By Robert Erven Brown, Esq.
9 factors to consider (and mitigate) now to avoid disaster later
In his novel Brave New World, Aldous Huxley welcomed the reader into an environment where old concepts of reality have been replaced by profound technological changes. Writing in 1932, he anticipated developments in reproductive technology, sleep-learning, psychological manipulation and classical conditioning, which he forecast as a dystopian society.
But, even Huxley didn’t anticipate how an inner-connected, digitized world would recast our perception of — and participation in — society.
As church leaders wade into the new digital ocean, they’ve discovered that the new reality facing them in 2014 is a perfect storm of change:
This is just of several great articles from “Social Media Risk Management: A Starter Kit” — an in-depth eBook from Church Executive. Download the eBook (at no cost) here.
Factor 1: Everything is being converted from paper into digits — from music to photographs, to interoffice communication, to charitable donations, to the checkbook and bill-paying processes, and now — literally — currency itself, if Bitcoins have their way.
Factor 2: Once digitized, this information is uploaded to a “cloud.” And what an apt, if unintended, analogy / description this word, “cloud,” is. As information is transferred from a server previously located on your own property, all this information is now moved to an ephemeral, untraceable, mysterious location. Your information is as movable as the wisp of a cumulus cloud on a windy day. This cloud full of information can turn your bright, sunny day — rapidly — into a crippling thunderstorm with corruption, theft or loss of data stored in what you thought was a friendly cumulus cloud.
Factor 3: Your members and staff are now bringing their own devices into the party. These range from cell phones, to iPads, to iPods. This “BYOD” (bring your own device) party makes it difficult, (if not impossible) for the IT staff to stay up-to-date on the latest iterations these devices.
Factor 4: Many of your members and / or staff seem prone to exercise a certain self-righteous independence and intolerance for discipline regarding their passwords. This is evident as they set their own passwords (or don’t, as the case might be), and as they fail to use sufficiently strong passwords because it’s just too “inconvenient.” And, they are often very unhappy about your IT department’s attempts to control the use of these devices in their homes, let alone in Starbucks!
Factor 5: Highly motivated, technologically savvy teams of competitors, thieves, spies and data brokers. They’re on a 24-hour-a-day campaign to monitor, sample, steal and resell your data.
Factor 6: The legal system and the legislatures. Both are behind the technological curve in attempting to develop legal precedents and rules to adequately govern the spiraling technology. The hackers have superior skills and equipment compared to most police agencies, let alone your church IT department.
Factor 7: Insurance. We have an evolving, but spotty and complex, insurance overlay to cover damages when disaster does strike.
Factor 8: The costs of responding to a major data breach. These costs easily achieve six figures, not including the cost to the reputation of your ministry and donors’ trust.
Factor 9: Potential civil and criminal penalties. These can apply if you lose data which was supposed to be protected by the “red flag” rules governing credit cards.
And, voilà! There you have it: a perfect storm.
Oh, and did I mention — unlike the tightly controlled “apps” which Apple developed — the new Android “apps” are available from multiple sources, and the “APK” apps can be side-loaded. This means they can be transferred from phone to phone. So, now your coworkers can share their new version of Angry Birds in Korean with other coworkers, phone to phone! (Nevermind that the Korean version actually might have been written by North Koreans seeking control of your device.)
That 100,000-foot view of the emerging transformation from paper to digital storage is a confirmation, of course, that while the sharp axe cuts more wheat, it can also sever several fingers with a single blow.
In this Starter Kit, our panel of experts will help you develop real-time, real-world perspectives from which you can either develop or update your processes for managing this very, very sharp, morphing (digital) axe!
Unfortunately, it’s not as simple as just copying one of our “sample” policies contained within these pages. Rather, our goal is to help you develop a paradigm for thinking through the ongoing processes and develop a mindset to help you deal with this digital onslaught. This includes:
- Defining and cataloging your specific risks
- Finding and employing knowledgeable IT resources
- Drafting and testing policies and procedures which work well in your specific environment by balancing user experience, convenience and data security
- Testing your system
- Enforcing your rules
- Periodically reviewing and revising the rules, policies and procedures in light of the continually improving technologies.
This Starter Kit isn’t a collection of “fire-and-forget” missiles. Rather, it’s like a sourdough yeast “starter” for making bread: You can make a fine loaf, but only if you follow the recipe. And, like baking bread, the best results occur when the data security “bakery” is operated continually, not just once a year.
The universe of political social / media / digital concerns continues to expand as human ingenuity and creativity continue to develop new programs.
Robert Erven Brown, Esq., is the developer and Coordinator of the Nonprofit Practice Group of attorneys at the Phoenix law firm of Ridenour Hienton, P.L.L.C. Brown and his team created a comprehensive program (Campus Preservation Planning©) to protect churches’ critical assets against hostile actions by creditors arising from under-insured, uninsured or unjust claims, while improving risk management and stewardship. He is the author of Legal Realities: Silent Threats to Ministries and a risk management / legal blogger for Church Executive Magazine.
- Establishing guidelines for electronic communications
- Are you “truly” covered online?
- Protecting youth — How to develop an adult electronic communication policy