Download the FREE Infographic!
Cybersecurity for Churches: Myths Vs. Reality
Webinar Q&A
- Q: What’s the difference in the built-in password keeper in my web browser vs a paid password management tool? (27:33)
A: You can use a paid password management tool, but there are tons of free versions that work just as well! We highly recommend Last Pass, which integrates on your mobile phone, browsers, and other devices. It can do more than just a standard web browser password keychain tool and can store more critical information. The difference is the security. The third party option stores the information in a secure remote location that you can access from multiple places; not just within that one browser. If you only use the browser keychain and something happens to your machine, all the information you were storing in your browser password keychain is gone. So we highly recommend a password management tool like Last Pass (where you just have to remember one long very secure password to access all of your other securely stored data). - Q: Sometimes people use a breach as a scam to get me to change my password or click a link. If I get an email that a vendor I use has been breached, how do I know it’s real vs a scam itself? (29:07)
A: Double verify! Train your team to think before you act. Banks won’t email you to update your password; they will call you or send you something in the mail. Call the number that you’ve verified for that vendor instead of just clicking a link in an email. Use your training to determine if it is a real email and always call the vendor directly. Trust your gut! - Q: What are some training options for churches? (30:39)
A: There are many training options out there, and we always recommend choosing something that fits the culture of your staff and church. Programs that keep the training short and sweet and repetitive are best. It’s great to have one group session to “kick off” the training, prepare everyone, and get everyone on the same page. The tools are typically set up to send out training modules on a regular schedule – once or twice a month is a good frequency. You want a tool that can give you some reporting on who completed the training, how they performed, and if there are any pieces that need to be reiterated. Some training tools can even send fake phishing emails to test your staff and send them additional training if they fall for the phishing attack! Again, it’s best to start with figuring out what fits your culture and users. Enable does live (or webinar/video call) security trainings for churches. We’ll prepare in advance and make it custom for your church. Let us know if you are interested in this! - Q: Is checking the sender email address a good way to check for cyber attacks? (33:55)
A: You absolutely should look at the ‘from’ address to verify it’s legitimate. Receiving these emails from a fake address doesn’t mean you’re compromised, but it confirms that you are an active target. A solid cybersecurity training program will show you how exactly to do this! Many times, the fake address is subtle, and is only off by one letter or has added an prefix or suffix (like shop or accounting) that might seem to make sense. Be vigilant! If something seems “off” it probably is. - Q: Is there a way to report hacks to higher authorities or are cyber attacks not considered a serious threat? (36:19)
A: Great question. Receiving phishing emails isn’t considered an attack worthy of being reported. But if you confirm you’ve been compromised, had a ransomware attack, etc., then law enforcement very much wants to know. The FBI cybercrime team has a specific website for submitting reports. Local law enforcement also likes to be notified as well. Reporting resources: https://www.ic3.gov/ and https://www.fbi.gov/investigate/cyber
