Skip to content

Securing the Sanctuary: 3 Expert Tips to Overcome Cyber Threats

When gathering for church, we sometimes assume a false sense of security, believing we are immune to outside challenges.  Your church sanctuary, offices, and classrooms must be safe places.   A recent Forbes article revealed that such challenges are unavoidable, with 95% of malicious data breaches stemming from phishing attacks.” Simply put, someone received an email and clicked on a link or opened a file that looked legitimate.  As the saying goes, looks can be deceiving, and the result can be costly, including financial loss, data theft, identity theft, and more.  

While we primarily read about major corporations as victims in the headlines, the volume of personal and financial data held by churches means protection is vital. Sadly, this is a truth that churches have to address. It’s hard to fathom hackers’ intent, where social engineering fraud is the goal. So, what is the church to do when scammers and hackers prey on the kindness, grace, and everything that the church stands for in terms of wanting to help people?

Protection through technology pushes the church to think outside the boundaries and walls of the church building, enabling the church to serve its members and community better. As a result, churches may need new ways to increase security, stability, dependability, and scalability within their ministry. Simply said, there is a lot more that needs to be learned and done!

Level IT Up is an ACS Technologies podcast led by our Higher Ground Managed IT security experts. It focuses on how to best protect and prioritize the church for IT safety.  In this first episode, special guest Kevin Brunson, Principal Systems Architect, and host Carl Wagner, Director – Managed Services, discuss the security challenges churches across America face as well as three critical solutions to the most common cyber threats:

  • Prioritizing backups and endpoint security
  • Isolating WiFi networks
  • Training for social engineering scams

Antivirus Isn’t Enough 

Antivirus software prevents, scans, detects, and deletes viruses from a computer.  Once installed, the software runs in the background with automatic updates, requiring minimal user interaction.  In the podcast, Kevin and Carl explain why antivirus protection isn’t enough without someone monitoring alerts and taking necessary action when suspicious activity is detected.  Kevin further highlights the issue, “A lot of places will install antivirus and think that’s enough.  Many ransomware attacks start at 6 pm on a Friday when everyone has stopped working.  You won’t know until Sunday morning when you have nothing you need.”

Losing all of your essential data is a nightmare scenario that can cripple operations. Safeguarding your data requires a proactive approach, which is why regular backups and robust endpoint security are crucial.  Backups are your last line of defense in a cyberattack.  A reliable backup ensures you can restore operations quickly if your data is compromised. When coupled with strong endpoint security, the church can present a layered defense that enhances data protection and improves compliance.

Taking A Zero Trust Stance

Your congregation comes to Sunday morning worship services expecting to be able to use the Internet. Whether they need to access their Bible app, give online, or simply keep a young one busy, using the church’s Wi-Fi helps everyone get the most out of the worship experience.  Isolating your WiFi network prevents unauthorized access to critical systems and helps to reduce the spread of malware across devices.  

Carl warns, “You also have to take the stance of zero trust in a lot of cases. You can’t just openly accept devices on your staff network because you don’t know the risk they pose.  You really have to take that hard stance and do what’s best for the church’s network and the people’s information.”

Scammers Have Become Sophisticated

Technology can only do so much. Human error remains one of the leading causes of cybersecurity breaches. Cybercriminals, as discussed earlier, have successfully used social engineering tactics, including phishing emails or impersonation scams, to manipulate employees. They are utilizing more sophisticated measures, such as studying online profiles of new employees or targeting a specific department, to carry out their schemes.  Kevin notes, “We’ve seen some churches get hit because someone contacted the church pretending to be a missionary. They know the church supports them, and they talked about how desperately they need funds. We’ve seen churches that have been taken for tens of thousands of dollars because someone felt the urgency and was trying to respond as quickly as possible.”

This speaks to the importance of training church staff.  A well-informed team can act as the first line of defense against cyber attacks.  Best practices for user training include:

  • Regular awareness sessions
  • Simulated phishing tests
  • Clear reporting protocols

Click here to watch the latest episode of the Level IT Up podcast and level up your IT with good ideas and best practices, make sure to click the link below.

To protect your personal and financial information, take this free info security assessment to see how you compare with other churches like you: https://indicators.acst.com/infosec

Carl Wagner is a seasoned IT professional with over 18 years of experience at ACS Technologies, where he currently serves as the Director of Managed Services. A graduate of Francis Marion University with a BA in Management Information Systems, Carl combines his wealth of expertise in IT Services, networking, and strategic leadership to best serve the technical needs of today’s Church. Outside of work, he enjoys family time with his wife and two young daughters, ages 6 and 10, and pursues his passion for golf.