Page 65 - Cyber Defense eMagazine - October 2017
P. 65
Active Defenses for Churches
As with so many other non-profits, churches likewise have been listed as a target for
attackers. This issue has been exasperated due to churches, along with other non-
profits, having issues with cash flow and budgetary constraints. For the church’s
management structure, purchases of tangible assets may be a much less daunting task.
With cybersecurity having such a new focus in mainstream IT and industry, describing
what needs to be done, why the project needs to be done, and the potential impact of a
breach is difficult. Describing the potential impact of a breach, an intangible, is much
different than purchasing a new pew, a tangible asset that would been seen and used
with regularity. The management may not be able to fully appreciate the extensive
issues directly associated with a compromise and its effects on future rapport with the
community/parishioners, remediating the issue from the network, and protecting assets.
The lack of understanding is compounded with the church’s need to be connected via
the internet only further complicates the issue.
The church needs to be competitive and digitally connected with the congregation and
public. This has historically taken the form of the church’s website available for people
to search for and gain information on, email updates to the staff, and/or congregation,
Wi Fi for the people attending and staff, and many other services. With the current state
of technology and the people’s perceived need for this, the churches don’t have much of
a choice. These and other points provide ample attack points and vulnerable areas that
need to be addressed prior to a system being compromised.
Remediation
The goal of securing the church’s network or enterprise may be a rather arduous road.
This is not an impossible task, however would take effort and time on the part of the IT
area and open-minds from the management.
The church certainly can ask for voluntary help and assistance from their congregation.
The staff may be amazed at the depth of knowledge there is at the church. People from
all walks and industries have been members of the church. Each of these people have
different level of expertise in different areas of IT. These persons may also have a
varying number of hours to volunteer. Some may have eight, while others may have ten
hours per week to put the system in place and later monitoring the security logs. With a
few persons in place, this would be less of a momentous task. These persons may not
be computer experts, but certainly can help or provide input.
The church also could put in place programs that don’t require a mass amount of effort
and time. One action that needs to be addressed in anti-virus and anti-malware. If this is
already in place, this may be reviewed to ensure it is a good fit. This solution is not
perfect, which has been researched at length, however it does provide for a baseline
65 Cyber Defense eMagazine – October 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide.
