Is Your Church Vulnerable to the Internet?

Almost all churches are involved in some way with use of the internet. You probably communicate with committee members via email or perhaps pay some bills online. Many churches also have a website or Facebook page as a way to connect with their congregations and the community. Or perhaps you offer online giving, or stream live services.

The internet is a wonderful tool, but like most tools, it can be misused. Sadly, it is a tool that criminals turn to with increasing frequency to attack your organization’s information, reputation, and finances. Here are a few scenarios where we believe churches are at risk.

Website compromise – hackers or viruses are able to take over and lock your website, making it impossible to visit.  Or it can infect those who visit it, causing disruption to private computers. Fortunately, this is often noticed quickly, but the damage to the church’s information and reputation can still be significant.

Spy on internal information – a personal or church computer can become infected, usually without a user knowing he or she visited a site, or social media page, that automatically downloaded malware to the computer. This malware runs as an almost invisible computer program and collects information from your computer, email, and any websites you visit. Many of these attacks go unnoticed for months, which can compromise passwords, banking information, and personal information.

Theft of Banking Information – through a number of different hacking techniques, internet thieves can steal your banking information and transfer money out of the church’s checking or savings accounts. While most banks have measures in place to protect your money, they are not fool-proof. It is up to you to closely monitor all your account information and transactions.

Hard drive ransom – hackers can lock up your hard drive, which stores your audio, video, and document files, and threaten to erase them all if you do not pay a ransom, typically several hundred dollars. Even In the short-term, this can cause a serious interruption to your church, since items such as the information needed for the Sunday Service may suddenly become unavailable.

Compromise of “Personally Identifiable Information” (PII) – larger churches with more employees and volunteers need to realize that New York State regulates the privacy of every person’s name combined with their driver’s license number, or social security number, or banking or credit card information. If you discover your computer server, volunteer database, or online giving provider has been hacked, by law you may need to notify everyone in your database, even if they have not given or volunteered for quite some time.  Notifying an individual in a way that is compliant with state laws may cost $300 or more per person, a significant unplanned expense.

These are some of the security-related internet issues we urge church leaders to consider. Discuss, as a group, how your church might be at risk and what you can reasonably do to protect information and resources. Many churches choose to be proactive, and purchase the appropriate insurance for risks such as this. If you are concerned you may not have the correct protocols and insurance in place, please contact us. A member of our Church insurance team will be happy to assist you.

James Dick, CPCU, AAI