Church Data Security: Protecting Your Congregation from Email Scams and Data Breaches

Written By Jason Silbernagel

The Problem: Scams Targeting Churches

Have you ever heard about a church falling prey to an email scam? It's a story that's becoming all too common. Imagine this: a scammer gets access to a church's data and starts sending emails as the pastor, asking congregants to buy and donate gift cards. I've seen this happen myself at a large church where I used to work. It's a serious reminder that no church is safe unless they secure their data. They also need to control access to their congregation's contact information.

The Growing Threat to Church Data Security

There's been a worrying trend of bad actors and scammers gaining access to churches in the most unsuspecting way. They do this through the church directory. These imposters pose as church staff. They go to great lengths to get emails, phone numbers, and other information from church databases. Once they're in, the situation quickly escalates from bad to worse.

Protecting Your Church’s Database: Where to Start?

So, what can you do? Let's dive into some strategies to protect your church’s database and directory. It all begins with a permissions policy for your staff. Without this policy, it's like navigating a maze blindfolded. Every time someone needs access to your Church Management System (ChMS) or data management system. A clear policy spells out who gets what permissions. It supports your database manager or the person in charge, making them the guardian of your church's digital gate.

Customizing Permission Levels

Permissions aren't one-size-fits-all. You need to tailor them. Sit down with your ministry and department leaders to figure out the necessary permissions for each role. This applies to both staff and volunteers. Think about what each role needs to do their job effectively. Once you have this policy in place, stick to it religiously.

Streamlining Permission Requests

How about the process of requesting permissions? Use a form in your ChMS or a third-party form software. Detail the apps and permissions so that your team can request exactly what they need. Add a section where they explain why they need these permissions. Another good practice is to filter all requests through a leader before submission.

For instance, if you're using Planning Center, a People Form could be your go-to for these requests. You can couple it with an automation to send them to a People Workflow. This helps your database manager track everything neatly. Whether it's CCB or another system, the goal is to make managing these requests as smooth as possible for your team.

Managing Directory Access

Then there's the question of your online directory. Who gets to see the congregants' contact details? It's vital to have tight security here too. You could set up a request process for accessing the directory, using something like a Planning Center People form. Think carefully about your questions to effectively vet those asking for access. Do they have a known relationship with your church?

Alternatively, you could handle requests via email. For instance, here's a template from Hans R. at Denver Church of Christ:

Dear [Name],

Thank you for wanting to join our church directory. We're thrilled to welcome new faces. To maintain our directory's integrity and privacy, please call us at [Church Office Phone Number]. This way, we can get to know you and explain how you can become part of our directory. Our office hours are [mention office hours]. We're here to help and can't wait to chat with you.

Blessings,
[Your Name]
[Your Position]
[Church Name]

If your church is on the larger side, handling these requests through email might be overwhelming. In that case, a form could be a more manageable option. Whatever method you choose, the key is to have a solid system in place.

Conclusion: Protecting Your Congregants’ Information is Crucial

In today’s world, securing your church's data isn't just advisable; it's essential. Even if you don't use a directory, think about how to safeguard your data and who has access to it. Limit high-level permissions to those who truly need them. Set up your permission policy and, if available, use two-factor authentication for your ChMS users. It's about making your church a safe haven, not just in the physical world, but in the digital one too.

Have you dealt with security issues at your church or have you had a similar incident? If so, how did you handle the situation? Leave a comment below and let us know. We would love to hear your thoughts about other steps a church can take to improve data security.

Jason Silbernagel
Previous

Improve Your Church’s Attendance: Mastering the 'Plan Your Visit' Framework.
Next

Using Wix Studio? Here’s how to embed a Planning Center Form.