Cybersecurity for Churches and Small Businesses

Two Easy and Important Techniques to Protect Your Church or Business 
Written by Nick Wallace, Ridge AV
 
Cyber security is not the most glamorous of topics. It’s not as exciting as a new audio mixer, and it certainly doesn’t draw the same passionate opinions as whether to remodel the youth center. I get it, I really do. It can be hard to care about a new software or update when – on the user side – they all do the same thing with a different layout. But just like balancing your books or restocking the coffee bar, even though it’s not exciting doesn’t make it unimportant. 

First, we need to correct a critical misunderstanding. Chances are most people don’t really pay much attention to cyber security because they (correctly) assume that your church or business is too small to really attract the attention of a hacker. This may be the case, but your small business probably uses Amazon. Or Quickbooks. Or Facebook. Or any number of megalithic corporations who provide service – and store sensitive information – for millions of small companies just like you. This information could range from an email list to credit card numbers. The hackers don’t target you. They target a major provider. If they get access, they’ll steal anything they can get their hands on. And if you happen to get caught up in that data, it could be costly. If you need any convincing on how common this is, just check out Wikipedia’s ever-growing list of data breaches. And remember that list only includes data breaches with 30,000 or more records. 

So, what can you do to protect your information when things like this are largely out of your control? There are two easy, important techniques: multi-factor authentication and strong passwords. 

Multi-factor authentication (sometimes called two-factor authentication, 2FA, or MFA) is when you need an extra step to log in. Imagine you go to Facebook, you enter your username and password, then it takes you to a second screen requiring a code that was either texted to you or generated by an app. This is MFA, and according to Microsoft it stops up to 99.9% of unauthorized account access. The feature is effective, free, and only takes a few minutes to implement. The option can usually be found under your account settings, typically in the “security” tab or something similar. I recommend using an app such as AndOTP or Tofu whenever available, but SMS is better than nothing, if that’s your only option. 

For sites that have not yet jumped on the MFA bandwagon, your best defense is a strong password. But what makes something a “strong password?” Throwing in a substitute character isn’t enough to confuse any number of free – and legal – software that many hackers utilize. If your password is a common word, or even a variation of a common word (ex: “Ch!c4g0” instead of “chicago”), this isn’t even an issue for the hacker. In addition to using characters you have to consider LENGTH. A six-character randomly generated password can be cracked in seconds. Each character you add to your password exponentially increases the amount of time it takes. There are various online calculators that demonstrate this principle. In addition to being unique for each login you use, a good password should be at least 16 characters comprised of upper and lower-case letters, numbers and special characters. 

Needless to say, remembering any number of 16-character passwords is an impossible request. The easy solution to this human limitation is a password manager. A password manager is a software that will you help you store login information, generate secure passwords, and store all that information in an encrypted database in such a way that it keeps them reasonably safe from data breaches and hackers. Then the only password you have to remember is your master password to get into the password manager (try a passphrase for this purpose). To this end, I recommend Bitwarden, although LastPass and Dashlane are popular as well. All of these programs offer business plans that allow you to share select logins with specific members of your team, ensuring your team has the relevant information they need to continue to function smoothly while maintaining security. 

Sadly, poor cyber security habits are rampant in today’s world. Technology has evolved faster than our ability as a society to keep pace, so most of us are still using bad habits we developed decades ago. But the good news is that as technology has advanced, so has the ability to stay secure with very little effort. While these techniques may seem daunting at first, and while they will definitely take a little bit of conscious effort to set up initially, they’re actually incredibly simple to implement and get used to and they will move you into the top 1% of account security. This will ensure that all your sensitive information – from email addresses to card numbers to grandma’s secret recipe and more – will stay safe and secure in the hands of those you’ve entrusted to it.