Nick B. Nicholaou serves as president of MBS Inc., based in Huntington Beach, California. In his role with MBS—which stands for Ministry Business Services—Nicholaou has served churches as an IT (Information Technology) consultant and strategist for many years. Since 1987, he has helped churches through a number of IT transitions, and he wrote the Christianity Today book Church IT: Strategies and Solutions. I spoke with him about how churches should approach IT.
Churches tend to be open, welcoming places with a heart for saving the lost. What potential risks can this create when it comes to IT risk management?
Churches today offer WiFi access for their guests as part of being a welcoming organization. They want to provide an appropriate suite of services to help meet people's needs. But most churches do not strategically approach how to set up the WiFi for those needs.
I talk in my book, Church IT: Strategies and Solutions, about the need to segment WiFi for guests versus staff, and to make sure that WiFi access for guests is filtered for appropriate content. Churches need to either use a password to protect their WiFi and/or turn it off when WiFi doesn't need to be available.
Why is that important?
At a church in Missouri, someone pulled into the church parking lot after hours and distributed child porn over the church's unsecured public WiFi. The FBI was called in to address this, and investigators saw that it was coming from the church's public IP address. The FBI then confiscated all of the church's computers, including servers, to do a forensic analysis to make sure no one on staff was involved. The forensic audit took months, so the church was without their computers for that length of time.