Securing Ministry Data: Combatting Cyber Threats

by Kevin Norton
Agency Principal, Lightwell Insurance Advisors

In today's digital age, cyber security issues are no longer just a problem for businesses. Over the past three decades, I've seen firsthand how cyber threats have evolved from a non-issue to a critical concern for ministries. Protecting your ministry involves being proactive. This starts with knowing how to prevent someone with bad intentions from gaining access to your devices, personal information, and data, as well as handling situations where your ministry has been exposed.

Understanding Emerging Threats
Cybersecurity is all about protecting your data and information from unauthorized access, viruses, and fraudulent emails. Unfortunately, ministries are not immune to these threats. We've seen churches fall victim to phishing emails, where employees receive messages that appear to be from pastors or missionaries, asking them to wire money or change payroll information. These emails can be incredibly convincing and have led to significant financial losses.

And they are getting even more sophisticated with the rise of generative artificial intelligence (AI) used by bad actors to create sophisticated phishing emails and very real looking, but fake, invoices. Additionally, bad actors are using grooming tactics, establishing relationships over months before requesting fraudulent payments. This makes their schemes even more convincing.

Evaluate and Protect
To evaluate your current level of cyber security, we recommend conducting a thorough risk assessment. This can be done with your ministry’s IT staff or by using an IT vendor. They’ll help identify potential threats and vulnerabilities in your computer systems. Understanding what data you have and how it's protected is the first step in mitigating cyber risks.

Ministries often handle sensitive information, such as donor data and personal information of members. To protect this information, use reputable third-party vendors for online giving. These types of vendors should have robust security measures in place to prevent a cyber breach.  Additionally, ensure that your systems are protected with complex passwords. Multi-factor authentication adds another level of security to help keep someone from getting in.

Risk Management Guidance
Because so much ministry and staff information is now online, it makes it easier for a bad actor to do their research and convince you that they are someone they are not. One way to make this harder for them is to remove individual staff email addresses from your website and just post a central email address instead.

And here are some more ways to significantly reduce your risk:

• Develop Clear Policies: Educate staff and volunteers about cyber security risks. Train staff and volunteers on setting up strong passwords.

• Teach Safe Browsing: Educate staff and volunteers on how to recognize phishing emails and phone calls and to avoid clicking on embedded or unfamiliar links.

• Verify an invoice is real: If someone sends an invoice by email, verify if it is the real thing by calling the vendor.

• Regular Training: Initiate fake emails to train staff and volunteers on spotting scams, who to report suspicious emails or phone calls to, and what to do next if they do click that bad link or pay that fake invoice.

Handling a Cyber Incident
If your ministry suspects a data breach from a virus, someone hacking into the system, or a ransomware attack, act quickly to help minimize the damage to your systems and speed up recovery:

1. Disable and Remove Computers: Disconnect and disable affected computers or networks.

2. Change Passwords: Update passwords on critical accounts.

3. Document Everything: Take screenshots and note unusual activity.

4. Contact Professionals: Reach out to your IT professional, insurance agent, and law enforcement if necessary.

Wrapping Up
Cyber security is an ongoing concern for ministries, but with the right practices and protections in place, you can safeguard your sensitive information. At Lightwell Insurance Advisors, we're here to help you understand these challenges and ensure your ministry is well-protected. Cyber insurance can be a lifesaver when dealing with the financial consequences of a cyber-attack. It helps cover costs associated with ransomware, data breaches, and other cyber incidents. Cyber insurance coverage options are available for both first-party losses (system damage, for example) and third-party losses (liability issues).

Watch Kevin's full interview here, or listen to The Lightwell Podcast on your favorite streaming service.

About the Author: As the agency principal and managing partner of Lightwell Insurance Advisors in Arizona and Utah, Kevin Norton builds strong relationships with clients, ensuring comprehensive coverage and protection against emerging risks.

Lightwell Insurance Advisors is focused on identifying risks and crafting safeguards for organizations that lift up their communities. We're a trusted partner in understanding risk management and insurance protection.

This blog post provides a general overview of cybersecurity principles and insurance. It should not be seen as a contractual agreement. Details about coverage, deductibles, limits, and services may vary by organization and location. All coverage options are subject to their specific terms, conditions, coverage limits, limitations, and exclusions.