In today’s connected world, they say a true friend is defined by someone who comes to your house, and their phone automatically connects to your Wi-Fi. Despite the humor of this statement, there is some truth to it. Church organizations face a greater need for cybersecurity at their churches and schools than is required in private homes. So, how should our organizations approach free Wi-Fi?
The best way to guard against cyberattacks at church or school is to make Wi-Fi access extremely limited and safely guarded. This will involve an investment in planning, robust hardware, and system management. Here are several reasons for taking these precautions.
Vulnerability – Once someone has access to the Wi-Fi and connects to a network, danger lurks. This person could potentially cause damage and steal information from every device (computer, cellphone, tablet, etc.) connected to the network. The fewer people who have network access, the better protected the church.
It’s also best to enable a feature called “device isolation” (or AP Isolation). This setting will prevent users from seeing other users who have connected to the network. Two of the most important aspects of a robust network are VLANs and QOS.
A VLAN is a virtual network on physical cables. VLANs allow for a more efficient flow of network traffic. They also provide an additional layer of security.
Quality of Service (QOS) is the ability to limit the bandwidth a device (or VLAN) can use at any given moment.
All guest traffic should have limited bandwidth, especially if your church is live streaming. Typically, all of the wireless connections (whether video, audio, or access points) are running through the same internet “pipe.” Your internet audience may have a significantly poorer experience if a large number of people are connected to your Wi-Fi without QOS. A high- quality small-business router can provide these options out of the box.
After confirming your digital access points are secure, think about physical access points. If you have publicly accessible ethernet ports, consider putting locks on them to prevent unauthorized access or equipment being installed. Consider placing your network equipment in a locked utility closet for maximum security.
Wi-Fi password – Human nature tells us that once a church member knows the password for the Wi-Fi, it’s not going to take long until more people have this information. The network will be accessed by many. Use lengthy and complex passwords, and don’t forget to change the password periodically. This keeps unauthorized users off the network. Also, having the connections segmented into separate VLANs helps keep guests away from the critical internal systems.
If you use Windows 10 on your computers, turn off Wi-Fi Sense. This feature makes it extremely easy to accidentally share a Wi-Fi password.
If you have a large number of guests who need wireless access, consider creating a user login portal, which can usually be configured at your router. Before users can access the internet, they will need to log in to a web page using a one-time password you provide. This gives more control over who is on the network. You also can configure the portal to generate logs for each session automatically. This creates a much-needed audit trail for each user. In the event of an incident happening in your church or school, these logs may supply essential information.
Updates – The majority of attacks come because there are known vulnerabilities that can be exploited. Conducting routine maintenance on all church equipment will ensure that all software and firmware are up-to-date, which will improve overall cybersecurity.
Firewalls – Using a firewall will not make the Wi-Fi network bulletproof. Still, it will undoubtedly create an additional layer of protection. Most routers have firewalls built into them, which check data coming into and going out and block any suspicious activity. A well-configured firewall is essential and will require thought be put into which network traffic policies to enforce.
A couple of questions to consider: Should certain websites always be blocked? Which internet services should be blocked? If you have hardware firewalls, are there enough ports to cover all current computers and have enough for future growth?
Use a VPN – A Virtual Private Network (VPN) is another excellent layer of protection to consider. According to techradar.com, “a VPN network will help you stay safe and secure online while above all, keeping your private stuff private. Hackers could penetrate your network, and they'd still not be able to do any harm to your system, assuming that a VPN is running permanently.”
There is a statement in the technology security industry that says, “it’s not if you will be hacked, but when.”
This is the reality we face in a world where technology grows by leaps and bounds. Confronting this challenge head-on by implementing an action plan in the area of cybersecurity is the best line of defense. I challenge you today to choose one or two of the items above and work towards implementing them in your church or school this week. Let’s be pro-active and improve the cybersecurity for our churches and schools.
ARM Article - https://adventistrisk.org/en-us/safety-resources/solutions-newsletter/2016/august/cybersecurity-basics-how-to-protect-your-ministry
ARM Article - https://adventistrisk.org/en-us/safety-resources/solutions-newsletter/2019/october/nad-identifying-your-cyber-risk-and-preventing-cyb
ARM Info Sheet - https://adventistrisk.org/Adventist_Risk/media/ARMSiteContent/Safety%20Resources/English/IFS_Cybersecurity_NAD-CAN-EN.pdf?ext=.pdf