A Remote Roundtable
Q: In your experience working with church leaders, how aware are they — generally — of the risks social media carries for their houses of worship?
Shawn: We work daily with churches of all sizes and complexity.
Churches with larger buildings, multiple locations — and those with many members — often have internal or external communications that involve the use of social media.
The leaders of smaller churches aren’t as aware of the risks social media use presents, mainly because they’re not engaged in social media use.
Leaders of larger churches that use social media are generally aware of the risk, but they need to be made aware of the potential threats to their organizations — and the solutions available to manage that threat.
Crispin: There’s a wide gamut of awareness. Risky elements abound when churches use social media without any precautions — and could even occur when policies go overboard, or when churches don’t allow social media at all (to their detriment).
This week alone, I’ve heard caring adults in three separate churches say:
• “We just use common sense for our social media use.”
• “We’re so small, it doesn’t make sense for us to waste resources on social media.”
• “We usually just advertise events through word of mouth.”
• “I guess we might have something in our policy, but it’s really long — so, I have no idea.”
Clearly, there’s room for improvement. Church size doesn’t necessarily impact responsibility or risk, and the new “word of mouth” is social media.
Q: What — in your opinion and expertise — are the biggest security risks churches face today with regards to their (and their staff members’ and volunteers’) social media use?
Crispin: There are several obvious risks — reputation / image, miscommunication, unintended recipients of messages, unsupervised posts, sensitive information leaks, inappropriate discussions, and disgruntled employee rants.
There are also risks that aren’t commonly addressed affecting the most vulnerable in our communities: our children and youth.
Isolated communication — Social media can be used to reach youth. However, online communication between two people via the Internet is, by its nature, outside the sight and hearing of others. Seemingly innocuous conversation can easily lead to more intimate communication. People with good intentions could also condition children (via one-on-one communication) to more easily engage with dangerous individuals.
Denial & avoidance — Churches are cultures of trust; they sometimes jump to evangelize via social media without safety precautions, parameters or policies. Ignoring protocol and policies forces churches to react versus mitigating the risks.
Blurred lines & online disinhibition — Online, people often have trouble differentiating between personal life and work / ministry-related activities. The effect is the abandonment of typical social inhibitions while online that would be present in public or face-to-face interactions.
“How many times has a seemingly able-bodied volunteer been welcomed into a community, because a church needs additional help? For some people (especially children), staff and volunteers might represent God. With that perceived power comes access, and thus more risk — certainly more responsibility”.
Shawn: Churches face a variety of security risks when staff and volunteers participate in social media use. Entire church networks can be hacked with very little information — easily obtainable via social media — leading to what could be major cybersecurity issues. Misinformation on the dangers of social media, paired with sophisticated phishing practices, can make religious institutions a prime target for security breaches.
Inappropriate postings made by staff and volunteers (even unknowingly) might expose the church to risks associated with defamation, privacy concerns, liability, copyright infringement and more.
While risk might be inherent with social media use, it’s clear that social media is the “new” church bulletin. Churches now use social networks to attract new members, promote events and distribute information. Social media is an easy and effective way to spread the message of the church, with some congregations sharing services via video streaming. Selecting the right channels and learning to use the tools appropriately — and safely — is the challenge every church leader faces today.
Q: Are there tried-and-true strategies and approaches church leaders can mobilize to keep young church members safe online?
Shawn: Education is key to online protection. There’s not an age limit for online risk. Everyone who has a social profile is vulnerable, and it’s important to teach young members what’s appropriate to share online, especially when it’s related to the church.
Church leaders should encourage youth to keep their social media profiles private and only accept friend requests from people they know and trust.
For the protection of adult members and youth, private communication should be restricted with minors on social media sites.
If youth are involved in special projects at the church — particularly those involving fundraising or confidential information — leaders should clearly state what can and can’t be discussed openly, including photos. Youth should be reminded that nothing on the internet is ever 100-percent secure and that cybersecurity is a real issue.
It’s also important to educate youth on the importance of not sharing other church members’ (especially minors’) personally identifiable information without express permission.
Crispin: First and foremost, churches must be proactive and have a policy for adults that clarifies proper interaction with children — particularly online. The document should be written with clear, objective, universal standards. Customize the policy, and schedule time to review it again in the near future because trends, terminology and technology this year will not be the same next year.
Keep an acknowledgement of receipt on file; just having an available policy isn’t enough.
Take it a step further by providing safe-environment training to staff and volunteers, with best practices. Then, monitor adults’ behavior as they represent ministry efforts. If this is a challenge, create an online environment that more easily lends to monitoring. (Example: Rather than using personal social media accounts for ministry purposes, use general accounts for interaction with youth. Make sure these are monitored by more than one person.)
It’s unwise to have expectations of safety and compliance if the organization doesn’t properly distribute a clear message, and then provide sufficient follow-up.
Q: With regards to staff members’ use of social media, are there proven approaches / guidelines / procedures that can help protect them (and the church-at-large) from missteps?
Crispin: Implement a strong screening / hiring process. How many times has a seemingly able-bodied volunteer been welcomed into a community, because a church needs additional help? For some people (especially children), staff and volunteers might represent God. With that perceived power comes access, and thus more risk — certainly more responsibility.
When creating a social media policy, use a multi-disciplinary approach. Bring together several different people from the community to custom-tailor a document. When I assisted a church in creating one of these policies, a team of us sat around a conference table, projected our draft onto the wall, and dissected each line until we all felt comfortable with the flexibility and parameters of the policy.
