These days it seems we can’t go even one week without hearing about another data breach or leak of our personal information. And all too often, these data dumps include very personal information as well as our email addresses, usernames, and even our passwords. But how do IT security researchers find out about these breaches and recapture the data that has been stolen? They are spending their time hanging out in the same places online where the cyber criminals and hackers do. This area of the Internet is often referred to as the Dark Web. It’s the seedy underbelly of the world wide web where the hackers who steal our data often like to brag about their exploits and normally offer up the data for sale to the highest bidder, or just proceed to make it freely available to anyone who decides to go looking for it.
The Importance of Passwords
So how does this apply to your church? Your staff is likely made up of individual users with individual devices that they use for work – oftentimes their personal devices. Often, staff members use the same passwords for their work accounts as they do for other personal accounts (such as personal email, retail accounts, personal banking, social media profiles, etc.). When those passwords get stolen, sensitive church data such as names and contact info, family relationship information, giving and financial records, prayer requests/situational data, etc. is then potentially at risk! Many of us have used the same passwords for both our work computer and our personal accounts for years, and the hackers know this. If, for example, your password for Adobe.com was leaked (yes, that really happened), and you used that same password for your work email account, the hackers would then have everything they needed to access your work email account and wreak havoc on you and your organization. This is precisely why Enable highly recommends that you use strong, unique passwords for each and every system you access. And to help you manage all of those passwords, we strongly encourage the use of a good password manager.
How Do I Know if MY Information is For Sale “Out There”?
Thanks to the hard work of IT security researchers who operate on the dark web on behalf of their clients, we often learn about these new data breaches and the vast amounts of data they contain. But did you know there are services and tools that can alert you when your specific information has been leaked? Many personal identity protection companies will now alert you when your email address, password, or other private information has been made publicly available via one of these Dark Web data dumps. And there are services available for your organization as well that can alert you whenever any email address belonging to your organization show up in a breach dataset. The real risk factor for individuals and organizations is when these data leaks include both an email address and a password. Because now hackers will begin researching and testing to see what other systems they can access using these email addresses and passwords.
If you’re curious to find out whether your email address has been leaked (often referred to as being “pwned”), you can check out this free website: https://haveibeenpwned.com/. If you find out that you have been “pwned,” or if you’d like to learn how to better protect your organization’s email accounts, contact us at [email protected]. We would love to serve you in any way that we can!
Written by: Travis Phipps, Director of Technology, Enable Ministry Partners