Churches have always had data. In the 21st century there is more to it than just being able to put address labels on envelopes or send out year-end giving summaries. Like it or not, churches need to be aware of cyber security issues. It is easy to get bogged down in the complexities of the technology or figure you aren’t likely to be a target and fail to address it. I would propose that asking, “What do we have that puts us at risk?” is a great starting point and a better option than failing to address the issue.
What might a church have?
Software applications (or paper ledgers) that record the names of your members along with their addresses, phone numbers, birth dates, and family relationships are essential tools for most churches. This type of data is what is called PII (Personally identifiable information). Any data that can be used to figure out who someone is falls in this category. The majority of states and provinces as well as federal governments have laws about the responsibilities you have if this information is compromised (whether or not it is used illicitly). If any system you have includes information on credit card numbers or bank account numbers, the legal responsibility increases.
The way data is handled can also put you at risk. This can include things such as sharing logins and passwords. It can also include storing information on flash drives or on multiple PCs/laptops. If data in stored on PCs/laptops or servers, the physical location impacts risk. How often you get backups and where you store the backups impacts your risk.
The next steps would be to understand where the threats come from and the range of possible consequences. Addressing cyber security using these dimensions can help you determine appropriate ways to reduce risk.
- In your church administrative structure, who is responsible for security?
- What do you think is your church's most vulnerable point related to cyber security?
- What have you done to make your data more secure?