17 October 2019
Today we find ourselves in a digital society. With almost daily use of smart phones, social media and email; we are emancipated by the digital world, even when carrying out routine activities.
Unfortunately, this surge in technology and internet usage has also seen a substantial rise in those looking to take advantage and deceive innocent people for financial gain.
Examples of cyber-risks
Cyber-criminals are always on the lookout for different methods to access data and information in order to commit fraud. Some of the most common methods include:
- Ransomware – where an attempt is made to extort money from you by preventing access to your computer system or files until a ransom is paid, most of which is delivered via malicious emails.
- Phishing – the fraudulent practice of sending emails purporting to be from reputable organisations in order to induce individuals to reveal personal information, such as passwords and financial information.
- Spear Phishing – the practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
- Smishing – this works like phishing and is carried out using text messaging.
- Vishing – this again works like phishing and is carried out using voice technology, i.e. phone or voicemail.
What can your church do to protect themselves?
Some Baptist churches may feel vulnerable to cyber threats. But did you know there are a number of measures you can take to prevent a cyber-attack? Here are a few tips on reducing the risk of a successful attack on your church:
- Malware protection – make sure you use appropriate firewall, anti-virus and anti-spyware software and keep virus/spyware definitions up-to-date. This allows the software to recognise and protect against the latest threats to your network.
- Password protection – ensure your mobiles, laptops and computers have strong passwords and try to change them on a regular basis. Apply a combination of upper and lower case letters, numbers or symbols and never share your passwords.
- Educate/train staff – all staff should be wary of unsolicited emails, particularly those that ask for a prompt response. Educate your staff on what types of information are sensitive or confidential and highlight their responsibilities in protecting it. A large proportion of computer viruses attempt to gain access via email through malicious attachments and links. Make sure employees know what to look for and only open from trusted sources. Think about creating an internet policy to provide guidance and share it with new volunteers when they join.
- Safeguard data – ensure appropriate access controls are in place to protect and secure data. Use encryption to protect sensitive or confidential information stored on portable devices. Reduce your exposure by cutting back on the volume of data you collect and store only what is necessary.
- Avoid phishing attacks – restrict staff user rights and provide training to help make your staff aware of obvious signs of phishing.
- Destroy before disposal – don’t just delete files or reformat hard drives, as data can still be restored. Instead use software designed to permanently wipe the hard drive or storage device. Ensure you do this for all equipment not just computers; did you know many photocopiers scan documents and store a copy on the device’s hard drive.
- Update procedures – make sure that your procedures comply with any applicable laws or legislation. Also, make sure that they align with any applicable industry required standards such as those that may be required by the Payment Card Industry (PCI) Data Security Standard.