Mitigating cybersecurity threats in churches
By Leonard Kelley
Recognizing the new reality
In our increasingly digitized world, where connections, communication and convenience have been enhanced like never before, a less desirable phenomenon has also been born and amplified — cybercrime.
While technological advancements have opened doors to countless opportunities, they have simultaneously given rise to cyber threats that spare no sector, including religious institutions like churches.
In 2022, cybercrime complaints surged to an unprecedented 800,944 cases, a five-year peak reported by the FBI’s Internet Crime Complaint Center (IC3). Not even places of worship are immune, with non-profit organizations, including churches, experiencing an above-average incidence of cyberattacks, accounting for 23% of all cybercrimes.
While recognizing the threat is the first step, identifying how to mitigate these risks effectively is the greater challenge. As we embark on this journey, it’s crucial to remember that cybersecurity is not just about securing data; it’s about safeguarding the trust and faith of the congregation.
Understanding and mitigating key threats
Cyber threats can take many forms, but the following are particularly pertinent to churches:
1) Phishing attacks: Phishing is a deceptive practice where attackers pose as trustworthy entities to steal sensitive information. Mitigating this threat requires constant vigilance and education. Comprehensive training of staff and volunteers on how to spot phishing attempts can significantly reduce risks. Statistics show that such initiatives can decrease phishing success by up to 90%.
2) Ransomware: Ransomware is a form of malware that encrypts files, rendering them inaccessible until a ransom is paid. Regular backups of all essential data can help mitigate the risks and lessen the impact of a successful attack. Additionally, phishing is one of the main threat vectors for ransomware, so the importance of comprehensive training of all staff and volunteers on how to spot phishing attempts cannot be overstated.
3) Data breach: Churches often store sensitive personal information. Protecting this data requires strong passwords and multi-factor authentication (MFA). Microsoft’s Security Intelligence Report (2021) states that MFA could prevent 99.9% of account compromise attacks.
4) Denial-of-Service (DoS) attacks: DoS attacks seek to overload a church’s website or network, causing it to crash. Employing professional web hosting services that offer built-in DoS protection can significantly reduce these threats.
Proactive measures
Beyond the mitigation of specific threats, churches should also consider proactive measures to enhance overall cybersecurity:
1) Keep systems updated: Regularly updating software and systems closes security gaps that hackers could exploit. The Ponemon Institute reported that 60% of breaches were linked to a vulnerability where a patch was available but not applied.
2) Invest in cyber insurance: Cyber insurance can help cover the financial losses resulting from cyber incidents. Marsh & McLennan noted a 32% increase in organizations purchasing cyber insurance in 2021, highlighting its growing importance.
3) Consult with cybersecurity professionals: Expert assistance can be invaluable. Cybersecurity professionals can conduct risk assessments, set up secure firewalls and monitor systems for signs of potential threats.
Everyone’s responsibility
In the face of evolving cyber threats, everyone has a role to play. Cybersecurity is not solely an information technology issue; it’s a concern for all — from the church leaders to the congregation members. Ensuring a safe digital environment requires a collective effort from every individual within the church.
In this digital era, cyber threats are as real as physical ones. Cybersecurity measures aren’t an expense; they’re an essential investment to secure your church’s future, protect your members’ trust and ultimately fortify your faith. As we venture deeper into this digital age, let our commitment to creating safe spaces — both physical and digital — stand firm.
Remember, a church safeguarded digitally continues to serve spiritually.
Leonard Kelley holds a Bachelor of Science in Legal Studies from Bellview University; certifications in counterinsurgency (COIN), intelligence, surveillance and reconnaissance (ISR); cyber warfare operations from the DoD; and multiple industry certifications. He joined GuideStone in 2018 as the Chief Information Security Officer and serves as the organization’s HIPAA Security Officer and IT Third Party Risk Manager. He was previously Head of Global Threat Intelligence at Goldman Sachs, Cyber Threat Intelligence Consultant at Ernst & Young, and prior to that spent 15 years in active-duty Air Force in Special Operations.
For more resources and to learn about coverage that can help protect your church, visit GuideStone.org/Protect*.
*All property and liability coverages are subject to conditions, coverage limits, limitations and exclusions. For precise details of coverage, please refer to actual policy forms. Brotherhood Mutual® is licensed in most states. Some coverages are not available in all states. GuideStone Agency Services® is an appointed agency of Brotherhood Mutual in Texas, Alabama, Louisiana and Tennessee. Footnotes were omitted by the Editors.