Provide training on creating and maintaining a safe environment. Share best practices and rules, and discuss parameters. Spotlight the reality of the issues, appropriate behavior, expectations, warning signs, and avenues by which to communicate concerns to the appropriate parties.
“Social media risks can never be avoided — only safely navigated. Proactive involvement in the creation of policies and procedures; ensuring proper training of staff and volunteers; and developing solid expectations for social media goals are all an important piece of the risk mitigation puzzle”.
Shawn: Every church should have a written social media policy in place for staff members, including stated consequences for breaking any regulations. Establish a point person, define goals, and have a plan for handling any issues that might arise.
Clearly define how the pages may be used and the type of information that will be shared. Official church pages should have a limited number of authorized users with passwords stored in a safe, central location. Roles should be established for posting content and moderating comments, including the use of proper terminology and verbiage to stay consistent with the church’s message.
Important areas to address in the policy include: permissions and consent; confidentiality; photos of and communication with minors; copyright laws; and privacy concerns.
Church leaders should keep all policies documented, educate staff members and provide appropriate training, continuously monitor the social media pages, and discuss action items at monthly meetings.
Q: What about volunteers? As they use social media to promote their small groups in the church, what proactive strategies can be employed to ensure they don’t expose the church to risk?
Shawn: Volunteers should receive a copy of the social media policy provided to staff and also be briefed on the same guidelines and procedures. Volunteers should not be given access to the official church social media pages; posts should be provided to an administrator for distribution.
On their personal pages, church volunteers should not post official business, make mention of confidential or identifying information regarding church members, or share information in regards to fundraising dollars or collections.
It’s best practice for any church-related information to be posted on the official church site by an administrator, and then shared via the original post onto the personal social page of a volunteer.
Crispin: Volunteers are also representing the Church. When there’s ministry on behalf of a church, that church should hold its employees and volunteers to the same standard of behavior.
This is accomplished with proper screening, and by having a good policy and code of conduct; training individuals who are employees or volunteers on safe environments; monitoring behavior; providing an avenue to communicate concerns; and practicing consistent follow-up.
Q: For church leaders, church volunteers and church members, what kind of social media use guidelines would you offer for their own, personal social media communications?
Crispin: Our first priority is to create a structure for a safe environment in which the ministry of that church can thrive.
Regarding personal communication — consider an analogy: Before we drive a vehicle, we must get a license. When we’ve been tested and approved (read: screened by the church) and have chosen our mode of transportation (read: type of social media account), we wear our seatbelt each time we step into the car. Why? Do we assume we’ll have an accident every time we drive? No.
We wear our seatbelt because it’s the law (read: similar to a church’s policy) and, more important, because there’s a potential for injury. We’re mitigating the repercussions of harm before we even turn on the car (read: apply protective measures).
Once something is posted on the Internet, it will be there forever. Always think before posting, and ensure that all behavior is transparent. Ask yourself: Is it true? Is it kind? Is it necessary? Is this the type of communication I want to carry in my ever-growing, digital footprint for the rest of my life?
Shawn: Racially focused, politically contentious or otherwise controversial posts made by staff members or volunteers can be detrimental to the overall reputation of the church. Those in senior positions, working with youth, or leading high-profile projects within the church should particularly pay attention to their social media postings. As social media is public and permanent, there’s a risk of potentially illegal behavior being tied to the church, including defamation, hate crime or liability concerns, as well as post information being used in litigation discovery.
Sharing photos or information that directly opposes the teachings or messages of the church could be looked down upon by the congregation and community-at-large. While the information posted might not be the opinion of the church or its leaders, aligning so closely with staff and volunteers who post contentious material can begin to alter how others perceive the church itself.
Personal postings might also open up the church to unintended cyber-attacks. Confrontational or highly opinionated social media posts can garner much attention, and the staff or volunteers’ personal information might end up going viral — exposing not only them, but also the church, to potentially serious outcomes.
Q: What types of social media risks are on the horizon for church staff, volunteers and members? How can they start to proactively plan to mitigate — or, better yet, avoid — those risks?
Shawn: Every emerging social media platform comes with a learning curve — and with that curve, comes risk. Until new platforms are understood, it’s difficult to determine how negligent their use might be.
Leaders should stay abreast of trending social uses and communicate with their staff and the youth in their church to help educate themselves on the current state of the digital world.
Subscribing to digital media podcasts or newsletters are free and easy ways for church leaders to establish a comfort level in the online space, as well as stay informed of new platforms, security issues and best practices.
Social media risks can never be avoided — only safely navigated. Proactive involvement in the creation of policies and procedures; ensuring proper training of staff and volunteers; and developing solid expectations for social media goals are all an important piece of the risk mitigation puzzle.
Crispin: An ever-present issue is when churches avoid social media like the plague. We can’t hide under a rock, and we can’t avoid change; we have to be a part of this ever-moving conversation. If we miss the boat, we miss opportunity to evangelize — and our churches could crumble, as a result, without renewed participation.
What about those of us who do have policies already? Having a policy — but not implementing it, or monitoring the material, or revisiting it again over time — renders that policy to be somewhat useless and creates risk.
Another risk is filling a policy with dozens of pages of legal jargon that make it inaccessible or challenging to understand and follow. Perhaps creating a policy of that nature could work; but, also creating an adjoining code of conduct — with specific appropriate and inappropriate behaviors pulled out — could be of better assistance.
— Reporting by RaeAnn Slaybaugh