You've heard plenty of cybersecurity horror stories: data breaches, identity theft, scammers stealing thousands of dollars. It seems so distant, as if it only affects Fortune 500 companies and large organizations. However, online predators don't discriminate. Cybersecurity is a serious issue for everyone. Is your Catholic parish, diocese, or school prepared and protected?
Online security isn't just anti-virus software.
First, it's important to recognize that cybersecurity is more than having anti-virus software installed on your computer. Today, a host of malicious actors can wreak havoc on your digital life. And while having robust anti-virus software is important, there are many ways an attacker can gain access to your data and machines.
Here are some simple cybersecurity tips you can use to safeguard yourself and your Catholic organization.
Phishing is a cyber attack in which you receive a message that, on first glance, appears to be from a reputable person or company. The attacker tries to induce you to reveal some sort of personal information (such as a password or social security number). Whether through email, pop-up, or text messaging, a phishing attacker typically poses as someone you (the recipient) may know, do business with, or feel compelled to help.
Phishing messages often contain a malicious link that, if clicked, can release malware, upload a virus, or give an attacker access to roam a secure network (as well as any device connected to it). In an instant, the attacker can gain access to sensitive information that could potentially result in serious damage.
It doesn’t just end there. Some messages (and even phone calls) are targeted to a business community of people where the information appears to come from an HR department, president, pastor, or even an insurance provider. And instead of a link, the requests will sometimes ask for specific favors such as sending money or replying with login credentials. The trickery seems endless.
Although phishing is fairly prevalent, here are two ways you can help reduce the likelihood of a phishing attack:
Don't let scammers find your email address. There are a few strategies you can use to make it much more difficult for scammers to find (and abuse) your email address. (This includes addresses linked in pdf documents and within your website's pages.) When using an eCatholic-powered website, there are two ways to share email addresses more safely:
First, use the People module to list staff contact details. Even though email addresses appear on screen, the module has a built-in barrier that veils addresses so they cannot be snatched by spam-bots that scan and pull them from websites.
In addition, you can circumvent email entirely and create online contact forms via the Forms module. Build the form so that visitors can use a drop-down menu to select the name of a person, department or ministry to whom they'd like to send a message.
Catholic organizations also utilize laptop and mobile devices remotely and in the office. Whether an employee is working from another location on campus, at a coffee shop, or an industry conference, digital environments should always be secure.
The use of complex passwords (random sequences of symbols and characters) or passphrases (a set of words using symbols and characters) are both excellent habits. It’s especially good to avoid using the same password for multiple accounts, and that’s where password management tools (e.g., LastPass) can come in handy. Password management tools help to create and maintain secure passwords for all your various accounts. The services also work on mobile devices.
Two-factor authentication goes a step further by requiring a second authentication mechanism before access is granted. Sometimes a system will require a password and then send a security code through email or text messaging. Other processes utilize security keys. In all instances, a person must have access to another account or device in order to complete login requirements. This stops a hacker who succeeded at only stealing a username and password.
Know what measures are necessary for your organization if a machine, account, or network is hacked or compromised. Consider what could happen and how to regain a secure environment. Start by discussing these and other topics with your staff as well as an IT or cybersecurity consultant:
Read more: See three easy tips for securing your website.
Online and network security can be very complex, so consider having a discussion with your IT team or a cybersecurity expert. The practices mentioned above are commonly used, but a cybersecurity professional can help determine the exact needs at your organization.