How to properly protect your parish from scammers
By Elizabeth “Betty” Norman
Cyber criminals seek out organizations that seem unsuspecting.
Unfortunately, churches often offer just what they’re looking for.
In late April 2019, Father Bob Stec of the Saint Ambrose Catholic Parish in Brunswick, Ohio found himself sending a note to parish members that no church leader ever wants to write. The church was undergoing large renovations, and everyone was thrilled as the project was both on time and on budget.
But things were too good to be true.
“On Wednesday,” he noted, “Marous Brothers [construction] called inquiring as to why we had not paid … on the project for the past two months totaling approximately $1.75 million. This was shocking news to us, as we have been very prompt on our payments every month and have received all the appropriate confirmations from the bank that the wire transfers of money to Marous were executed / confirmed … Upon a deeper investigation by the FBI, we found that our email system was hacked and the perpetrators were able to deceive us into believing Marous Brothers had changed their bank and wiring instructions … our payments were sent to a fraudulent bank account and the money was then swept out by the perpetrators before anyone knew what had happened.”
Before anyone knew what had happened. Those words are chilling and common. They illustrate a growing problem that will continue to increase as technology does: cybercrime. You might think about scammers when scanning your personal email, but do you ever think of your church as a large and glaring target? For so many attackers, religious organizations represent their perfect next victims.
The more aware you are of cybercrime red flags, the better. Professional hackers use cutting-edge technologies to steal identities, information, credit card numbers and money. They demand ransoms, rewire funds, use phishing scams or request gift cards. They crawl into databases when someone clicks on a bad link or tries to download a document. Share these tips with all church members to keep everyone as aware and proactive as possible.
Use cautious clicking
Don’t ever click on links in emails or texts, or download documents and files if you don’t know the user who sent them to you or expect an email from them. A good rule of thumb is to call the sender when in doubt, and to ask if they did, in fact, send you something that they’d like you to open.
Get smart about passwords
Today’s technology allows cybercriminals to crack passwords within minutes or seconds. Internet security professionals suggest using a mnemonic device password. Try taking the first letter of important words in a sentence. For example, if you have a cat named Sylvia who has a birthday in April, rather than making your password Sylvia04, create a full sentence like “Sylvia celebrates her birthday in April.” This can be formed into a password using the first letters and month number: Schbi04. Then, to make things just a bit more complex, consider starting or ending the password with a symbol of some sort (for example, Schbi04#)
Switch things up
While we’re on the subject of passwords, experts suggest that you change them frequently, and that you do not keep them written down anywhere on your computer. The recommendation is that you change passwords once every six months, and that you turn on 2-step verification, making you use a login code that is texted or emailed to you after putting in your username and password, when possible.
Protect your PC
Anti-virus software might be pricy, but the alternative could be much more expensive. According to Cybersecurity Ventures, cybercrime damage costs are predicted to hit $6 trillion per year by 2021.
Ask a professional which security software might work best with the programs and databases your church uses and put quality protection into place.
Discuss cyber security as a church regularly, and keep members abreast of the latest tactics and techniques. Consider bringing in an outside professional for quarterly or monthly trainings, or have someone tech-savvy in your organization serve as a security trainer and focus on conducting classes or seminars from time to time.
As cybercrime and hacking tactics become more evolved and authentic-looking, and as churches become bigger targets, it’s critical to be educated on this topic and take action. Proactively protecting your church and the information that you hold can make an incredible difference.
Simply put, cyber security coverage has become something that churches can’t afford to go without.
Elizabeth “Betty” Norman, BSN, MBA, CPHRM, is the director of risk control services at Glatfelter Religious Practice.