Cybersecurity and social media: 

How to protect your church’s data — and your own

By Sharon McDowell

Whether we realize it or not, social media is a double-edged sword. Platforms such as Facebook, Instagram and LinkedIn, among others, have become an integral part of our daily lives, and a valuable tool for churches to engage with their congregations and reach out to new followers. 

On an individual level, millions of people around the world use these platforms to stay connected with family, friends and colleagues; meet new people; stay up to date on the latest trends; and find new jobs.

But let’s face it: the increasing use of social media causes an increased security risk for churches, their staff, and volunteers.

---

Churches can be targeted by cybercriminals, just like any other organization, and the consequences of a data breach or cyberattack can be severe. One of the main risks for churches is the theft of sensitive materials, such as financial information, confidential church documents and congregants’ personal data. Cybercriminals can use this information for fraudulent activities or sell it on the dark web, harming both the church and its members.¹ Hacking, identity theft and phishing attacks pose threats to churches’ and personal social media accounts.

Here are 10 tips you and your church can take to reduce these risks.²

#1: Use strong passwords

One of the most important measures you can take to protect your social media accounts is to use strong passwords. A strong password is at least eight to 12 characters long and includes a mix of letters, numbers and symbols. Avoid using common words or phrases, since hackers can easily guess them. 

In addition, it’s important to use a different password for each of your social media accounts, so that if one is compromised, the others will remain secure.

#2: Enable two-factor or multi-factor authentication

Two-factor authentication adds an extra layer of security to your social media accounts by requiring a code in addition to your password. This code is usually sent to your mobile phone via SMS or an app. Multi-factor authentication is a multiple-step account login process. For example, along with the password, users might be asked to enter a code sent to their email or mobile phone, answer a secret question, or scan a fingerprint. While hackers have learned how to manipulate two-factor and multi-factor authentication, by enabling them, you can increase the security of your accounts even if someone else gains access to your password.

#3: Be on the lookout for phishing scams

Phishing scams are a common way for hackers to access your social media accounts. These scams usually involve an email or text message that appears to be from a legitimate source, such as your bank, social media platform or a friend. The message might ask you to click on a link or provide personal information, such as your username and password, but actually contains a malicious link or attachment. Clicking on these links can lead to malware infections, data breaches and other cyber threats. Alternately, the message might direct you to call a phone number where someone impersonating a bank or social media representative asks you for your private data. Always be wary of unsolicited messages, and never provide personal information unless you are sure that the request is legitimate. Make sure to check with the sender of the unsolicited message before sharing any personal information or clicking any links. Call the number on your bank card or visit the “Manage Account” or “Contact Us” section of the social media app to verify the authenticity of the message.

#4: Install and use trusted antivirus and anti-malware software on all your computer devices at church and at home, including your mobile phone. 

Consider content firewalls for your church devices. Content firewalls prevent access to content that could pose a risk to internet users by blocking web pages an organization deems inappropriate. 

#5: Keep your software up to date

Keeping your operating system, social media app and security software current is vital to practicing cybersecurity on social media. Updates often include security patches that address vulnerabilities identified by the software developer. By maintaining the most recent version of your software, you can ensure that you are protected against the latest security threats.

#6: Use privacy settings on your personal accounts

Most social media platforms offer privacy settings that allow you to control who can see your posts and profile information to reduce the risk of identity theft. It’s a good idea to review these settings and ensure that they are set appropriately. For example, you might want to limit who can see your personal information, such as your birthday or phone number, or who can view your posts.

[A]void using public Wi-Fi networks for sensitive activities, such as accessing your bank account or logging into your social media accounts. Instead, use a secure connection, such as your mobile data network or a virtual private network (VPN).”

#7: Be cautious of public Wi-Fi

Public Wi-Fi networks, such as those in coffee shops and airports, can be a major security risk. Hackers can intercept your data and gain access to your social media accounts if you are connected to an unsecured Wi-Fi network. 

To protect yourself, avoid using public Wi-Fi networks for sensitive activities, such as accessing your bank account or logging into your social media accounts. Instead, use a secure connection, such as your mobile data network or a virtual private network (VPN).

#8: Be careful what you share

Use good judgment about what you share on social media, since this information can be used by hackers to gain access to your accounts or steal your identity. For example, avoid posting your home address or phone number on social media. In addition, be careful about advertising your location or travel plans because these details can make you a target for a home invasion or cybercrime. After all, there’s no place like home — especially if it hasn’t been burglarized while you’re on vacation.

#9: Stay in the know

Remain informed about the latest cybersecurity threats and trends and educate other church staff and church volunteers about best practices for social media security. These efforts include staying up to date on security news, as well as participating in security training and awareness programs.

#10: Protect your online reputation

Another critical aspect of personal cybersecurity on social media is safeguarding one’s digital reputation. Our online presence reflects our offline identity, and anything we post online can impact our personal and professional lives. 

For church staff, this is particularly significant since their online behavior can reflect on the church as a whole. It is essential to be mindful of what we post online, how we interact with others in cyberspace, and the language we use. Inappropriate content on personal or church social media accounts can damage your reputation and your church’s reputation.³

To sum up, social media can be informative and entertaining; however, practicing wise cybersecurity on social media is essential in today’s digital world. If we all take practical measures, we can help to create a safer and more secure online environment for everyone.

¹National Cyber Security Alliance, April 27, 2023, “Share with Care” 

²Cybersecurity & Infrastructure Security Agency, February 1, 2021, “Staying Safe on Social Networking Sites” 

³The Tech Blog, September 21, 2022, “How to Protect Your Family’s Online Presence Across Several Devices” by Veno

---

Sharon McDowell serves as the business liaison and technical trainer at MMBB.  She joined MMBB’s staff in 1992 and served on MMBB’s Help Desk team as a network analyst for more than 15 years. She is currently responsible for coordinating MMBB’s ongoing cybersecurity training. Her education includes a BS in computer science from State University of New York, College at New Paltz.