By David DeMoss
With the holidays coming up, many people are spending money in preparation of sharing gifts with their loved ones or making donations to organizations. However, this time of increased spending also becomes an optimal time for hackers to attack. In the first 10 months of 2019 alone, there were 140 attacks reported on the public, state and local governments, and health care providers. To prevent this, employers and organizations need to be proactive about understanding cybersecurity as well as putting in effective measures to prevent cyber attacks from occurring.
Preparation is the first step when trying to prevent an attack from happening. Once a company or organization has a set plan in place, education is the next step. Ensuring that all users understand what measures to take is a crucial element of a data security plan. Having an internet use and access policy in place, protecting WiFi networks and having different authority levels for individual access, ensuring users have strong passwords and are using multi-factor authentication, and conducting regular training sessions for donors and employees are all ways to help create a secure environment. To learn more about how to help keep your organization or company safe, read more from Craig Huss below.
During the holidays, many Americans aren’t just thinking about the gifts they’ll wrap and share with their loved ones. They’re thinking about the gifts they’ll make in the form of donations.
Unfortunately, wherever people are giving, there are thieves ready to take.
In the first 10 months of 2019, 140 attacks on the public, state and local governments, and health care providers were reported, according to CNN. These threats are ever-present, and religious organizations may be vulnerable. Donors make nearly half (49%) of all church giving transactions with a credit card, creating increased cybersecurity risks for all involved.
Religious organizations and their members may not be thinking about the threats they face. In a recent study by Church Mutual, only 11% of today’s worshipers said that they fear a cybersecurity breach at their place of worship. It’s up to these organizations to take the lead and be proactive about protecting themselves, their employees and their members.
Now is the time for your clients to strengthen their cybersecurity for the giving season and beyond. As a starting point, the following are several key questions to ask in a conversation about security risks and practices.
What are your vulnerabilities?
Organizations need to be proactive about understanding cybersecurity and following best practices to protect their members as well as their own data and financial security.
To that end, Church Mutual has a data and cybersecurity self-assessment that serves as a tool to help identify current risks and offers insights on what to address.
Do you have a plan? What does your policy cover?
Preparation is key to prevention. Once organizations understand the potential issues and attacks they could face, they can create an effective data security and response plan. It’s advisable to consult with a security expert or engage a managed service provider to ensure that all bases are covered in the risk assessment and planning processes.
It’s also important that organizations review their insurance coverage through a cybersecurity lens. Once they understand what is covered — or not covered — in the event of a data breach, they can update their policy as needed.
Education is a crucial element of any data security plan. Everyone who uses an organization’s networks and systems — leaders, staff, members and donors — should know how to use them safely and securely.
An internet use and access policy is the best place to start, whether an organization needs to create one from scratch or simply review and update the existing policy. An annual update ensures that the policy meets the organization’s needs as it changes and grows, and reflects our evolving digital world. Even more importantly, the policy should be shared widely with staff and volunteers, with yearly training and regular updates on any recent revisions.
Are you safeguarding your networks and systems?
Protecting WiFi networks is vitally important, especially when organizations allow their members to use them. While specific steps may vary, here are a few they should consider.
- Avoid broadcasting the name of any protected networks publicly to minimize the number of external attempts to access them
- Segment networks to have a protected segment, which is only known to internal staff, and a guest segment for public use
- Require permission to access the protected network
- Ensure that any accounts making multiple unsuccessful attempts to log in are locked out
- Use firewalls and encryption to further restrict access to the network and the data on it
Permissions to access all systems, devices and data should be laid out clearly in the internet use and access policy. Staffers and volunteers should not all have the same level of access, and the most sensitive and critical data should be protected with stringent restrictions.
To avoid confusion and missteps, organizations should create authority levels for individual access. These authority levels should have clear criteria comprised of the individual’s role within the organization, their responsibilities and their pertinent background information obtained through background checks.
Are your people educated and equipped to do their part?
People can be fierce cybersecurity defenders, or they can be vulnerabilities. Organizations need to provide employees and volunteers with cybersecurity training when they start and as needed throughout the year.
Hopefully, people already have some of the cybersecurity skills they need to help protect the organization because they are taking similar precautions in their personal lives. For example, they need to create strong passwords and use multi-factor authentication. They also need to ensure all devices they use have active, updated anti-virus and malware detection software.
Other skills can be more difficult or may vary from one organization to another. Identifying potential threats such as phishing, ransomware and other malicious emails can be tricky, especially as the techniques used by bad actors get more sophisticated. And, the preferred methods of handling and protecting sensitive information may be different at a religious organization than at other workplaces or organizations.
That’s why it’s important to conduct regular training sessions for employees and volunteers. These trainings keep everyone in the loop and on the same page. It also creates an opportunity for the organization to share its unique risks and challenges — and how to minimize them.
Cybersecurity is a complex topic that confuses and intimidates many people. And, our digital world changes so rapidly that it’s not easy to keep up. However, when religious organizations take preventive steps early and often, they can create a safe, secure environment for giving season and beyond.