Cyber-Security

17 October 2019

Today we find ourselves in a digital society. With almost daily use of smart phones, social media and email; we are emancipated by the digital world, even when carrying out routine activities.

Cyber security [image]


Unfortunately, this surge in technology and internet usage has also seen a substantial rise in those looking to take advantage and deceive innocent people for financial gain.

The National Crime Agency (NCA) recently reported that cyber-crime continues to increase in scale and complexity. It costs the UK billions of pounds, causes untold damage, and threatens national security1.

Examples of cyber-risks

Cyber-criminals are always on the lookout for different methods to access data and information in order to commit fraud. Some of the most common methods include:

  • Ransomware – where an attempt is made to extort money from you by preventing access to your computer system or files until a ransom is paid, most of which is delivered via malicious emails.
  • Phishing – the fraudulent practice of sending emails purporting to be from reputable organisations in order to induce individuals to reveal personal information, such as passwords and financial information.
  • Spear Phishing – the practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
  • Smishing – this works like phishing and is carried out using text messaging.
  • Vishing – this again works like phishing and is carried out using voice technology, i.e. phone or voicemail.

What can your church do to protect themselves?

Some Baptist churches may feel vulnerable to cyber threats. But did you know there are a number of measures you can take to prevent a cyber-attack? Here are a few tips on reducing the risk of a successful attack on your church:

  • Malware protection – make sure you use appropriate firewall, anti-virus and anti-spyware software and keep virus/spyware definitions up-to-date. This allows the software to recognise and protect against the latest threats to your network.
  • Password protection – ensure your mobiles, laptops and computers have strong passwords and try to change them on a regular basis. Apply a combination of upper and lower case letters, numbers or symbols and never share your passwords.
  • Educate/train staff – all staff should be wary of unsolicited emails, particularly those that ask for a prompt response. Educate your staff on what types of information are sensitive or confidential and highlight their responsibilities in protecting it. A large proportion of computer viruses attempt to gain access via email through malicious attachments and links. Make sure employees know what to look for and only open from trusted sources. Think about creating an internet policy to provide guidance and share it with new volunteers when they join.
  • Safeguard data – ensure appropriate access controls are in place to protect and secure data. Use encryption to protect sensitive or confidential information stored on portable devices. Reduce your exposure by cutting back on the volume of data you collect and store only what is necessary.
  • Avoid phishing attacks – restrict staff user rights and provide training to help make your staff aware of obvious signs of phishing.
  • Destroy before disposal – don’t just delete files or reformat hard drives, as data can still be restored. Instead use software designed to permanently wipe the hard drive or storage device. Ensure you do this for all equipment not just computers; did you know many photocopiers scan documents and store a copy on the device’s hard drive.
  • Update procedures – make sure that your procedures comply with any applicable laws or legislation. Also, make sure that they align with any applicable industry required standards such as those that may be required by the Payment Card Industry (PCI) Data Security Standard.
 
This list is just a small sample and there is much more your church can do. For further help and information, please check our protection and use of electronic equipment guidance

FAQs

A cyber-attack is an attempt to interrupt or damage a computer network or system and is usually carried out by a hacker.
A hacker is someone who uses computers to gain unauthorised access to computer systems or networks causing a data breach or system failure.
A data breach is when an unauthorised individual accesses sensitive, personal or confidential data such as medical history or bank details. They may hold these details to ransom and sell them back to the organisation, or they may use them to commit further crimes. Data breaches can also occur without the influence of cyber-crime, for example if a church laptop is left on a train.
Malware is malicious software which is sometimes used by hackers to interrupt or damage a computer network or system.
Phishing is a term used to describe a type of email fraud. The sender poses as a reputable company and asks the recipient to share personal information. Reputable companies never ask for details like this over email so if they do, be suspicious.
Document icon Risk man in hat World connected [side image] Cyber shield [side image]