Protect Your Church from Data Loss or Theft

When First Baptist (not the church's real name) hired a network engineering firm to help them with their computer system, they never dreamed they were inviting in thieves. But when employees of the firm saw the scope of information saved in the church's database, they copied it and rented the list to businesses that wanted to reach people in their community, segmenting it by various demographics—including contributions!

Data is one of the most valuable assets a church has, but trying to figure out what it's worth so we can adequately protect it is challenging. Protecting data isn't difficult, but the task must be approached as deliberately as the fire and security protection we apply to our church buildings.

The first step is to recognize that your church has different kinds of data, and classifying data helps set a value to strategically protect it. While some data is mission-critical, other data is merely convenient. The difference is often found in answering the question, "What would happen to our church and our ministries if this data was made public or was destroyed?"

Data that might be considered mission critical includes:

Databases. Databases contain names and contact information, and sometimes include contribution, attendance, baptism, and other data that help us serve our congregations. Unfortunately, most churches have more than one database. In addition to lost efficiencies and synergies, multiple databases add complexity to the task of data protection. Church databases can include true databases, spreadsheets, document files, contact lists, and, of course, the Rolodex™.

Sermons and Lesson Preparation. Sermons and lessons and the research behind them.

Communications. Letters and e-mail between the organization and others—both internal and external.

Graphic Files. Photos, videos, bulletins, programs, promotional posters, and audio files.

Governmental Documents. Church meeting minutes, agendas, meeting notices, etc.

Custom Programming. Templates or any other items that have been customized to help communicate and serve with uniqueness.

Data Threats

Threats to data security can be classified as either internal or external.

Internal. Good employees sometimes become disgruntled employees. Hardware sometimes crashes. Vendors sometimes develop sticky fingers. We are constantly being attacked with malicious software (called "malware") in the form of spyware and Trojan horses.

External. Burglars, external catastrophes like hurricanes and earthquakes, and those who try to hack into systems that are connected to the Internet. As we monitor our clients' network security, we see almost constant evidence of Internet programs (called "bots") trying to exploit operating system vulnerabilities. Their goal is to grab data or computer resources to serve the interests of others.

Prioritizing Data Protection

Some data, if lost, would cause no real damage. But other data losses could really hurt. Consider, for instance, if your membership database was no longer available, or if members' private information was made public. This is a critical situation for churches and ministries that process online or ACH contributions and keep donors' financial account information in the database. In the wrong hands, that information could allow others access to donors' accounts!

Therefore, losing the database would have the greatest impact on your church and its membership, so protecting the database should be the highest priority. This protection can take multiple forms.

• Reduce the number of databases as much as possible. The ideal number is one database. This ensures that a high-priority focus on protecting it will be as effective as possible. It also has the benefits of saving staff time (updating a record once takes less time than updating it multiple times in every database) and increasing staff synergies. The downside is that some ministry areas may have to change the way they maintain their data to accomplish this goal.
• Perform multiple daily backups, easily done with many of today's database engines. Some choose to have their database backed up every two hours, for example, so that if there were a problem, less work would have to be re-entered.
• Send a copy of database backups to an off-site server. If there were a regional catastrophe (like a hurricane) in which staff evacuated in many directions, the database could be securely accessed via the Internet.

Jason Powell, information technology director at Granger Community Church in Granger, Indiana, says, "Our database is the center of what is done on our network. If it were lost, the cost to reconstruct it would be huge; worth it, but huge." Spending a little to protect it in advance is good stewardship.

The second priority is to safeguard data files that are foundational to the ministry. These include communications with governmental authorities as well as the church's own governmental records (agendas, minutes, meeting notices, etc). Records of this type may become critical in re-establishing a church or ministry following a catastrophe.

The third priority is to preserve letters and e-mail communications that cannot be easily re-created.

Few things tangibly say who you are like familiar graphics, and this type of data is the fourth priority. Whether it includes bulletins and programs, promotional formats, or photo, video, or audio files, these are often irreplaceable pieces of church history that help many feel a little more comfortable in a crisis. They communicate who you are, and should be protected. Because of their size, however, these types of files are often eliminated from daily backup routines.

The fifth protection priority is custom software programming, usually in the form of templates and database modifications.

Layers of Protection

Data is usually best protected by applying layers of protection. We recommend the following:

• Server rooms should be locked and accessible only to those with a legitimate need for access.
• Passwords should meet or exceed minimal policy requirements. This means passwords should avoid words, names, dates, etc.—things that are easily guessed. Passwords should never be shared with other staff members. David Brown, information technology director at Capital Christian Center in Sacramento, California, says, "When someone lets us know they shared their password for any reason, we immediately change it for them." Like many other ministries, Capital Christian Center does not allow users to change their own passwords. This helps ensure that passwords are high quality.
• Some organizations are moving toward the use of biometrics to eliminate passwords altogether. Dell, for instance, will often include fingerprint scanners at no additional cost. These easy-to-use devices increase the protection of networks and sensitive data.
• A fully configured, updated, and tested Internet firewall will keep unwanted intruders (bots and hackers) out of your system.
• A fully configured and updated SPAM filter will minimize the impact of malware contained in e-mail.
• Use of a secure, in-house, instant message system rather than a public system will keep hackers away from security "back doors" that are easy to exploit.
• Back up the entire system daily (Monday through Friday night) on tape, saving backup tapes for a minimum of three weeks.

Regional Disasters

The following additional steps will help protect against data loss if you should experience a local or regional catastrophe:

• One night each week (preferably after the busiest day of the week), take that night's backup tape off-site. Use two tapes, rotating tapes each week, so that you'll always have the previous backup available.
• Copy high-priority data to an off-site location on a daily basis via secure Internet connection. Though many vendors offer this service, only a few also have the ability to restore a database backup and securely host it over the Internet as an interim solution following a catastrophe. This is especially important for databases.

Your data, though difficult to objectively value, is one of your most significant assets. Because your ministry is heavily dependent on data, implementing some fairly simple policies and procedures will go a long way towards protecting your ministry.