How to talk to your church about cyber security

• Identity information in church database is worth $30.00/personal record on the black market
• If that information is compromised, what are people going to say?
  • “Glad you spent that on missions instead of protecting me”
  • People will hold us to a higher standard than random big Internet companies
    • Sort of a “Spiritual HIPAA Law”
• How do people feel about the church having their data?
  • Some people like it! (for the church and other companies to have it!)
  • Others have no idea that the church has any of their data (you have personal data?!?)
  • Others are indignant that we use data in the church to serve in ministry at all

Three Strategies

1. Accept the fact that you aren’t powerless…we can (and have to) protect our data as well as those we care for.
   1. Keep systems patched
      1. IT audit!!
   2. Keep your user accounts up-to-date
      1. Compare to HR/Staff lists (and roles/responsibilities)
   3. Policies must be up-to-date, including BYOD!
   4. Offer identity theft protection as a company benefit?
2. Find the weakest link and fix that first. For most of us, it’s the human element.
   1. KnowBe4 - Phishing training
   2. Technology is not the only place we’re at risk…this is a cultural thing!
3. Alignment
   1. Just getting the cheapest product x in’t always the best option
   2. Need to avoid silos, pick stuff that works together to provide what we need