Three Ways to Help Protect Your Church or Ministry Against Cyberattacks

By John Murphy

We can’t seem to go a single week without hearing about a new cyberattack or ransomware campaign affecting the information of millions. Yet, we rarely hear about churches and other nonprofits being impacted — but that is not the case.

Cybersecurity statistics from 2019 indicate 43% of all cyberattacks target ministries, nonprofits and small organizations. 

If you combine the exponential increase in cyberattacks with the apparent lack of cybersecurity education and resources at many churches and ministries, you have the makings of a disaster waiting to happen.

You may be thinking, “My church doesn’t have the staff to run such an effort against this enormous threat.” Regardless of your church’s size, GuideStone® wants to help you prepare for and respond to this risk. We are passionate about protecting the livelihood and security of all churches and ministries in our care — and a big way we can help with that now is to provide cybersecurity resources. 

Here are three easy ways to initially assess and mitigate the risk of a cyberattack on your ministry. 

1. Acknowledge the threat

The threat of cyberattacks is real and not just for lucrative businesses. Roughly 40% of churches* mistakenly believe that they are too small to be a target for cybercriminals and cyberattacks or that they do not have the type of data a hacker would be interested in stealing. 

Cybercriminals show no preference for the size or value of an organization but rather focus mainly on any online presence with increased technical vulnerability. Depending on the type of cyberattack, your church could lose data, be locked out of your network or have the personal information of employees and members compromised. By first acknowledging the threat of an attack, you are already in a better position to prevent one from occurring. 

2. Solidify a plan

Once you know you need to prepare, it’s time to get proactive. GuideStone and Brotherhood Mutual Insurance Company highly recommend you create a specific cybersecurity plan for your church or ministry. We encourage you to not only look to staff but also towards your congregation for qualified and motivated individuals who can help formulate this plan, individually or also in the form of a committee.
Of note: the appointed individual or committee should also stay aware of what your state and federal laws are. See your state’s current legislation regarding cybersecurity here.  

Last but definitely not least, part of your plan should include cybersecurity training for your employees, staff and any volunteers tasked with logging into any ministry devices or accounts, so they know how to remain vigilant and stay cyber aware.

3. Leverage what you already have

Good news! You have probably already taken some steps toward cyber safety without even knowing it! We’ve compiled some quick tips on how to leverage the security you may already have in place

Within the settings of the computer systems you already use:

  • Set up all devices (laptops, desktops, tablets and phones) to require login with a password
  • Schedule regular password changes and add password complexity requirements
  • Do not allow users to share their access credentials
  • Get rid of any user accounts that are not actively being used
  • Upload and set antivirus and anti-malware scans to run on a regular basis

Cyber threats are evolving every day and defending against those threats is becoming more important than ever — especially considering what’s at risk. It’s crucial that you’re doing everything possible to increase your ministry’s ability to stay protected against these threats. 

John Murphy is the senior sales and development manager at GuideStone, serving since 2012. He has a bachelor’s degree in accounting from Auburn University and received his Master of Business Administration with a marketing concentration from Dallas Baptist University in August 2020. With insurance experience in a range of industries, John combines his expertise with a heart for ministry. Whether it’s helping you manage risks to prevent losses or providing coverage to help your ministry recover and rebuild after a loss, John sees serving your ministry as his ministry.

*Per an August 2020 GuideStone Survey of churches on cybersecurity awareness.