Heal Your Church WebSite

Teaching, rebuking, correcting & training in righteous web design.

Vulnerability, Threats and Countermeasures

As promised, I want to discuss computer security. Churches are diverse places filled with diverse faces. And if you live here in Montgomery County Maryland as I do, these faces come and go as Government contracts and military duties dictate. Even now, though my church, which is enjoying good attendance, healthy finances and is currently split-free, we still have plans to redo its photo album after only four years because of the transient nature of our area.

This includes members of our church staff and a number of laypersons who in their service to Redland Baptist, have been rightfully entrusted with sensitive information at various levels of operation. There are those who do our accounting who know who’s contributed what. There are those involved with counseling who are privy to some rather terrible personal situations. There are those who make decisions on whom to ask to teach a Sunday school class, and whom not to ask back.

In all those cases, information is kept secret and confidential not because they are involved in some conspiracy, but because it is better for the Body as a whole. If this weren’t the case, then the rules for resolving conflict defined in Matthew 18 mean nothing.

Think about it, let’s say a disgruntled former member posted on a web site an audio file of a counseling session in which the daughter of a family who contributes $100,000 each year makes a claim that asserts that her Sunday school teacher is making advances. Can you imagine how quickly the church would divide?

That said, we also need to make sure that those who are rightfully entrusted with various duties can access sensitive information when it is needed – or as the saying goes in my world – made readily available on a need to know basis to those authorized to do so.

Add to this the dynamic of human nature. We are curious people, and we sometimes like to see what goes on behind the scenes. We are a postmodern society, in which so many walk about with a sense of entitlement – including Christians. We are a self-centric society, in which honor, duty and loyalty are sacrificed daily on the altar of situation ethics.

Now add to this mix the ability of computers to collect huge amounts of data in automating dreary, repetitive and/or difficult tasks. Huge repositories of data that are vulnerable to the threat of disaster or attack. Hence, countermeasures are required.

Ironically, many of the countermeasures required for computer security in your church have little or nothing to do with complex operating systems and expensive software.

For example, are the church computers physically secure? When a staff or layperson leaves, are their keys collected? Are locks changed? How about the backup media, you are backing up your church’s data aren’t you? Do you have contingencies in case of a natural disaster? Are the distribution CDs for expensive software in a place that is dry, safe and locked?
Passwords and printouts. The rolodex is no place for passwords. Nor is a small piece of paper taped to the bottom of the keyboard. Do you have shredder for those sensitive documents? Does your communications equipment emanate sensitive information? For example, cell phones are easily picked-up by radio scanners.

Let me tell you from several instances of first hand experience. One of the biggest threats to any system are former employees and volunteers. Some come back merely out of a sense of nostalgia, others, because they can’t let go of the past. In either case, both are capable of causing you and your church untold grief.

On the other end, do you get all huffy and get all bent out of shape because a former employer asks for your key-code card, id badge and keys back? So why do some of us get offended when after designing a church website, they add or change passwords? But I digress.

There are the obvious hardware and software countermeasures. I already mentioned data backups. I cannot stress their importance. But do you have a plan for restoring the data? Have you tried this plan? Do you have a backup person in case you’re not around? Is the backup on site or off-site?

As you can see, we’re just looking at the tip of the iceberg. I think in the following weeks, we need to seriously discuss security with regards to our church computer system, and of course our church web sites. But today, I just want you to start thinking about such if you haven’t already. And if have, I’d appreciate your comments on what you’re doing (w/out giving away senstive information !-).

I realize this is a lot, so let me sum up how we can successfully secure our church web sites with two simple adages that states:

  • Locks on doors keep honest men honest.
  • Good fences make for good neighbors.

More specifics on how to get this done next week — now go back up your data.

Comments are closed.