We often think of cyber crimes in terms of the damage they do to businesses. And with good reason: According to Juniper Research, the cost of data breaches to global industry is projected to reach a staggering $2.1 trillion by the year 2019. But while for-profit companies may get the lion’s share of attention when it comes to cyber attacks, the reality is that all organizations which rely on computers as part of their operations are vulnerable, including faith-based organizations. Is your church next?
Learning the Hard Way
In 2014, the Archdiocese of Seattle was rocked by a data breach which compromised the personal information of approximately 90,000 employees and volunteers. The reach of the resulting tax-fraud scandal was so pervasive, in fact, that area Catholic schools had to close for the day in order to give their staff members time to deal with the issue. Not only that, but those impacted by the crime complained of a woefully slow and inadequate response by the church to inform them about the breach.
Months later, the archdiocese still had no concrete information as to who had comprised the personal information or how it was done; exactly what personal information had been compromised; whether the breach occurred within its own systems or another system; and which individuals’ identities were compromised. The result? Not only a PR nightmare for the church, but also a personal nightmare for victims who may still be dealing with the fallout of identity theft today.
While representatives of the archdiocese insisted at the time that cybersecurity measures had been in place when the breach occurred, and while it’s true that there’s no 100 percent, foolproof way to prevent cyber crime from happening to your organization, there are some steps church leaders can take to protect their ministries. At the heart of the matter? Understanding and implementing best practices for both cybersecurity and emergency response planning.
But that’s not all. While working alongside both the IRS and FBI to investigate the matter, the Archdiocese of Seattle informed its members that another priority was also underway. Said the Archbishop in a letter, “Finally, we are reviewing our systems, policies, and procedures for handling personal information, to enhance the overall security of personal information we receive.”
Which begs the question of all churches and faith-based organizations: Are your own systems, policies, and procedures up to the task of warding off cyber attacks in today’s increasingly complex digital landscape? “Churches and Cybersecurity: Neutralizing the Rising Threat,” is a must-read for all church leaders looking to safeguard their organizations, their data and their members.