Please don’t think that it won’t happen to you. Figures show that the risk of cyber fraud is increasing exponentially and that no one can truly be safe from an attack, not even a small ‘middle-of-nowhere’ Church. In fact, a 2012 study by Symantec found that 40% of data-breaches are directed towards smaller businesses as they don’t have the knowledge and resources to put in place proper cyber security. Any organisation that has a computer network or digitally handles personal or confidential information is at risk of a cyber-breach. Your Church members could be scammed simply through access to your Church member address book or newsletter list!

Having access to Church members information means that your Church has a responsibility to keep it secure. A cyber threat is anyone with malicious intent seeking a way to access information that your organisation holds digitally. Examples include hacking, malware and viruses, staff error, system glitches and theft. But the threat can extend to situations such as lost laptops and thumb-drives, mishandled files, unintentional security breaches or illegal behavior by employees.

Many Adventist Churches have a website or use Facebook, pay and receive money electronically, and have databases with Church members details stored in them. It is no longer good enough to just rely on anti-virus software to protect your digital information as there are many alternate ways that a cyber-thief can gain access. For example, someone leaves their laptop in a taxi, a Church member leaves a door unlocked to the building or a Wi-Fi connection does not require a password to connect.

The risk of cybercrime has been increasing greatly with the development and expansion of available digital technology. There has been much media attention surrounding the issue recently, as the frequency of attacks escalates and a general lack of knowledge about how to protect information means that those with malicious intent find it easier to access information. There are many ways in which cybercrime can be committed so our response should take each avenue into consideration.

To protect your organisation or Church from cyber risks we recommend you undertake the following measures:

• Ensure that your computer is running anti-virus software with regular scans conducted
• Set usernames and passwords on all computers, making sure that all passwords are changed often (including the wireless password)
• Use two separate wireless networks, one for Church congregation access and one hidden network dedicated to Church business
• Limit access to Church web pages so that only a small amount of key people can edit and update websites
• Apply network restrictions appropriate for each person’s level of leadership
• Regularly back up all computer data to an external hard drive stored offsite in a secure location
• Dictate a technology ‘Gatekeeper’ – someone to be responsible for update of anti-virus software and virus scanning, to stay current with virus risks, monitor the use of copyright material, and ensure consent is given for any individuals’ photos used in Church materials.

The Australian Government have developed a small business self-assessment questionnaire that contains information that can be relevant to Churches both in Australian and overseas. Once you answer questions relating to your computer systems, you will find recommendations as to how you can improve your cyber security.

Our insurance brokers Marsh, have a Cyber Risk Self-Assessment Tool for those in Australia and New Zealand, which can help you evaluate the consequences of a cyber-event on your Church. Adventist Risk Management also have two informative videos available to view which talk about the nature of cyber threats and local church cyber risks with practical steps to protect yourself.

We cannot understate the importance of taking steps to prevent cyber breaches. But sometimes, even with the best protection available, incidents still happen – and when they happen they can cost a lot of money and a lot of time. And you cannot rely on your normal property, business interruption or general liability insurances to pick up the cost, as cyber events are usually excluded under these covers. It is no wonder that special Cyber insurance is becoming an important financial protection for many organisations. Cyber insurance can be tailored to an organisation’s specific needs including cover for notification costs, business interruption, crisis expenses and third party liability.