How to talk to your church about cyber security
- Identity information in church database is worth $30.00/personal record on the black market
- If that information is compromised, what are people going to say?
- “Glad you spent that on missions instead of protecting me”
- People will hold us to a higher standard than random big Internet companies
- Sort of a “Spiritual HIPAA Law”
- How do people feel about the church having their data?
- Some people like it! (for the church and other companies to have it!)
- Others have no idea that the church has any of their data (you have personal data?!?)
- Others are indignant that we use data in the church to serve in ministry at all
Three Strategies
- Accept the fact that you aren’t powerless…we can (and have to) protect our data as well as those we care for.
- Keep systems patched
- IT audit!!
- Keep your user accounts up-to-date
- Compare to HR/Staff lists (and roles/responsibilities)
- Policies must be up-to-date, including BYOD!
- Offer identity theft protection as a company benefit?
- Keep systems patched
- Find the weakest link and fix that first. For most of us, it’s the human element.
- KnowBe4 - Phishing training
- Technology is not the only place we’re at risk…this is a cultural thing!
- Alignment
- Just getting the cheapest product x in’t always the best option
- Need to avoid silos, pick stuff that works together to provide what we need