This is a guest post by my friend Lincoln Kaffenberger. Lincoln was a member of our church plant, served as a military officer, and now works as an information technology professional in the financial sector. He has over a decade of experience helping organizations understand the threats they face from cyber-attacks and make informed, risk based decisions.
Beloved, do not be surprised at the fiery trial when it comes upon you to test you, as though something strange were happening to you. -1 Peter 4:12
Cyber-attacks are already a common part of daily life for businesses. Unfortunately, they are becoming a common part of life for churches too. Many churches are unprepared for common cyber-attacks that businesses regularly experience. Too often church leaders simply consider cybersecurity an IT issue without considering the organization-wide impacts a successful cyber-attack could have on their church’s ability to function, its reputation, and its congregation. Times have changed. Cybersecurity is now an organizational issue that pastors and other church leaders must care about.
There have been several examples in the past few years of churches that have been victims of cyber-attacks. Churches have lost the money in their bank accounts, had their congregants’ and staffs’ identities stolen, have had their websites defaced and brought down, have had sensitive information put at risk of being exposed, and have been victims of an increasingly common type of cyber-attack – ransomware. Any one of these events can hurt the trust a church has with its people and community and hinder its ministry to those outside the church.
One way churches can improve their security against cyber-attacks in a meaningful, cost-effective way is to do tabletop exercises working through plausible cyber-attack scenarios. Churches should consider both the most likely and the most dangerous cyber threat scenarios to understand what the impacts of each could be. By working through these scenarios in a low stress environment before cyber-attacks happes, church leadership can rehearse their response plans, identify gaps in their plans, and ultimately improve their security. Additionally, table top exercises serve as educational events for those in a church who are not as familiar with cybersecurity.
Some questions church leaders should ask when they think of different cyber-attack scenarios are:
- Could this scenario happen to us? What conditions would have to exist for this scenario to be feasible?
- If cyber-attacks happened, what would the impact be to our reputation and credibility? How would we rebuild our reputation and trust with our congregation and community?
- How would we respond? Who would we turn to for help? Who could we call?
- How could this attack have been prevented? Could we detect this attack at its early stages?
There are five possible cyber threat scenarios that have affected churches recently:
1. Cybercriminals empty the church’s bank account;
2. Hackers deface the church’s website with politically charged images;
3. The Church is a victim of a ransomware attack that denies the church access to their files;
4. Pastor’s accounts get hacked and the hackers publicly release sensitive information;
5. Church Staff and Congregants Identities Stolen After Church Database Breached.
These scenarios each represent a kind of attack or a kind of harm that a cyber-attack could bring to a church. If church leadership walk through these five scenarios and answer the questions as an organization, they will discover their level of exposure to cyber risk, better understand what the holes are in their cybersecurity, be better positioned to respond to a cybersecurity incident, and importantly be ready to adopt and create a culture of security within the church that allows it to do the Lord’s work securely.
Source: Church Leaders