Table of Contents:
Why not? Religious organizations generally handle large sums of money and maintain databases of confidential information related to their members. Religious organizations often have open door policies at least into the place of worship. These organizations also often may not have dedicated information security or information technology staff on their payroll. In addition, a hacker who is particularly opposed to an organization’s ideology might focus his or her efforts in targeting such an organization.
Here are some examples of cyber attacks against religious organizations:
- A few years ago, anti-Semitic hackers redirected the web page of Temple Kol Ami Emanu-El (TKAE) in Plantation, Florida and pointed it instead to a web page that expressed support for the Islamic State in Iraq and Syria (ISIS).
- During the 2017 WannaCry ransomware attack which had particularly impacted India, the Tirupati temple found 10 of its computers affected by the ransomware.
- Earlier this year, the Lamont Christian church in Coopersville, Canada faced a similar website defacement when it was hacked by a group claiming to be the United Cyber Caliphate.
- In 2015, the First Presbyterian Church in Birmingham, Alabama, had hundreds of thousands of dollars stolen by hackers.
Impact of a hack, theft or a breach on a religious organization and its members:
It is common for churches and other religious organizations to have online donation pages on their website. Huge sums of money could pass through this channel and become an attractive target to cyber thieves. Can you imagine your donations going to a thief rather than the church or noble cause you gave to? It’s not just the money but also the confidential data that is a target – names, addresses, credit cards – that could result in identity theft of the members.
Many religious organizations also run schools where student and family data would be stored. Other than requiring to comply with education privacy laws, the data itself is at risk to be breached.
The impact of a hack or data breach to a religious organization is not just financial, it can have serious emotional implications. Imagine how you would feel if you saw messages supporting a global terrorist group on your church’s website. Imagine how you would feel if you saw a link to pornographic material on your temple’s website. Even if nothing is stolen, a hack like this can have far-reaching implications.
Seven steps you can take to battle cyber crime in your religious organization
As a representative of a religious organization, you must behave just like the representative of any corporation that has an online presence or that has access to confidential data or large sums of money. Obtain the services of a security expert who can assess your current security posture. Usually this begins with a part-time CISO (Chief Information Security Officer) who will arrange for a security risk assessment. This exercise will result in a report highlighting findings, recommendations for remediating these findings. Based on this, you can then define your organization’s security roadmap.
Identify your critical digital assets. Where is your confidential data kept? What are the other valuables that need to be protected – for instance, bank accounts, investment accounts, pension funds, insurance policies.
Start with the basics. Ensure that your website is secure. Do you have online and/ or off-site backups of all your data? Is your data storage encrypted? Do you have anti-virus software on all your devices? Do you have the necessary defenses installed on your network?
Ensure that you have adequate physical safeguards like locks, access control systems, cameras, etc. in your administrative offices. The place of worship may be open to all, but your administrative offices should be physically secured. Access should be given only to those who need it.
Prepare, test and implement your incident response plan.
Prepare and maintain policies and procedures for the organization, including administrative and other personnel. These should be comprehensive and address all areas of work – some examples of these are password policy, data backup policy, access control, social media policy, encryption, and more.
Train your staff on security awareness and cyber hygiene and how to detect potential threats.
Take action now!
The work of God is important. So is protecting the data and other digital assets that a religious organization may have. Cyber thieves are targeting religious organizations as much as any other. Do not be complacent when it comes to cybersecurity for your religious organization. A cyber attack can adversely impact your religious organization’s reputation and can actually impact the amount of future donations. Show your members that you are taking all the steps you can take to protect their data and their money. Contact a cybersecurity expert and schedule your security risk assessment today.