Loading...
Loading...
Click here if you don’t see subscription options
(iStock/Illustration: America Media)

(OSV News)—Cybersecurity at Catholic parishes is less robust than it could be, but several free and low-cost resources—along with a healthy dose of common sense—can bolster technology defenses, experts told OSV News.

“When it comes to cybersecurity, there are both the technology and the human dimensions of the challenge—both of which are in need of improvement at a typical parish,” said Matthew Warner, founder of the Flocknote church communications platform.

In fact, said Warner, parishes “often don’t really even know the risks they are already taking.”

Churches and other nonprofits, like most organizations, are susceptible to cyberattacks, particularly the business email compromise (BEC), described by the FBI as “one of the most financially damaging online crimes.”

Churches and other nonprofits, like most organizations, are susceptible to cyberattacks, particularly the business email compromise (BEC), described by the FBI as “one of the most financially damaging online crimes.”

In the BEC, scammers pose as legitimate persons, such as a pastor or a parish vendor, and send emails requesting the recipient to perform a financial transaction—typically, purchasing gift cards or arranging wire transfers—while rerouting the funds to their accounts.

The FBI’s Internet Crime Complaint Center received BEC loss claims totaling more than $2.4 billion in 2021. The BEC threat has recently expanded to include text messages, according to research by cybersecurity firm Agari (now part of Fortra).

Other kinds of cyberattacks, such as phishing, trick victims into divulging sensitive information (passwords, credit card numbers and other account credentials) or downloading malicious code onto a device. Scammers rely on “spoofing” to make minute changes to the email addresses, sender names, phone numbers and website addresses they use to deceive victims.

Such schemes succeed primarily by exploiting basic human reactions, said Erich Kron, a security awareness advocate for the cybersecurity awareness training firm KnowBe4.

“One of the key things I try to help people understand is that these attacks—whether through text, voicemail, phone call or email—always rely on emotions,” Kron told OSV News. “(Scammers) want to get people in an emotional state where they miss things that should otherwise be obvious. There is a psychology behind this stuff that makes these tactics really, really effective.”

“One of the key things I try to help people understand is that these attacks—whether through text, voicemail, phone call or email—always rely on emotions.”

That tactic, known as social engineering, “knows no boundaries,” said Theresa Payton, CEO and chief adviser of the cybersecurity firm Fortalice.

Cyber criminals “conduct campaigns that hit all age groups,” said Payton, a cybersecurity author and speaker who under President George W. Bush was the White House’s first female chief information officer.

Those working in faith-based and service entities can be particularly susceptible, since “they’re good people with good hearts, who really want to help out,” said Koch. “Attackers know and take advantage of that.”

Lack of full-time IT staff also leaves parishes vulnerable, as does the patchwork approach to devices and software most parishes tend to rely on, said Warner.

“Unfortunately, it’s common to find every ministry at a parish each using their own separate, one-off tools to operate,” he said. “Not only is the pastor often unaware of all the various tools each ministry leader may be using—from Excel spreadsheets on their own private computers, to Venmo or other individual payment apps, to various social media accounts, personal and official, to event registration tools, in addition to whatever software the diocese or parish may require.”

As a result, many parishes end up “not in compliance” with safe environment, security and diocesan policies, Warner said.

Many parishes end up “not in compliance” with safe environment, security and diocesan policies, Matthew Warner of Flocknote said.

Even the protocols themselves can unintentionally hinder parishes, he added.

“The policies have been put in place for various reasons, but they have not at the same time empowered parishes to be able to comply with them, without severely restricting the important work of the parish,” Warner said. “So it leaves ministry leaders stuck finding unofficial workarounds just to do their jobs effectively, but that also may be opening up the parish and diocese to additional risk.”

Yet amid such hurdles, parishes need not despair of cybersecurity protection, said experts.

“For starters, think about tapping into the local resources you have at your FBI field office,” said Payton. “The FBI will actually offer free cybersecurity briefings to teach your parish staff and volunteers.”

The Federal Trade Commission provides guidance through its OnGuard Online initiative, and free training also is available through Curricula.com, she said.

“Keep your systems patched as much as possible, and don’t reuse passwords,” said Koch, who also recommended implementing multifactor authentication, which requires several credentials to access an account.

Warner urged parishes to “use up to date modern software tools,” particularly cloud-based solutions, which are “far more likely to be secure from modern cybersecurity threats.”

User adoption is key, Warner added.

“Make sure whatever software you use is really great at solving practical ministry problems first, and that ministry leaders love using them. Otherwise, it won’t matter what other security threats it addresses, because it won’t actually get used in real life anyway,” he said. “Teach your leaders and volunteers some basic cybersecurity practices.”

When scammers pressure, rely on your instincts, said Koch.

“Take a deep breath and step back,” he said. “Look at the situation critically, and ask yourself, ‘Does this really make sense?’”

The latest from america

Delegates hold "Mass deportation now!" signs on Day 3 of the Republican National Convention at the Fiserv Forum in Milwaukee July 17, 2024. (OSV News photo/Brian Snyder, Reuters)
Around the affluent world, new hostility, resentment and anxiety has been directed at immigrant populations that are emerging as preferred scapegoats for all manner of political and socio-economic shortcomings.
Kevin ClarkeNovember 21, 2024
“Each day is becoming more difficult, but we do not surrender,” Father Igor Boyko, 48, the rector of the Greek Catholic seminary in Lviv, told Gerard O’Connell. “To surrender means we are finished.”
Gerard O’ConnellNovember 21, 2024
Many have questioned how so many Latinos could support a candidate like DonaldTrump, who promised restrictive immigration policies. “And the answer is that, of course, Latinos are complicated people.”
J.D. Long GarcíaNovember 21, 2024
Vice President Kamala Harris delivers her concession speech for the 2024 presidential election on Nov. 6, 2024, on the campus of Howard University in Washington. (AP Photo/Stephanie Scarbrough)
Catholic voters were a crucial part of Donald J. Trump’s re-election as president. But did misogyny and a resistance to women in power cause Catholic voters to disregard the common good?
Kathleen BonnetteNovember 21, 2024