Dear Church Leader (or other leaders)
This blog post is for you. As a pastor and security professional, I recently received an alarming amount of reports regarding someone impersonating me and sending out phishing emails to my congregation and other members in the community, asking them to purchase gift cards.
Just because I’m also in Cybersecurity, doesn’t mean I’m not above being susceptible of being compromised. Heck Troy Hunt who is a highly regarded professional in cybersecurity recently wrote about how he recently fell for a phishing email (Read Troy’s blog article A Sneaky Phish Just Grabbed my Mailchimp Mailing List) I have safeguards and alerting in place, so I am fairly confident that I’m not in any sort of compromise. (but isn’t that what all compromised people say?)
I have seen this email address circulating in my congregation a few months ago, so I believe this attacker got ahold someone’s account who has all these contacts, including mine, that was compromised and now their contact, context, and the structure of the church is exposed. As they had discovers that I and the other pastor that was impersonated a few months back, have influence on people. We ask people to do stuff, and imagine that, they do it. This is a common phishing email tactic, because the attacker is abusing the trust that is in place.
This incident serves as a stark reminder of the importance of cybersecurity for church leaders (including myself), business leaders, and really anyone. In today’s digital age, we must be vigilant and proactive in protecting the resources God has entrusted to us. I have my member’s information, names, contacts, and some instances of sensitive information. I’m also a admin of many systems for my church. This is information that these people of my church has entrusted me with.
The Importance of Cybersecurity
Cybersecurity is not just a technical issue; it is a matter of stewardship. As leaders, we are called to be good stewards of the resources and people under our care. This includes safeguarding sensitive information and ensuring that our congregation and business are protected from malicious attacks. Phishing scams, like the one my congregation experienced, can lead to financial loss, identity theft, and a breach of trust. It is our responsibility to take proactive measures to prevent such incidents.
Practical Steps to Enhance Security
- Educate Your Community: One of the most effective ways to prevent phishing attacks is through education. Inform your congregation and employees about the dangers of phishing and how to recognize suspicious emails. Encourage them to verify the authenticity of any request for personal information or financial transactions.
- Implement Strong Authentication: Use multi-factor authentication (MFA) for all accounts, especially those with access to sensitive information. MFA adds an extra layer of security by requiring users to provide two or more verification factors.
- Regularly Update Software: Ensure that all software, including antivirus programs and operating systems, are regularly updated. Updates often include security patches that protect against known vulnerabilities.
- Monitor and Respond to Threats: Establish a system for monitoring and responding to potential security threats. This can include setting up alerts for suspicious activity and having a response plan in place for dealing with breaches.
- Secure Communication Channels: Use encrypted communication channels for sensitive information. This ensures that data transmitted between parties is secure and cannot be intercepted by malicious actors.
- Conduct Regular Security Audits: Regularly review and audit your security practices to identify and address any weaknesses. This can include assessing your network security, reviewing access controls, and testing your incident response plan.
- Relation and Trust: Build that relationship and trust with the people under your leadership. If there is trust, there may be a good chance your members will feel comfortable with questioning a suspicious request made by you. If that is there, if they feel like they will be in trouble if they question you, they may blindly comply to an attackers demands out of fear of getting in trouble. Lead with truth and love as a servant leader.
A Call to Action
As church leaders and business leaders, we have a responsibility to protect the resources and people God has entrusted to us. By taking proactive steps to enhance our cybersecurity, we can prevent malicious attacks and ensure that our congregation, business and loved ones remain safe. Let us be vigilant, informed, and committed to being good stewards of God’s resources.
I hope this blog post helps address the issue and provides valuable insights on how to enhance security. My heart is to help you be that good steward of the resources that God has entrusted you with. Your employees, staff, congregation, volunteers and family have entrusted you with with this. If you have any further questions or need additional information, feel free to reach out.
May God Bless
– John Johnson
Shepherd Security
shepherdsecurity.net 
Leave a comment