Cyber Safety Review
A few minutes before an early-morning Sunday worship service a church staff member receives an email from the Pastor. The email says, “I’m praying with some people and need you to send me some gift cards as these people that have needs”. This email should be flagged and confirmed as it may likely be from a well-versed cybercriminal attacking the church.
This simple example reveals how sophisticated these criminals can be. The sender knew the Pastor’s name and how to set up the email to pose as him. The email described activities commonly occurring on a Sunday morning and was sent a few minutes before the service started in order to cause a rushed response by the staff member. Also, the criminal probably knew which staff member would have the authority and capability to send the gift checks.
The key lesson in the never-ending fight against cyber fraud is people, not just technology, are the best defense. Here are five reminders of actions individuals can take to defend against an attack:
- Think before you click. 90% of successful cyber-attacks start with a phishing email. A phishing email tricks the recipient into opening an attachment or clicking a link that allows hackers to infect a system.
- Pay attention to the sender’s email address and domain. If they look suspicious, check it out before responding. Anytime there is a request via email to send money make sure it is legitimate and confirmed with the requester.
- Use strong passwords. This one can easily be missed as we often want to set short, easy-to-remember passwords to make website access easier. Longer, complex passwords with numbers, letters, and special characters are safer.
- Turn on multifactor authentication. This is another one some may avoid doing because it means an extra step to access a site. Multifactor authentication significantly reduces your chances of getting hacked. I recommend turning this one whenever available for your accounts.
- Keep your software updated. Software updates often include security patches implemented in response to current cyber-attacks.
These steps are probably a review for most, but because a cyber-attack can have significant consequences, I believe it is good to issue reminders and keep this information top of mind for church staff.
Let me know if I can be of any assistance.
Scott Thorson