Skip Navigation

Online security for churches

By Gavin Richardson

Churches produce and store large amounts of information. What happens when computers crash, viruses attack and hackers hack? Are you ready to stop these problems when they threaten or to repair a broken system?

Ian Beyer of Nerd Herd, Inc., a consulting and services group that works with churches and nonprofits, identifies security measures every church should have in place.

Backup data. Beyer asks, “If the church burns down, which happens more often than we’d like to think, what happens to your data?” In many cases, both the data and backups are housed only within the church premises. These solutions can provide more secure data backup.

  • CrashPlan Pro backs up data in the cloud. At a cost of about $10 per computer, it is an affordable solution for churches working off one local server.
  • DropBox is a great solution for smaller churches with less data. DropBox offers two gigabytes of free storage and boosts your free storage when you refer new users. Larger pro accounts cost $10 per month.
  • Check out “Avoid computer nightmares with free and paid backup solutions” for more options.

Secure your network. “Too many churches have consumer-grade network firewalls and devices that are easily compromised.” says Beyer. This is like leaving your congregation’s personal data lying on the counter at the welcome center. If you use a home router setup, know there are many quick ways for a hacker to gain access to your data. Secure your wireless networks with a password. Do not leave them open to the public.

Practice good password security. Never write passwords on paper and stick them to computer monitors or desks. Beyer recalls being at a client church and seeing a staff member’s good, secure and easy-to-remember password attached to the monitor. “It was a shame they didn’t keep it private,” he says. Coach your staff and volunteers who use the church network on the importance of protecting the information entrusted to the church. Protect the most sensitive information with network equipment that recognizes its value. 

Consider using password managers such as LastPass (free) or 1Password (paid) to help generate strong passwords and allow you to use one master password to access the application and your saved sites.

Protect against viruses and malware. Find anti-virus software that fits your church’s needs. Update it regularly so it is always looking for the latest viruses and malware. To further your church security, coach your staff on how suspicious emails and files may look so they do not download them onto your network. Remember, if someone sends you a downloadable file you did not request, it may contain a virus.

Bookmark virustotalThis free service analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans and all kinds of malware.

Keep the website offsite. Your church website is an open door to people who are searching for your church and wanting to know more — and to hackers. Place your website on its own server. Then, when the website is down, it is the only thing down. If you use an open-sourced content-management system such as WordPress for your website, be vigilant about keeping it updated.

Use reputable/premium plugins and themes for your website. Free web offerings often have security holes that make them susceptible to attack. If you offer online giving or accept payments through your website, a best practice is to use a third party to ensure information security. Many United Methodist churches use Vanco Services, a third-party solution, for online giving. If you accept payments, you can use WufooEventbrite or PayPal for a reasonable cost.

Have a strategy. Few United Methodist churches can hire a paid IT staffer. Most rely on the time and talents of members who work in the IT or network industries. Problems can arise when well-meaning volunteers address or fix one issue without fully considering the church’s overall needs. For example, you might have a backup solution on the main office computer, but not on the computer in the child-care center. In another case, someone puts a robust backup solution in place for the church, and then moves without leaving any documentation. The result: No one knows the process for bringing the church back online when a system must be upgraded or restored from a backup. To prevent these problems, develop a strategy and protocol for dealing with worst-case scenarios. Your strategy should identify:

  • the tools you use
  • the items they cover
  • who is responsible for ensuring updates and proper backups happen
  • a schedule for performing a regular practice restore
  • protocol for recovering data on one or all of the church’s computers

If you hire outside contractors to manage your technology, make sure they are reputable and competent. It is very easy for a dishonest individual to steal data or resources or accidentally cause damage, hoping no one in the office notices because they do not understand the technology.

If you already have suitable data backup and network firewalls, revisit your security plans. Practice a system restore. Nothing is more frustrating than trying to restore a system when you absolutely must have it and discovering the process is more complicated than you imagined or that backups are unusable.

“Saving $100 here or there for your information protection has a real potential of coming back to cost the church 10 times as much if something goes wrong,” Beyer says. “Make sure that you have equipment that is suitable for the job and the security is well thought out. That will give parishioners and staff peace of mind and save the church time in getting back up-to-speed should an unfortunate incident happen.”