If I was to someday turn to the dark side, and for the sake
of argument let’s say I haven’t yet, I’m convinced that I could retire hacking
churches. Churches are treasure troves
of data that has a relatively high black market resale value. Churches also aren’t as obsessed with
security as the corporate world is. Of
course, if you are a hacker, my intent here is not to encourage you to go after
churches but rather to encourage churches to be vigilant when it comes to their
cyber security.
Everyone is getting hacked.
It doesn’t take much to see that your data isn’t really safe
anywhere. But that doesn’t mean we go
hide under a rock. It seems that hacking
is in the news daily. Remember Target,
The Home Depot and a small outfit you may have heard of called the United
States government?
When a corporation is hacked their profits and shareholders
may suffer but what happens when a church is hacked? Our message is much more important than
selling goods and our reputations and balance sheets often aren’t strong enough
to weather a hacking storm.
While cyber-attacks are a threat we have to manage it is no
different than the threat of someone slipping on the ice in your parking lot and
suing you. At some point if you are
doing ministry effectively you will be sued.
You will be hacked.
Churches are sitting ducks.
So then why aren’t churches targeted more? Mostly because the hackers don’t think we are
big enough to warrant any attention. I
think that is their mistake, mega churches are plenty big and contain just as
much key black market data as the big box stores. Hackers are after demographic info like name,
address, phone number because they can sell those records to bad actors
conducting phishing schemes and other online criminals.
The value of that information goes up tenfold if you have a
social security number tied to that record and even more if you can connect a
credit card to it. The bad guys don’t
realize how churches work and that we are sitting on tons of that very
information. Nor do they realize that we
don’t protect it very well.
Their ignorance -- for now may be our bliss but at some
point they are going to figure it out or someone from inside church ministry is
going to go rogue and open their eyes.
Churches are sitting ducks by the very nature of our
business. Our business it to be open and
welcoming. We don’t want to shut anyone
out and we preach a message of salvation and forgiveness. Our goal is to draw people in not push them
away. Our business is based on people
voluntarily giving us their money. What
is the great commission? That makes us a
target, or at least it should.
We also lack the deep pockets of corporate America. How much did the Target hack cost them? They have deep pockets so a $160+ million hit
due to hackers can be weathered. They also
have the additional millions to pour into fixing the problem, hiring security
specialists, etc. We don’t.
Churches are sitting ducks by the very nature of our
people. We have all levels of economic
status in our churches and we strive to reach out to those who have
nothing. We teach our people to be kind
and loving and forgiving and to be trusting.
We teach them to evangelize and influence others with our message and
not to let pride or shyness get in the way.
Our people are our biggest asset, and also our biggest liability.
We also use volunteers.
Go into your local bank, set up an account to become a member, and then volunteer
to help them and see if they give you access to their database. Churches do this all the time – and we should
as our survival depends on it.
In my opinion our data is pure gold. As I mentioned, I think we are getting by for
now because the hackers don’t know much about what we store.
Churches are sitting ducks by the very nature of our beliefs. What does Jesus teach? Lock it all down and throw away the key?
While we are taught to love people and minister to them we
are also taught about stewardship.
Stewardship is what really kicks in here in terms of data management and
security. Remember the parable of the talents
in Matthew 25:14-30? Think of the
talents as our data.
We need to provide access to the data so we can accomplish
our mission but we also have to be a good steward of the data so it isn’t
stolen. We tend to do the former and not
the latter as it is difficult for church leaders to take a step back and
evaluate data access policies.
Stewardship is difficult – which is why we struggle with
it. Pastors aren’t taught about cyber
security in seminary. They want to use
technology to connect with people and they don’t want to hear about any
security hurdles. How did the malware
get into Target’s system? Through an
unpatched server. Pastors and church
administrators don’t like to hear technology and data management requires an
investment in security but if you believe in accountability before the Creator
then you may want to think twice about that.
I admit this is a difficult balance to strike but we have to
do better because we are sitting ducks.
Next month’s article, entitled Protecting the Soft Underbelly of the Church will address ways we
can help protect our data while still maintaining maximum efficiency and
Kingdom impact.
Posts
