The most current statistics on cybercime published by the FBI (2015 via ic3.gov) show they received nearly 290,000 cybercrime complaints that year, with an associated loss of $1.1 billion. At the time of this writing, a new ransomware called WannaCry (aka WannaCrypt) is infecting computers worldwide. Is your church's data safe? What do you need to do—and not do—to be safe?
Most cybercrime happens one of two ways:
- Via Email. An email appears in your inbox that has a link, graphics, or a form to complete, or it may appear to be from someone you know (this is known as “spear phishing”).
- Via Infected Websites. Websites, even those that are legitimate, can be infected with malware easily if their hosts are not keeping up with security patches and strategies. Criminals can buy inexpensive “crimekits” that look for and infect vulnerable websites. It even happens to church and ministry websites.
To protect yourself from cybercrime through email:
- Make certain all emails to your church are scanned by a capable SPAM filter to help minimize the number of dangerous emails that get to church staff's inboxes. I say minimize because some will still get through even the best SPAM filter; these are often referred to as zero hour emails. Zero hour emails are newly introduced methods and strategies that have not yet been identified as a pattern of dangerous email.
Our firm prefers Barracuda SPAM filters. We even tested Microsoft’s O365 SPAM filtering solution and found that it let many more unwanted emails through than the Barracuda–especially from other O365 email accounts.
- The FBI warns as follows:
- Do not click links in emails. I modify this warning, however: you can click only if you first hover your mouse over the link, which will show you where the link will take you. If you’re not certain the destination is safe, do not click the link.
- Never reply to senders you don’t know. This gets tricky, though, because the sender can be spoofed, as in spear phishing. If you want to reply to someone—even someone you know—check that the email address in the “To” field when you’re composing your response is the address you expected to see before you click “Send.”
- Do not fill out forms in emails.
- Do not open attachments in unsolicited emails.
- Be skeptical of those representing themselves as surviving victims or friends in need.
- I add one more item to the list: immediately delete SPAM emails, and empty your deleted items daily.
To protect yourself from cybercrime through infected websites, I recommend the following steps:
- Use a good firewall to protect your entire system from dangerous content transmitted from websites. Typically there is a subscription from the firewall provider that must be kept current to protect your church from newer methods and strategies.
The firewalls my firm recommends are SonicWALL firewalls running their Total Secure subscription package. We find those to be the sweet spot of features, protection, and cost for churches and ministries.
If you’re a consumer, versus an organization, check with your Internet Service Provider (ISP) and confirm with them that they have all of the protections turned on in the modem or router they provided.
- Use a capable anti-malware solution on your computers—whether they’re Windows or Mac (yes, Macs get infected too, regardless of what many say). The solution my firm likes most is Thirtyseven4.com; it is capable and reasonably priced.
Keep a history of total data backups. This will help you recover from an infection that somehow slips through. By having a history of backups available, you should be able to recover from any infection that does happen. My firm prefers a full month of daily backups to cover an infection that has an incubation period and doesn’t “go live” and get noticed for a while.
What About WannaCry Ransomware?
WannaCry takes advantage of a Windows vulnerability that Microsoft patched months before the outbreak occurred for all their supported operating and network operating systems. That said, it is important to keep your systems and apps up to date regarding patches; many of the updates are security-related.
It appears WannaCry is gaining access to files from people responding to a spear phishing attack. Be cautious with the emails in your inbox!
If you are running an unsupported Microsoft operating system, like XP, Windows 8.x, or Server 2003, Microsoft recently released a patch you can manually download and apply to shore up the vulnerability WannaCry exploits. Here’s a link directly to Microsoft for help.
Don’t become a victim of cybercrime: these are easy-to-implement strategies and disciplines that you, your staff, and your family can adopt. And there will likely come a time when you’ll be glad you did.
Nick Nicholaou is president of MBS, an IT consulting firm specializing in church and ministry computer networks, VoIP, and private cloud-hosted services. He is author of Church IT: Strategies and Solutions.
This article was adapted from an article that first appeared in The Church Network's Insight magazine. Used with permission. The Church Network (formerly NACBA) hosts the longest-running national conference serving church business administrators. This year, the conference is July 3 – 6 in Washington, DC.
This content is designed to provide accurate and authoritative information in regard to the subject matter covered. It is published with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. "From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations."
Due to the nature of the U.S. legal system, laws and regulations constantly change. The editors encourage readers to carefully search the site for all content related to the topic of interest and consult qualified local counsel to verify the status of specific statutes, laws, regulations, and precedential court holdings.