510 likes | 715 Views
Security and Cyber Security. Not a matter of if , but when??. Poll of 4,000 Churches … 75 Percent – No Safety measures in place 22 Percent –“ Church Safety is not necessary” - 2009 OneNewsNow.Com poll. Are we prepared?.
E N D
Security and Cyber Security Not a matter of if , but when??
Poll of 4,000 Churches…75 Percent – No Safety measures in place22 Percent –“Church Safety is not necessary”- 2009 OneNewsNow.Com poll
Are we prepared? • “The U.S. State Department has placed faith-based organizations in the worlds top five “at-risk” sectors and notes that places of worship are “behind the curve”, compared to the secular world , in terms of safety and emergency preparedness.” - Secretary of State Condoleezza Rice 2009 State Department briefing
Most Common Safety Concerns for Churches… • Children 54% • Property/Facilities 47% • Dangerous/Disruptive Individuals 15% • General Safety/Security 11% • Emergency Preparedness 10% • Security During Services 8% • Medical Incidents 6% • Wheelchair Access 2% -The Barna Group, 2009
Church Security Should you implement a Security Team? • Should you consider beginning a church security ministry or updating the procedures you now have in place? • What your church doesn’t know or chooses to ignore can cause serious liability for your church? • Foreseeability? Knew about it , didn’t do anything about it!
Evaluate…. • Investigation of the feasibility of implementing a church security team. Liability of Starting a Team verses Liability of Doing Nothing!
Evaluate…. • Due Diligence In civil litigation, also known as due care, is the effort made by an ordinary prudent or reasonable party to avoid harm to another party. Failure to make this effort may be considered negligence.
Church Security Steps • Evaluation of the current situation • Proposing a Safety/Security Team to the church board-”Ushers Plus Program” • Selecting Security Team members • Training the team • Implementation of the Team
Security Problems for Today's Churches • Diverse organizations • Not security conscious • Image conscious • Not for profit – $$ money is a problem • Not viewed by Law Enforcement the same way as schools, malls. etc.
Safety of the Church Family • Potential Events • Medical Problems • Parental Custody • Theft • Sexual Harassment/Imposition • Unruly/Unstable People • Violent person • Lost/Missing Children • Active Shooter • Terrorist Event
Risk Assessment Questions? • Does your church take a high profile view on controversial issues such as abortion? • Are you located in an area with religious issues? • Does the pastoral staff console hurting marriages and families? • Are you in a higher crime area? • Many functions end after dark? • Do you have large cash offerings? • Do you have families with child custody issues?
Team Planning • Develop a plan • Write Job Descriptions • Obtain Board Approval • Select Team Members • Acquire needed equipment • Train and role play • Meet with Police an Fire Start
D.L.R.s • Train your team to spot and recognize D.L.R.’S. “ Doesn’t Look Right “
Insurance • Violent Incident Response Coverage! • Protect your people and property! We prayed to our God …and posted a Guard. Nehemiah 4:9
Cyber Liability and Security • “He causes His sun to rise on the evil and the good, and sends rain on the righteous and the unrighteous.” Jesus- Matthew 5:45
Cyber Claim Scenarios • Church or School Computers are Hacked • Church or School Computers Transmits a virus to an outside supplier • Church is sued for invasion of privacy for a picture of their child on Facebook
Why do we need Cyber Security? • Church data security is often overlooked, but is at risk due to the complexity of computer hackers, phishers, and spammers. Securing your physical structure, but overlooking data security is a risk your church cannot afford. Whether your church is using Twitter or Facebook, your church needs protection. Just as in the physical world, the cyber world has dangers too. • Are your pastor and staff safe from threats from the cyber world?
Why do we need Cyber Security? • Like physical security, cyber security is no less a liability to have a plan for. Failing to have this plan can and will affect you in many ways. From cyber terrorism (this includes child hunting by pedophiles), to spamming and denial of service, the threat is real and your church needs to make sure that you have a plan in place and someone willing to step up and take on the responsibility of protecting the church’s cyber space.
Common sense moves for Cyber Security…What do I do to prevent being attacked? • For many nonprofits the need to secure the computer systems they use presents both a conceptual barrier as well as a technical one. Groups think they may need an expensive specialist and often feel that "it can't happen to them”.
Common sense moves for Cyber Security…What do I do to prevent being attacked? • Most steps that organizations need to take in order to protect their online assets do not require a lot of technical skill. What is needed is management attention, persistence, and attention to detail. Here's a list of some of the more common sense moves even a small group can make that have good payoffs in terms of protecting digital assets. • A lot of these actions can be taken relatively quickly and without special expertise.
Cyber Security Steps! • Location: Do not put key organizational information, including personnel, financial, and client or member records, on the same computer system or website. Have a contractor host the website separately so that the public face of the organization on the Internet isn't a doorway to that organization’s internal operations. • Passwords: Don't use proper names, place names, or birthday dates for passwords. Use strong passwords that combine upper and lower case, numbers, and special characters. Do not allow staff to use the same password for all systems. Do not store passwords online. • Protection: Use a firewall and virus checker for all computers. Set them to automatically update and budget to renew subscriptions for security software. You cannot allow it to get out of date.
Cyber Security Steps! • Permission: Define who is authorized to access what data. For instance, how many employees need access beyond email, calendar, and timecards in addition to personal productivity software like word processing and spreadsheets? Keep a list of who has access to sensitive information such as payroll, taxes, personnel, and other information that needs to remain private. • Back Up: Hire a service to backup software and data on a daily basis and store it in encrypted form offsite. This can be done over the Internet with a subscription service for desktops and laptops, and with a commercial service for larger systems like finance, personnel, membership, etc.
Cyber Security Steps! • Travel:Do not allow sensitive electronic information to leave the premises on laptops or USB sticks. • WiFi:Have two networks at your facility. The first is open, and unsecure, for visitors. The second is secure and only for use by employees, contractors, consultants, etc. Make sure the security features of the WiFi equipment are fully implemented and get help if you need it. Do not use the public WiFi for the organization's business operations. • Social Media:Your group has a Facebook page, do not wander away from managing it to play with links, even from "friends," that pique your curiosity but have nothing to do with the business of running the site.Don't click on links in Twitter messages sent to you from people you do not know. Educate your employees how to recognize online scams that seek to get someone to send them login information.
Cyber Security Steps! • Get Physical:Employ a reputable security firm to install intrusion, fire, and water alarms connected to a monitoring center. Physical theft of computers is also a threat. Water or fire damage can destroy your organizations ability to conduct business which is why you need backups. • Insurance:Cyber risks are not covered by standard liability, property, or casualty insurance. You can buy coverage that deals with privacy violations, business interruption, and other forms of cyber threats. Make sure you are covered.
Cyber Liability Insurance • 10 to 15 years ago it was unheard of for a church to have Employment Practices Liability! • Cyber Liability is what EPL was 10 to 15 years ago!
Cyber Liability and Security • Traditional Commercial General Liability is designed to protect assets- premises and operations. (Bricks and Mortar) • Commercial General Liability Insurance has limitations and exclusions that apply as our premises now has becomes the internet with websites , Facebook and Twitter or other online activity.
Does your church have? • Social Media Policies • Internet Usage Policies • E-Mail Usage Policies • Privacy Policies • Incident Response Policies
Resources • CPPS- Center for Personal Protection and security Cpps.com • Church Security Alliance • Carl Chinn.com • Department of Homeland Security • Secure Community Network • Safechurch.com