When was the last time you changed the passwords for your church computers? Who has access to those passwords? Are the passwords set strong enough?
When it comes to church cybersecurity, we may often think about hackers and unsecured networks. While these are very important to consider, it is essential to also remember another aspect of cybersecurity: password security and protection.The Importance of the Password
We may think of passwords as just a way to access a device or online account, but passwords provide security and protection for church information. An unsafe password can be a risk to your church and members.Your church may use passwords for:
- Church computers, tablets, or phones.
- An online account to access sheet music.
- A content management service to edit the church website.
- Access to the video security/surveillance system.
- An email service to send email announcements, or update the church directory.
What is a Strong Password?
When you create and update the passwords to church accounts, always aim to build a secure password. KnowBe4, an IT security company, stated that in a list compiled from five million leaked credentials, “123456” was the top used password for the second year in a row. Other passwords found on the list included sports terms, car brands, various expressions, and even names.KnowBe4 goes on to state that attackers use leaked information like this as a “dictionary” for carrying out hacks and attacks. Attackers will then use an algorithm to create common variations based on these leaked passwords. “This means that by adding ‘1’ or any other character combinations at the start or end of basic terms, users are not improving the security of their password,” said KnowBe4.
The best way to protect your church against these attacks is to make sure your password is strong. A password should be a minimum of 8-10 characters and include one capital, one lowercase letter, one number, and one special character. Additionally, passwords should be changed every three months to ensure the security of all church accounts.
How to Protect Your Church Passwords
Beyond creating a strong password and regularly updating it, there are other things church leaders can always do to protect and secure church information. Here are a couple of things to keep in mind for password protection and security.Access: Only a minimum number of church personnel should have access to church passwords. An even smaller amount of staff should have access to every password used. For example, instead of allowing password access to every member of the praise team, give access to the praise team leader. If the device or service permits, it may be wise to go one step further and provide unique login credentials to each person who should have access to the account. In this way, any issues or strange activity can be traced back to the specific user account.
Different Passwords: Every church account should have a different password. Change each password every three months. If you have the same password for every church account, this can put you at higher risk for compromising church information. For example, if a hacker can crack the code on one password he/she will now have access to every church account including sensitive information such as the church directory. Take the time to make each password unique.
Church cybersecurity is an essential aspect of safety and risk management for your ministry. Decide to prioritize cybersecurity for your church.
