachments are compressed files or ZIP files. Keep in mind schools are not the only entities that face the danger of ransomware. Churches and conferences can also be at risk.
Do We Have Cyber Liability Coverage?After implementing recommended safety protocols and educating your members, students, and faculty on ways to minimize cyber risk, the next step is to discuss cyber liability coverage with your conference. This policy will protect the conference and its affiliated church or school locations in the event of a data breach or other cyberattack. Does your conference have cyber liability insurance coverage from Adventist Risk Management, Inc. (ARM)? The policy can provide breach notification, forensic and legal services if the conference entity suffers hacks, cyber ransom, virus attacks, cyber extortion, and system sabotage. Please consult your ARM Account Executive for further discussion or for additional information on cyber or other insurance and risk management resources.
Additional Resources Available:
- Cyber Security
- Identifying Your Cyber Risks and Preventing Cyber-Attacks
- Cyber Security: It's Mission Critical
- Why Hackers Will Target Your School
- Cybersecurity Basics: How To Protect Your Ministry on The Cyber Level
- Cyber Risks in the Local Church
- Cyber Security Myths Debunked
Image Credits: iStock/eclipse_images