Cybersecurity threats are distressingly real, and protecting yourself can feel overwhelming. We get it. We really do. There are so many things you could be and should be doing to remain vigilant, but it can be difficult to know where to start.  But start we must.  No church can afford to allow confusion to keep it from taking appropriate measures to protect the members and the organization.  Failure to implement strong cybersecurity measures can lead to severe consequences, including financial loss, identity theft,  damage to reputation, and a loss of trust among your congregation. Imagine the impact on your ministry if sensitive member information were exposed. 

For this reason, cybersecurity protection requires an active, preventative approach. It is much like insurance; you must be proactive and invest in security measures before something bad happens. Unfortunately, in today’s environment, It’s no longer a question of ”if” a cyber-attack is going to occur, but rather, ”when” such an attack will occur. Everyone must remain on guard.   It’s important to note that maintaining cybersecurity isn’t just the role of IT—every person who interacts with your technology resources is either a security risk or a security asset to your church’s environment. 

At Enable, our goal is to help simplify cybersecurity and equip you to make your church more secure. Below, we list three specific, inexpensive (or free), and easy steps you can take today to start moving your church in the right direction. The steps listed are not exhaustive, of course, but applying these steps will close common security gaps and can combat some threats that you may not even know you have. 
 

1. Staff Training and Awareness 

A phishing email was sent to a church, requesting a wire transfer to make a progress payment on a large construction project. A staff member in the accounting department proceeded with the process of wiring half a million dollars. It seemed genuine to them as it was related to a project they knew about, and included realistic information related to the project. Unfortunately,  the staff member didn’t verify the request to make sure it was legitimate. Fortunately in this case, the church’s bank had controls in place that flagged the transaction. They recognized the activity as suspicious and stopped the wire before the money was transferred. 

This real incident underscores the importance of implementing robust cybersecurity measures for churches and organizations of all sizes. Your staff is the first line of defense against cyber threats. Cyber threats are becoming more sophisticated and realistic every day.  Therefore, ensuring your staff are well-trained and aware of potential risks is crucial. Regular training sessions can equip them with the knowledge to recognize and respond to increasingly clever cyber threats effectively and quickly.  

What does this look like? 

• Establish clear protocols for reporting suspicious activity. 

• Normalize calling or speaking face-to-face with someone to verify requests, especially as it relates to wiring money or providing banking information. 

• Regularly update staff on the latest cybersecurity threats and tactics. 
   

By creating a staff culture of cybersecurity awareness, you can significantly reduce the risk of human error leading to potential security breaches. 

2. Implement Strong Access Controls & Password Protection 

Without the proper use of Multi-Factor Authentication (MFA), a staff member’s password can very easily be compromised. From there, a cybercriminal can quickly obtain access to a church’s network resources and sensitive church data. By implementing MFA, however, the staff member ensures that the criminal would need an additional level of verification beyond the password.  This greatly reduces the risk of unauthorized access to protected, sensitive areas.  

Controlling who has access to your church's sensitive information is vital. By implementing strong access controls, such as MFA and robust password management practices, you can help prevent unauthorized access to your church’s data. By limiting access within your organization based on roles and responsibilities, you can ensure that only those who need access to certain information have it.  This reduces the possibility that the breach of any one staff member will automatically provide access to all resources and data. 

What does this look like? 

• Implement the use of strong, unique passwords and using a password manager. 

• Limit access to sensitive information based on staff roles and responsibilities. 

• Enable MFA on all accounts where available. MFA can prevent unauthorized access, even if passwords are compromised. 
   

3. Secure Your Technology and Data 

You might find it surprising that ransomware attacks continue to affect churches and organizations around the world. In 2024, there was a 15% increase in ransomware compared to 2023. Not only have these attacks spiked in frequency, but they are becoming more sophisticated in their design and approach. 

It is not enough to just simply install antivirus software to protect your church’s data. You must regularly update software, encrypt sensitive data, and implement a reliable backup and recovery plan. These measures are essential to ensure your data remains secure and can be quickly restored in the event of a cyber-attack. 

What does this look like? 

• Ensure all software and systems are up to date, with the latest security patches installed. 

• Protect sensitive data by encrypting it both when it's being shared and when it's stored. 

• Regularly back up data and test recovery procedures to ensure data can be restored in the event of an attack. 
   

Don't wait for a cyber-attack to happen. Implement these three critical steps now to begin to ensure your church's data remains secure. For additional cybersecurity resources to share with your staff, head to our Cybersecurity Tips ‘N Tricks page. For questions on strengthening your cybersecurity defenses, reach out to info@enable.email.  We are always glad to help!