Risk Bites Issue 8: Keeping Cyber Safe
Many organisations and individuals have become victims of cyberattacks such as computer viruses, scams and other security breaches which have cost them their data, systems and significant amounts of money. Cyberattacks are an increasing trend, but there are simple steps we can take to prevent or minimise their damage.
Why is Cyber Security essential?
The growth in cyber-based threats is increasing and is fast becoming a critical risk for Churches, Charities and Not-For-Profits to be aware of. The Church, without a doubt, relies on email, online banking, social media platforms, applications, and other software programs to manage the day to day operations of ministry. It is more necessary than ever to put cyber risks under the spotlight, be aware of the dangers and take measures to keep the Church's data and finances safe.
What is a Cyberattack?
It is a malicious criminal activity carried out using a computer and/or the internet, intending to gain unauthorised access to, or procure digital information – primarily of a personal or financial nature.
What are the common forms of Cyberthreat?
- 'Malware' is malicious software installed without our knowledge. Malware attacks start when a user clicks on a link in a 'phishing' (scam) email or visits an infected website. Ransomware is a type of malware attack that cybercriminals use to encrypt data and demand money to unlock it or threaten to leak data unless a ransom is paid.
- Phishing emails are fraudulent emails that contain links or an attachment that, if clicked on by the recipient, allow hackers to infect systems with malware or steal data. These emails can take the form of alerts about package shipments or credit card fraud. Some even look like communication from legitimate sources.
- Technical vulnerabilities can exist in all software, including operating systems and applications. These technical vulnerabilities are essentially holes in software code that allow cybercriminals to gain unauthorised access to a system.
Some common attacks that have affected Churches worldwide are:
- Funds transfer from bank accounts
- Church's websites being hacked and compromised with politically charged images
- A ransomware attack that denies access to files
- Email accounts hacked and the hackers publicly release sensitive information
- Church Staff and Congregants identities stolen after a church database is breached.
What can we do about it?
There are some simple strategies we can all do, which can make a big difference to our level of vulnerability.
- Keeping your technology up-to-date. Start by making an inventory of all systems used. This should include computers (desktop and laptop), servers if maintained, mobile devices, routers, and peripherals.
Consider the recommended actions below:
- Install and update anti-virus software. Schedule regular scans on your computer to detect and remove viruses.
- Run automatic updates for all your software. Old versions of software, browsers, and operating systems often have security issues that are repaired in the updated versions. Always make sure updates are legitimate—only install those that come directly from the vendor.
- Purchase software only from trustworthy suppliers, like the Microsoft Windows Store or Apple's App Store
- Backup your critical data on an external hard drive or in the Cloud.
You may need professional help to:
- Properly configure a firewall to monitor incoming and outgoing network traffic. A firewall acts to keep threats away from computers, sitting between a computer and the internet to determine which traffic is and is not allowed through.
- Internet routers come with a default password. Most router passwords are well-known and easy to access and are therefore designed to be changed. If the password isn't changed, an attacker or a curious individual who comes within the signal range of an unsecured router can log in to it. Once inside, they can change the password to whatever they choose, locking you out of the router and effectively hijacking the network.
- Place restrictions on WiFi. If WiFi is offered to congregation members and visitors, segregate its access according to different groups. Guest WiFi should only provide internet access and restrict access to technology like other computers and printers.
Some Helpful links
Visit https://beconnected.esafety.gov.au/topic-library to access a free online course that teaches the basics of computers and internet.
Find out more about protecting your online security at Stay Smart Online
Cyber Security Governance Toolkit from Australian Charity and Not for Profit Commission
The Little Black Book of Scams by Australian Competition & Consumer Commission contains the Scammers' Black List to help identify and avoid the ten most common methods scammers use.