#GivingTuesday marks the beginning of the charitable season. Religious organizations are America’s single largest recipient of charitable giving and 49 percent of all gifts are made with a credit card. Yet, in a recent study, Church Mutual Insurance Company, the nation’s leading insurer of religious organizations, found that only 11 percent of today’s worshippers fear a cybersecurity breach at their place of worship.
Of larger concern, are churches or places of worship prepared/secured against cyber theft? Organizational leaders, staff and volunteers all play a part in promoting, implementing and enforcing safe digital practices. Preventive steps include:
- Staying smart – educating and keeping current on cyber theft trends
- Taking action – putting cybersecurity measures into practice through existing tools and providers
Worship Facilities recently caught up with Craig Huss, assistant vice president - Chief Information Security Officer at Church Mutual. Craig talked about basic steps places of worship should take for data privacy and cybersecurity coverage, as well resources to help keep them informed.
Worship Facilities: What exactly is the threat that churches face on Giving Tuesday, or any other day of the year?
Craig Huss: The threat comes from fraudulent, or bad actors sending out phishing campaigns to church members. That's the number one method that these individuals are using to commit financial fraud against religious organizations.
WF: Can you recall any specific examples of that kind of breach?
Huss: Yes, we recently were alerted to a community church that had conducted charitable giving in the past, and this church received notice from its membership that members were receiving emails, fraudulently representing the pastor of this church, saying that he needed money. There were members who submitted funds to the scam, and then there were other members who questioned it. The pastor immediately turned around and sent out a broad communication to his church alerting them to this scam.
WF: Typically, what would set up a church to be vulnerable to this kind of threat?
Huss: I would say any church that has conducted email campaigns. In this case a bad actor had gotten ahold of the email addresses of people who attended that church and was able to use that information towards a campaign against them asking for money. So, really any church that has email addresses or information on file about their members could be susceptible.
WF: What steps can a church take to avoid that kind of breach in their ministry security?
Huss: That's a great question. One of the things that I advise churches is to set guidelines around what types of charitable giving or donations that they would request of their members. Put in place standards that give a precedent for how donations would be made, and then be consistent in who that message is coming from so the recipient of it can always validate or authenticate that it's a trusted source. So, if a church organization doesn't normally do online donation requests, their membership should know that.
WF: When a church has those kind of processes and guidelines in place, what would you say is the best way to communicate them to the church community?
Huss: I would recommend that churches inform their members through multiple channels. They can communicate this through email, circulars, and through communal gatherings. It should be based on establishing an education and communication campaign from the church, around their financial giving policies and donations.
WF: Are there resources for churches to learn more about establishing safe guidelines and other relevant security measures?
Huss: We have reference material available on our website at churchmutual.com, and our policy holders have the ability to speak with a risk control specialist who can walk them through best practices to meet their individual church needs.